In today’s security landscape, DNS is often treated as an afterthought—until it becomes the root cause of a breach. For Patrick Sullivan, CTO of Security Strategy at Akamai, this is exactly the blind spot that DNS Posture Management aims to eliminate.

“If we think about DNS Posture Management, it’s really around helping enterprises understand risk that could emerge primarily based around DNS misconfiguration before an adversary does,” Sullivan explains.

DNS is often the first place attackers look. Whether it’s for reconnaissance in a red team exercise or real-world attacks, DNS reveals how systems are connected, which services are live, and where an organization is vulnerable. And when DNS is misconfigured, the results can be disastrous.

Akamai has seen recent attacks stemming from DNS registry lock issues—cases where attackers gained control at the registrar level and used it to hijack mail and SaaS platforms. Another common vulnerability is the dangling CNAME. “As app dev teams bring applications down, DNS pointers sometimes stay behind,” says Sullivan. These orphaned records can be hijacked by attackers, effectively granting them access to traffic meant for your domain.

Even small human errors can have big consequences. In one incident, a financial services company mistyped a DNS entry—just one wrong letter—and accidentally routed enterprise DNS traffic to a domain controlled by a researcher. The result? Potential interception of sensitive financial data and enterprise communications.

To mitigate these risks, Akamai’s DNS Posture Management service performs regular scans across a customer’s DNS footprint—including registrars, cloud providers, and SaaS integrations. “We review those configurations on a regular cadence to look for risk emerging,” says Sullivan. The platform is vendor-agnostic and checks against compliance frameworks like CIS, PCI, HIPAA, and NIST.

“You get simple instructions to remediate issues, plus a compliance checklist to compare your DNS configuration against best practices,” Sullivan explains. It’s similar to cloud security Posture Management—just focused on DNS, one of the most foundational but overlooked layers of the enterprise stack.

DNS may not be flashy, but it’s a high-value target—and a high-impact vulnerability if left unmonitored. With the rise of distributed architectures and increasing third-party dependencies, Posture Management is no longer optional.

“If DNS isn’t quite right, a lot of risk emerges,” Sullivan concludes. “That’s a pattern we’ve seen over many, many years.”

DNS Posture Management: Fixing the Security Holes You Can’t See

How Mirantis’ k0rdent Is Powering Sovereign AI Clouds—and Why Open Source Optionality Is the Future

Breaking Systems to Build Better Ones: How AI is Reshaping Chaos Engineering

How Mirantis’ k0rdent Is Powering Sovereign AI Clouds—and Why Open Source Optionality Is the Future

Breaking Systems to Build Better Ones: How AI is Reshaping Chaos Engineering

You may also like

AI Writes Code, But Who’s Managing the Infrastructure? GitOps Has the Answer | Hong Wang, Akuity

Zero-Day Threats Don’t Wait for Antivirus: AI Predicts Malware Before Execution | Dr. Aqib Rashid, Glasswall | TFiR

Multi-Cloud Fragmentation Is Creating Governance Blind Spots | | Dirk Alshuth, emma | TFiR

Near-Zero Downtime Patching With HA Clustering: Dave Bermingham, SIOS Technology | TFiR

AI Infrastructure Complexity Is Costing Enterprises Millions—Mirantis Has a Fix | TFiR

Why AI Agents Fail on Real Business Data | Michel Tricot, Airbyte | TFiR