A new defence against APTs

Delivers technology integration with FireEye to battle rising trend of targeted attacks.

  • Thursday, 31st October 2013 Posted 11 years ago in by Phil Alsop

Infoblox Inc. has introduced The Infoblox DNS Firewall – FireEye Adapter, bringing together the power of the Infoblox DNS Firewall and the malware protection system from FireEye Inc. (NASDAQ:FEYE) to help organisations protect themselves against Advanced Persistent Threats (APTs).
Today, enterprise networks are under increasing attack by APTs, which leverage stealth and work over a long period of time – in many cases days, weeks or months – without the target ever being aware of their presence. Because APTs are typically custom-designed and narrowly targeted, traditional signature-based detection methods rarely if ever find them.


The Infoblox DNS Firewall for FireEye solution unites two powerful technologies to defend against APTs.
The FireEye NX Series uses a unique automated approach to test suspicious executable files in a safe virtual environment, where the files are activated, the behaviour is observed and any malicious activity is identified.


The Infoblox DNS Firewall, introduced earlier this year, uses a threat information subscription service to stay constantly updated on malware other than APTs, leveraging the Domain Name System (DNS) to block communication to known malicious destinations.


DNS acts as the phone book to every destination on the Internet. When identified malware on an infected device – such as a laptop, smart phone or tablet – attempts to “call home,” the Infoblox DNS Firewall can block the connection by denying the DNS communication request. This leaves malware that relies on DNS with no way of reaching its host for further instructions or to transmit information stolen from the target.


The Infoblox integration can take details on detected APTs from FireEye and feed that data into the Infoblox DNS Firewall. This combination of products enables customers to automatically:
1. Detect APTs via FireEye technology.
2. Disrupt malware callbacks via the Infoblox DNS Firewall – disconnecting malware from its host.
3. Pinpoint infected devices quickly via the Infoblox DNS Firewall – reducing response time and speeding up remediation efforts.


“Infoblox is expanding the concept of defence in depth by bringing FireEye’s APT containment capability to the DNS level,” said Didi Dayton, vice president of worldwide strategic alliances at FireEye. “We know most APTs can’t function without communicating through DNS, so the combination of the FireEye NX Series with the Infoblox DNS Firewall creates a powerful new solution that is greater than the sum of its parts.”


“As a leader in network automation and control, Infoblox is delighted to partner with a proven innovator such as FireEye,” said Arya Barirani, vice president of product marketing at Infoblox. “This integration significantly enhances our customers’ ability to detect and protect against APTs, and marks an industry first by transforming DNS from a weak point to an essential element in a comprehensive security strategy.”