Security Weekly
Full episode and show notes

​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 – Craig Sanderson – RSAC26 #4

Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today’s distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. NIST Blog NIST Guide This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them!

This episode is sponsored by
Full Segment Notes

Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today’s distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction.

NIST Blog

NIST Guide

This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them!

Key Moments
  • 0:00 - RSAC 2026 Interview Introduction
  • 0:25 - Why DNS Security Matters Now
  • 0:48 - NIST DNS Update (SP 800-81 Rev 3) Explained
  • 0:56 - Key DNS Security Improvements & Best Practices
  • 02:08 - Encrypted DNS (DoH, DoT, DoQ) Overview
  • 02:59 - DNS Regulations & NIS2 Impact
  • 03:48 - DNS Risks in Critical Infrastructure
  • 05:16 - What is Protective DNS?
  • 05:31 - DNSSEC vs Protective DNS Explained
  • 07:06 - Using DNS as a Cybersecurity Control
  • 07:39 - Real-Time Threat Intelligence with DNS
  • 09:01 - Moving Beyond Whack-a-Mole Security
  • 09:26 - Reducing Attack Surface with DNS Intelligence
  • 09:55 - Preventing Phishing with Protective DNS
  • 11:26 - Real-World Example: Government DNS Protection
  • 12:03 - Why Organizations Should Adopt Protective DNS
  • 12:42 - DNS as a Security Service Mindset Shift
  • 13:26 - Breaking Silos: Network vs Security Teams
  • 14:12 - DNS Attack Risks & Domain Takeover Threats
  • 14:49 - Final Thoughts & Key Takeaways
Guest
Principal Cyber Security Strategist at Infoblox

Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds