Skip to main content

This blog post was published under the 2015-2024 Conservative Administration

https://technology.blog.gov.uk/2024/02/16/how-our-domains-data-sharing-beta-aims-to-reduce-domain-vulnerabilities/

How our Domains Data Sharing beta aims to reduce domain vulnerabilities

Posted by: , Posted on: - Categories: News

DNS Domain Name System Concept photography

Every organisation has vulnerabilities in its digital infrastructure, including in its Domain Name System (DNS). In the Protecting Public Sector Domains team in the Central Digital and Data Office (CDDO) we work to identify and fix those vulnerabilities before our adversaries find them. We’d also like to do that for other kinds of vulnerabilities, related to email and web services. This isn’t easy, but it’s a goal we’re working towards.

Our monitoring tools find misconfiguration and vulnerability data from a variety of services, and we’re gradually expanding our scope and capability. Once we have the data, we have found the hardest part is getting the information into the hands of the person who can fix it.

To that end we are running a Domain Data Sharing programme to send the vulnerability data we collect directly to public sector organisations via their SIEM (Security Information and Event Management) or other systems. 

SIEM on the rise, tracking is hard: what we learnt during discovery

Last year, we ran a discovery programme to look for a way to share all our vulnerability data, not just the biggest and most urgent problems. We talked to people in public sector organisations who manage and fix domain issues, or operate vulnerability management or other teams that work every day to fix these kinds of problems. We found that:

  • knowing what domains an organisation has and who controls them is  surprisingly hard
  • it can take longer to find the person who can fix the vulnerability, than it does to fix the vulnerability itself
  • lots of organisations lack a consistent approach to handling vulnerabilities - they come in different formats and from different sources, and different parts of the organisation need to fix them depending on what they are
  • some processes for managing vulnerabilities are new, or more informal, and the process can be hard to track
  • lots of people like the National Cyber Security Centre’s Active Cyber Defence (ACD) services, and that is where they expect to go to find out about misconfigurations and vulnerabilities
  • lots of people also like someone to get in touch and tell them directly when something is wrong

We also found that SIEM adoption is growing. These are systems that collect and analyse data from different sources like network devices or servers, and external feeds like ours, and use them to spot security issues. These are toolsets that can handle the volume of data we offer in a way that’s useful to our users.

Launching our Domain Data Sharing beta programme

In light of our learnings during the discovery phase, we've got a Domain Data Sharing beta programme running right now that will:

  • set up SIEM integrations, so we can get data to where it can be acted on most quickly
  • set up DNS hosting integrations, so we know what domains you have, and make sure we're monitoring everything
  • work with your organisation to map out the business processes used to handle vulnerabilities, and help you improve them if needed

We’re also working with NCSC to include our data in ACD services in the future.

Join our beta and explore your organisation’s domain vulnerabilities 

So if you have struggled with the kind of problems we found in our discovery, or you'd just like to get a free feed of domain, web, and email vulnerabilities for your public sector organisation, we’d like you to join our Domain Data Sharing beta programme. Get in touch with us at support@domains.gov.uk to sign up.

Sharing and comments

Share this page