The Domain Name System (DNS) turns a user-friendly domain name into an IP address that computers use to identify each other. DNS is unencrypted by default.
Most security vendors still heavily rely on signature-based detection, such as DNS firewalls and DNS blacklisting. It essentially performs DNS query checks of known bad domains.
Soon all DNS traffic will be encrypted. Analyzing DNS traffic will not help to spot and stop malicious activity on the network. It brings numerous challenges to network operators. They can solve them by implementing security measures powered by artificial intelligence.
This whitepaper discusses why DNS blacklisting is not an effective security control anymore.