Infoblox Internal DNS Security 'transforms DNS from a vulnerability into a strength'

Infoblox has introduced Infoblox Internal DNS Security, the most comprehensive solution from a single vendor for securing DNS inside enterprise networks.

  • Wednesday, 20th May 2015 Posted 9 years ago in by Phil Alsop

Enterprise network firewalls typically do not examine incoming and outgoing DNS traffic, a blind spot that cybercriminals are now exploiting. Once malware inserts itself into a network, the rogue code often relies on DNS to communicate with its command-and-control server and to exfiltrate sensitive data. Malicious users inside the network can also take advantage of DNS to mount internal distributed denial of service (DDoS) attacks from systems they have compromised.

Infoblox Internal DNS Security (www.infoblox.com/internal-dns-security) is a hardened DNS appliance that turns the internal DNS server from a vulnerability into a strength by providing protection against exploitation of DNS for infrastructure attacks, malware, advanced persistent threats (APTs), and data exfiltration via DNS.

Building on Infoblox’s established leadership in DNS protection, Infoblox Internal DNS Security improves defence against multiple types of attacks by:

Detecting and blocking DNS infrastructure attacks. It detects and blocks internal DNS DDoS attacks, DNS-based exploits, and DNS tunnelling. Hardware-accelerated DDoS mitigation can maintain system integrity and availability—even under extreme attacks.

Disrupting APTs and malware. With a continuously updated threat feed of malicious IP addresses and domain destinations, red-flagged APTs and other malware are blocked from communicating with their command-and-control servers.

Preventing data exfiltration. Infoblox Internal DNS Security is capable of detecting DNS tunnelling, providing alerts, and blocking queries—helping to stop DNS-based data exfiltration to prevent the loss of sensitive information.

There are two sides to the story of securing DNS infrastructure, and Infoblox covers both. Infoblox External DNS Security, previously known as Infoblox Advanced DNS Protection, is a hardened DNS appliance that provides the widest range of protection against external threats such as volumetric DDoS, DNS hijacking, DNS-based exploits, and reconnaissance attacks. When a DDoS attack is detected, the appliance can mitigate the impact by blocking hostile DNS traffic and responding only to legitimate queries. More information on Infoblox External DNS Security is available at www.infoblox.com/external-dns-security.

Both Infoblox Internal DNS Security and Infoblox External DNS Security use standards-based APIs that work with the multi-vendor security ecosystems typical in today’s networks. These APIs make it possible for Infoblox appliances to accept threat intelligence from other solutions for attack mitigation, and to share threat detection data that pinpoints compromised client devices.

Gartner, Inc., a leading IT analyst firm, recognised the growing need for secure DNS in a recent report titled “Market Guide for DNS, DHCP and IP Address Management (DDI).” The report says:

“Due to recent high-profile attacks, organisations are generally more willing to invest in security solutions. Further, organisations have increasing concerns over protecting DNS, and many DDI vendors now provide DNS-based security. Thus, we see an increased interest from clients in DNS-based security associated with DDI solutions. Security components such as DNS firewalls now exist in roughly 20 percent to 30 percent of the client deals that Gartner reviews.”*

A complimentary copy of the report, released on February 24, 2015, is available at www.infoblox.com/gartner.

“The unique position of DNS in the network makes it an optimal enforcement point for protection and security response,” said Scott Fulton, executive vice president of product at Infoblox. “Infoblox Internal DNS Security takes advantage of this position to help protect mission-critical DNS infrastructure, block APTs and malware, and prevent data exfiltration—all without requiring any changes to end-point software or network architecture.”