Infoblox secures DNS inside enterprise networks with new solution
Infoblox Internal DNS Security offers protection against infrastructure attacks, malware, and data exfiltration
Infoblox has announced the Infoblox Internal DNS Security, a comprehensive solution for securing DNS inside enterprise networks.
Enterprise network firewalls typically do not examine incoming and outgoing DNS traffic, a blind spot that cybercriminals are now exploiting. Once malware inserts itself into a network, the rogue code often relies on DNS to communicate with its command-and-control server and to exfiltrate sensitive data. Malicious users inside the network can also take advantage of DNS to mount internal distributed denial of service (DDoS) attacks from systems they have compromised.
Infoblox Internal DNS is a hardened DNS appliance that turns the internal DNS server from a vulnerability into a strength by providing protection against exploitation of DNS for infrastructure attacks, malware, advanced persistent threats (APTs), and data exfiltration via DNS.
Building on Infoblox’s established DNS protection solutions, Infoblox Internal DNS Security improves defense against multiple types of attacks by:
Detecting and blocking DNS infrastructure attacks. It detects and blocks internal DNS DDoS attacks, DNS-based exploits, and DNS tunneling. Hardware-accelerated DDoS mitigation can maintain system integrity and availability—even under extreme attacks.
Disrupting APTs and malware. With a continuously updated threat feed of malicious IP addresses and domain destinations, red-flagged APTs and other malware are blocked from communicating with their command-and-control servers.
Preventing data exfiltration. Infoblox Internal DNS Security is capable of detecting DNS tunneling, providing alerts, and blocking queries—helping to stop DNS-based data exfiltration to prevent the loss of sensitive information.
There are two sides to the story of securing DNS infrastructure, and Infoblox covers both. Infoblox External DNS Security, previously known as Infoblox Advanced DNS Protection, is a hardened DNS appliance that provides the widest range of protection against external threats such as volumetric DDoS, DNS hijacking, DNS-based exploits, and reconnaissance attacks. When a DDoS attack is detected, the appliance can mitigate the impact by blocking hostile DNS traffic and responding only to legitimate queries.
Both Infoblox Internal DNS Security and Infoblox External DNS Security use standards-based APIs that work with the multi-vendor security ecosystems typical in today’s networks. These APIs make it possible for Infoblox appliances to accept threat intelligence from other solutions for attack mitigation, and to share threat detection data that pinpoints compromised client devices.
Gartner, Inc., a leading IT analyst firm, recognized the growing need for secure DNS in a recent report titled “Market Guide for DNS, DHCP and IP Address Management (DDI).”
The report says: “Due to recent high-profile attacks, organizations are generally more willing to invest in security solutions. Further, organizations have increasing concerns over protecting DNS, and many DDI vendors now provide DNS-based security. Thus, we see an increased interest from clients in DNS-based security associated with DDI solutions. Security components such as DNS firewalls now exist in roughly 20 percent to 30 percent of the client deals that Gartner reviews.”
“The unique position of DNS in the network makes it an optimal enforcement point for protection and security response,” said Scott Fulton, executive vice president of product at Infoblox. “Infoblox Internal DNS Security takes advantage of this position to help protect mission-critical DNS infrastructure, block APTs and malware, and prevent data exfiltration—all without requiring any changes to end-point software or network architecture.”