Enterprises Can Learn From Government Cyber Defence

Uploaded on 2025-06-03 in TECHNOLOGY--Resilience, FREE TO VIEW

It’s easy to overlook DNS. For many security teams, if it’s resolving correctly, it’s not a problem. But that assumption is increasingly dangerous. From malware delivery and phishing infrastructure to domain spoofing and misdirection, DNS has become the control plane of choice for cybercriminals operating at an industrial scale.

The protocols that keep the internet accessible are now being used to make cyberattacks quietly scalable.

“Quietly” is the main word here - cyberattacks that abuse DNS often go unnoticed for too long because the modus operandi is often centered around masking, cloaking, and infiltration. What’s more, the boundary between individual criminal activity and state-sponsored criminality is becoming increasingly blurred, with disinformation, fraud, and ransomware often relying on the same underlying DNS abuse.

Governments have taken notice. In fact, they’re leading the way. Protective DNS (PDNS) has become a critical national security asset in countries like the UK, US, Canada, and Australia, used not just to defend public sector infrastructure, but to advise private organizations on how to detect and pre-empt cybercrime. Rather than waiting for endpoints to get infected or users to report scams, PDNS enables a population-wide defensive stance by intervening at the network layer.

Now, as threats mount and the risks extend beyond state agencies to private enterprise, the lessons are clear: the DNS layer is no longer just a network function. It’s a pillar of security.

Government Initiatives: Leveraging DNS For Cyber Defense

Protective DNS is being pitched as a novel concept, but it’s really just using something that’s always been there. The UK, for example, has pioneered the deployment of PDNS to shield central and local government entities, schools, and healthcare institutions from malicious domains. The system proactively blocks access to known threat infrastructure, helping to prevent phishing, malware distribution, and online scams before they reach end users. What makes this model so powerful is its architectural position: DNS sits “upstream” of most endpoint defences, offering a chance to disrupt threats before they fully take hold. It’s not a silver bullet, but it’s a strong filter, and in an age where 92% of malware relies on DNS to function, it’s a logical place to intervene.

The UK has emerged as a leader in this space. Its National Cyber Security Centre (NCSC) has rolled out the ‘Share and Defend’ initiative, allowing threat intelligence to be shared across public and private sectors and blocked directly at the ISP level.

Rather than simply issuing warnings, the UK government is taking an active role in threat prevention, partnering with infrastructure providers to deny malicious domains access to end users. This proactive approach was mentioned at the 2025 Global Anti-Scam Summit in London, where officials from across sectors stressed the importance of DNS-based strategies in tackling online fraud.

But perhaps the most important lesson is strategic: by curating the national DNS namespace, governments can reduce attack surface, prevent brand abuse, and close off entire classes of exploit. Enterprises would do well to pay attention.

Adopting DNS-based Defense For Enterprise

DNS is the “plumbing” that connects and routes the internet, and turning it into a defensive tool isn’t just the province of governments. After all, businesses face many of the same risks – lookalike domains, misconfigured records, dormant CNAMEs – and attackers don’t always discriminate between public and private targets. By curating their DNS namespace, organizations can eliminate low-effort entry points, reduce the likelihood of brand impersonation, and limit exposure to domain hijacking. 

Ideally, DNS visibility should be integrated into the wider security operation. Filtering and monitoring DNS traffic can provide an early signal of compromise, flagging connections to suspicious infrastructure before malware is executed or data is exfiltrated. DNS threat intelligence adds another layer, surfacing domains linked to known attack campaigns and fraud networks.

Used properly, DNS becomes both shield and sensor: blocking threats upstream while supplying the intelligence needed to detect them elsewhere.

This is also a community push; businesses that manage their DNS responsibly help prevent their domains being weaponized against others, reducing risk across the entire digital ecosystem. DNS may have been designed to connect users, but today it also offers a powerful way to protect them. 

Craig Sanderson is Principal Cyber Security Strategist at Infoblox

Image: philip oroni

You Might Also Read: 

The Importance Of Ensuring Domain Infrastructure Security:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« US Confirms Pause In Cyber Operations Against Russia
Cyber Threats Escalate Against The Finance Sector »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.

Maximus

Maximus

Maximus is a trusted service delivery partner and architect of government technology solutions, we empower communities by ensuring seamless and equitable access to government services.

Nutrient

Nutrient

Nutrient delivers the building blocks to accelerate digital transformation for modern businesses. Our solutions transform document ecosystems.