Zero Days ft. Bryon Singh, RailWorks Corporation

Zero Days ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On February 06, 2024

The documentary "Zero Days" sheds light on the complexities of cybersecurity threats, such as the Stuxnet virus, which targeted industrial systems. The film exemplifies the sophisticated nature of modern cyberthreats and underscores the necessity of robust security measures like Domain Name System (DNS) filtering. The case of Stuxnet is a testament to the fact that no enterprise is immune to cyberthreats and proactive measures are essential. The Role of DNS Filtering in Enterprises:

  • Blocking Access to Malicious Sites: DNS filtering services help enterprises by preemptively blocking access to websites known for harboring malware, phishing scams, or other malicious content. This is especially crucial given the increasing sophistication of cyberattacks.
  • Enhancing Overall Security Posture: Integrating DNS filtering into an enterprise's cybersecurity strategy enhances its overall security posture. It acts as an additional layer of defense, complementing firewalls, anti-virus software, and other security protocols.
  • Preventing Data Breaches: By restricting access to potentially dangerous domains, DNS filtering significantly reduces the risk of data breaches and information theft, which can have devastating consequences for any enterprise.
  • Regulatory Compliance: In certain industries, regulatory frameworks mandate stringent cybersecurity measures. DNS filtering can help in complying with these regulations, avoiding legal complications and fines.
  • Educational Aspect: Just as "Zero Days" educates viewers about cyberthreats, implementing DNS filtering can also have an educational aspect for employees, making them more aware of the risks associated with irresponsible internet usage.

DNS is the phonebook of the Internet. Humans access information online through domain names, like or Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. DNS filtering services are vital for blocking access to harmful domains and websites known to disseminate viruses and malware. This is particularly effective against malicious links found in phishing emails or unsafe websites visited through browsers, as these services preemptively prevent access to blacklisted sites, safeguarding the network.

Instituting DNS filtering is a vital measure for network security and efficient management due to several important reasons:

  1. Security Enhancement: DNS filtering proactively blocks access to harmful websites known for distributing malware or conducting phishing, thereby safeguarding the network from various cyberthreats and potential data breaches.
  2. Content Regulation: It enables organizations to regulate online content, preventing access to sites that are not work-appropriate or violate company policies or industry regulations, thereby ensuring a safe and compliant working environment.
  3. Increased Productivity: By restricting access to sites that distract from work, DNS filtering helps maintain employee focus and productivity.
  4. Optimized Bandwidth Usage: Limiting access to non-essential websites ensures more efficient use of network bandwidth, preserving it for critical business applications and services.
  5. Protection Against Malware and Phishing: DNS filtering is effective at countering emerging phishing and malware threats. DNS filtering stops users from connecting to dangerous sites, significantly reducing the risk associated with clicking on malicious links.
  6. Compliance Assurance: DNS filtering aids organizations in meeting various industry regulations and legal requirements by controlling accessible online content.

By deploying DNS filtering, organizations bolster their defense against cyberthreats, enforce content policies, enhance productivity, and manage network resources more effectively.

Unfortunately, the fine folks at the Center for Internet Security have not completed this policy template. Feel free to join the CIS Controls Community to see how you can help.

Here are some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 9 – Email and Web Browser Protections

Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.

Implementation Group 1

CIS Safeguard 9.1 - Use DNS Filtering Services

Use DNS filtering services on all enterprise assets to block access to known malicious domains.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.