Umbrellas Now Mandatory Even in Seattle PCI DSS 4.0 WAF requirement bets we're not as good at...
Do you Have a Lady Whistledown on Your Network?
This post is being shared from Concourse CEO Glen Kendell's Data and Confused Substack blog. To subscribe to the Substack and be the first to know when new posts drop, click here.
Do you Have a Lady Whistledown on Your Network?
Information security as the belle at the ball in the hit Netflix series
Can Bridgerton Teach Us About Security?
In the Netflix series, Bridgerton, Lady Whistledown operates in the shadows, feeding high society with scandalous gossip while remaining anonymous. But as Eloise Bridgerton proved, if you're watching, you can see what's actually going on. (OK, in the books it was really Colin who figured it out).
This lesson isn't just for regency-era intrigue—it's also the foundation of information security.
Photo by Jan Canty on Unsplash
Cybercriminals, like Lady Whistledown, rely on obscurity, using techniques like DNS tunneling and spoofing to move undetected. But just as Eloise (or Colin) pieced together clues to reveal Whistledown's identity, security teams can use DNS monitoring, filtering, and anomaly detection to expose hidden threats.
Gossip, Tunnels, and Spoofing: How Threats Stay Hidden
With DNS tunneling, hackers hide malicious traffic inside legitimate DNS queries—like smuggling secret messages in seemingly innocent gossip papers. Lady Whistledown relied on the trust of high society, much like DNS spoofing tricks users into visiting fraudulent websites by redirecting them to malicious look-alike domains.
Many people in Bridgerton simply read the gossip but never questioned its source. Similarly, many organizations rely on DNS without actively watching it—assuming that because it works, there's nothing to worry about. But those who watch closely can see patterns emerge.
The Power of Watching
The Queen's court had informants, spies, and analysts watching for patterns—exactly what security teams need. Ok maybe not informants and spies. But analysts for sure!
Passive Monitoring – Like Eloise studying Whistledown's writings, security teams can analyze DNS logs for suspicious queries, catching leaks before they escalate.
Active Filtering – Just as the Queen cracked down on unauthorized papers, security tools can block malicious activity before it reaches users.
Threat Intelligence – Recognizing linguistic patterns helped unmask Whistledown. Similarly, AI-based tools track traffic anomalies, linking them to known attack techniques.
The truth is always there—if you're watching and know what to look for.
Get (Whistle)Down with these Security Essentials
Lady Whistledown's downfall came from a lack of operational security. She underestimated how closely people were watching.
I’m going to share 3 types of cost-effective tools to keep you on the lookout for any Lady Whistledowns on your network and protect your digital kingdom:
-
DNS Security
-
Browser Security
-
Endpoint Security
DNS Security: The Proper Introduction to Every Digital Acquaintance
Let's clarify first - what is DNS?
You can't remember most phone numbers without your contact list. Now imagine that numbers could change, but your phone still figured out the new one (Whaaa??).
This is how DNS works. It acts as your network's smart contact list, translating human-readable website names into IP addresses computers use to talk to each other. When malware tries to "phone home" to its command server, a DNS lookup happens first. By filtering these lookups, you can stop threats before they even reach your device.
Best Free & Low-Cost DNS Security Options
Quad9 (Free) – Nonprofit resolver backed by threat intelligence. Blocks malicious domains silently.
NextDNS (Free for 300K queries, ~$2/month for unlimited) – More customization and visibility. Ideal for businesses.
Cloudflare 1.1.1.2 (Free) – Simple malware filtering with excellent speed.
How to Implement DNS Security
The most effective approach is to implement DNS security at your router, protecting all connected devices at once:
Primary DNS: 9.9.9.9 (Quad9's IP address) or 45.90.28.0 (NextDNS IP address) or 1.1.1.2 (Cloudflare's malware-blocking IP)
Secondary DNS: 149.112.112.112 (Quad9's backup IP) or 45.90.30.0 (NextDNS backup IP) or 1.0.0.2 (Cloudflare's backup malware-blocking IP)
For enhanced security, enable encrypted DNS:
Firefox: Settings > Network Settings > Enable DNS over HTTPS
Chrome: Settings > Privacy and Security > Security > Use secure DNS
DNS security alone isn't enough, but it provides a crucial first layer of defense. It's part of what I call chocolate-in-depth (my tasty take on "defense in depth"). Imagine multiple layers of a delicious chocolate cake served at a regency ball. Of course, the ladies won't be eating any because who can risk it with those fancy clothes!
Browser Security: A Parasol for Your Digital Promenade
Most people don't realize that the browser has become the primary target for cybercriminals. As more of our work moves to cloud applications, attackers have shifted focus from compromising entire systems to simply hijacking your authenticated browser sessions.
To understand this threat, consider how you access sensitive information today. You likely log into web applications for banking, email, and work documents. If an attacker can compromise your browser—through malicious extensions or scripts—they can steal your authenticated sessions and access these services without needing your password.
Photo by Aline de Nadai on Unsplash
Best Free Browser Security Tools
Push Security (Free for small teams) monitors browser extensions and alerts you to suspicious behavior. I've implemented this for several Concourse Hosting clients, and it's revealed concerning extension permission patterns we wouldn't have caught otherwise.
uBlock Origin (Firefox) or uBlock Lite (Chromium) goes beyond blocking ads—it's a powerful content filter that prevents connections to malicious domains. I configure this with medium mode settings that block third-party scripts while maintaining compatibility with most websites.
Microsoft Defender Browser Protection / Google Safe Browsing provide built-in phishing protection using cloud intelligence. While far from perfect, they catch the some known phishing sites and add a decent layer of protection.
Why Browser Security Matters So Much
Let me share a real example to illustrate the importance: Last year, a client's employee installed a seemingly legitimate browser extension for PDF conversion. Within hours, the attackers had accessed the company's cloud storage, exfiltrated sensitive documents, and launched a ransomware attack—all without traditional malware that antivirus would catch.
The bad extension was able to:
-
Intercept form submissions to steal credentials
-
Extract active session cookies
-
Modify browser traffic to inject malicious code
This is why I now conduct browser security training for new clients and implement technical controls to monitor extension permissions. Of course, I don't tell them we’re doing training. I tell them we're going to watch Bridgerton and then sneak in the training.
But if you really want to know if we did the training or watched Bridgerton, you’ll have to check the DNS logs, won’t you??
Endpoint Security: The Last Line in Defense of Your Digital Honor
While preventive measures are essential, we must also have systems in place to detect and stop threats that make it past our other defenses. This is where endpoint security comes in—tools that monitor for and block malicious activity directly on your devices.
Photo by Nik Shuliahin 💛💙 on Unsplash
Best Options
Microsoft Defender (Free with Windows 10/11) has dramatically improved in recent years. According to independent testing, it now ranks among the top security products—when properly configured.
Here's how you might want to set it up to get started with basic protection:
# Enable cloud-based protection to benefit from Microsoft's threat intelligence
Set-MpPreference -MAPSReporting Advanced
# Enable behavior monitoring to catch threats based on suspicious actions
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable script scanning to prevent malicious scripts from running
Set-MpPreference -DisableScriptScanning $false
# Enable controlled folder access to prevent ransomware file encryption
Set-MpPreference -EnableControlledFolderAccess Enabled
These settings transform the built-in Defender from basic protection to a robust security solution that protects against advanced threats including ransomware and fileless malware.
CrowdStrike Falcon (starting at $5/month for the “Go” edition, more for bigger networks) brings enterprise-grade endpoint detection and response (EDR) capabilities to small businesses. For clients who need additional protection, this provides exceptional value with advanced machine learning models that detect novel threats. This is what we use at Concourse. CrowdStrike also offers MDR services if you want them to respond to incidents on your behalf.
Understanding Modern Malware Techniques
To appreciate why traditional antivirus isn't enough, let me explain how modern attacks work. Today's threats often operate entirely in memory without writing files to disk—a technique known as "fileless malware." These attacks manipulate legitimate system processes to execute malicious code, making them invisible to traditional file-scanning tools.
Effective endpoint protection must therefore monitor process behaviors and system activities, not just scan files. This is why I emphasize behavior monitoring tools almost as much as I recommend Bridgerton-themed parties. You need more regency clothing in your life. You're welcome.
Let’s Review: The Tools you Need, Free and Paid Options.
These are the free options.
DNS Security (Free): Configure Quad9 at your router to block malicious domains network-wide. This creates a protective shield for all connected devices without requiring device-level software.
Browser Security (Free): Install uBlock Origin or Push Security free version and configure browser security settings to prevent malicious scripts from executing. This addresses the most common attack vector—compromised websites and phishing attempts.
Endpoint Security (Free): Properly configure Microsoft Defender using the settings I've outlined above. This transforms the built-in protection into a capable security solution comparable to paid alternatives.
Bridgerton Bonus! Use a password manager. Like BitWarden. Or 1Password. Seriously, before the next season drops, do this.
Photo by Chris Haws on Unsplash
These are the paid options.
DNS Security (Paid): Upgrade to NextDNS paid plan for customizable protection and detailed logging. It’s still cheaper than dirt! For a deeper dive into DNS security, watch Eric Conrad's excellent talk at SANS Threat Hunting with DNS where he explores DNS in-depth including tunneling.
Browser Security (Paid): Get the paid version of Push Security to monitor browser extensions and detect suspicious behavior and control it for all your users if you have a network to protect.
Endpoint Security (Paid): Deploy CrowdStrike Falcon for advanced threat detection capabilities. The machine learning models provide protection against zero-day threats and sophisticated attacks.
Bridgerton Bonus! For those truly committed to security excellence (like a determined debutante pursuing the season's most eligible bachelor), consider Network Detection and Response (NDR) solutions like Corelight. These advanced tools provide visibility into every packet traveling in and out of your network—like having the Queen's most trusted spies reporting on all the comings and goings at a grand ball. While certainly more complex to implement than our other recommendations, NDR offers unparalleled insight into potential threats and can reveal malicious activities that other security layers might miss. Corelight, based on the open-source Zeek platform, is particularly powerful for organizations with sensitive data or compliance requirements.
This enhanced approach would prevent the most common cyberattacks.
Final Thought: Security as a Carriage Ride Through Treacherous Terrain
Cybersecurity isn't just a product you buy—it's a continuous carriage ride requiring vigilant drivers, well-maintained wheels, and sturdy horses.
Photo by Patrick Schneider on Unsplash
Actually, it's both! You can't travel far without a proper carriage (good tools), and the tools I've outlined above provide decent protection without emptying your purse. But they must be accompanied by Bridgerton-level awareness of your surroundings. And some additional security practices to keep the highwaymen at bay.
Just as Queen Charlotte's court unmasked Lady Whistledown through careful observation, your security defenses must be constantly watching the road ahead.
Data and Confused is hosted by Glen Kendell, Founder and CEO of Concourse Cloud, who’s on a mission to bridge the gap between data, AI, and cybersecurity for businesses of all sizes. With an unwavering passion for collaboration and thought leadership, Glen invites trailblazing experts and forward-thinking practitioners to share real-world insights, demystify misconceptions, and fuel transformative conversations in this ever-evolving digital landscape. A show that will stretch your thinking and introduce you to new trends and ideas with engaging and honest takes.
Posts are published first on the Data and Confused Substack blog.
