top of page
through-technology-patter-repeat 1_edited.png

Insights

G-Cloud 14 - Predicting the future


A G-Cloud image,  with Through Technology's logo

Last month we submitted our bid for the next iteration of the G-Cloud Framework, including new services for Namespace Protection and AI Assurance and Compliance.


With a five month lead time for the Crown Commercial Service to announce places on the framework, this means our new services are a prediction of areas our customers will absolutely need to focus on in 2025.



In this blog, we discuss Namespace Protection. What it is and why we think it is a crucial and overlooked area for nearly all large organisations.


Namespace Protection

The National Cyber Security Centre (NCSC) have identified namespace-based attacks as a growing threat to UK Public Sector and Business and recommend that all organisations should now be monitoring their DNS registrations for vulnerabilities and unauthorised change.


Namespace attacks exploit vulnerabilities in Public DNS Registrations, where domains are misconfigured, left dormant, registered with vulnerable suppliers or improperly managed.


These vulnerabilities are serious, as they can make it easy for bad actors to hijack legitimate domain names (organisation.gov.uk) and redirect traffic to other sites in order to steal personal information, take systems offline, steal credentials or launch phishing attacks using genuine email addresses.


Because DNS is very old and simple to get working, most people and organisations simply do not consider it to be a security critical service or recognise the threat namespace vulnerabilities pose to their business, legal compliance and brand reputation. Similarly, most security monitoring tooling is very limited in its capability to map and analyse an organisation's digital footprint.


The Government Digital Service (GDS) were one of the first UK organisations to take this threat seriously, running a project with Through Technology back in 2020 to address namespace protection issues across the thousands of domains and organisations using the gov.uk namespace. Since then we have taken a real interest in this emerging space, partnering in 2022 with NodeZro, who are the leaders and specialists in namespace protection and monitoring technology.


DNS was invented in the naïve early days of the internet, when security was not considered to be essential. So these vulnerabilities have always existed, but the massive adoption of cloud services has lead to exponential growth in both the number of domains that organisations register. and the number of organisations skilled in attacking them. They are also publicly visible, as the vulnerabilities exist within DNS registrations on the public internet where anyone can see them, and where traditional security tooling will not detect any exploits.


With this huge sprawl, and the ease with which anyone can set up a new subdomain, the majority of large organisations we talk to understandably cannot answer some simple questions:


  • How many domains does your organisation own?

  • Do you have a single list or map of them?

  • Do you have a lifecycle management process to keep them up to date?

  • How many have security vulnerabilities, and which are most critical?

  • Which suppliers are they registered with?

  • Do those suppliers have reasonable security themselves?


Without the answers to these questions, no organisation can have confidence that their namespace... and therefore their data and brand reputation are adequately secure.

Through our partnership with NodeZro, we can help any organisation to rapidly bring this issue under control:


  • Automatically discovering, listing, mapping and analysing the extent of your digital footprint and namespace.

  • Identifying and prioritising namespace vulnerabilities, from the immediate risks of domain takeover to minor advisory improvements.

  • Automatically discovering, listing, mapping and analysing your DNS supply chain and the security of those suppliers.

  • Instilling effective lifecycle management processes and education for your organisation and

  • Enabling you to track progress over time as you address vulnerabilities, introduce good practice and reduce the risk to your organisaiton.


All presented in a simple web portal or accessible via API.


A screenshot of Namespace Command Centre showing a complex organisations DNS registrations in a simple tree-structure.
Mapping Your Namespace with NodeZro Namespace Command Centre

If you would like to explore this further please get in touch, we can arrange a demonstration of NodeZro's tooling, with live information on your namespace vulnerabilities, which I am sure you will find very valuable.


Through Technology currently offer NodeZro Namespace Command Centre through the Public Procurement Portal and plan to list it on G-Cloud 14 as a stand-alone subscription through Lot 2 Cloud Software and with Through Technology's expert Namespace Protection support under Lot 3 Cloud Support.

-------------------------------------------------------------------------------------------


A Photo of the author

Peter Hanney, CEO, Through Technology Limited


In my next blog I'll discuss our other new service and how organisations must prepare well for the emerging and diverging international legislation and regulations for AI, before building critical business systems around it.





コメント


bottom of page