It’s all About Community
It is becoming nearly second nature for savvy mobile users to depend on applications (apps) that leverage data aggregated from multiple users to aid in decision making. Mobile apps like Yelp, Waze and TrueCar enable the end user to leverage the experience of a community when deciding which restaurant to eat at, the most optimal route to a desired destination, and how much people recently paid for a car, respectively.
Gone are the days when you would ask for an opinion of a friend, sibling or some acquaintance. While nothing is fundamentally wrong with that approach, it cannot compete with the scale of a “3rd party” community (and hence, possibly less biased view) of users who share their experiences of a product or service. The benefit, of data-driven technology is that, as aptly stated by TrueCar, it “puts power and knowledge in the hands of consumers.”
Drowning in an Ocean of Data from Isolated Sources
Few, if any of us, would shun being given power and knowledge to make a more informed decision about things we consider purchasing (e.g. movie ticket or meal) or actions we are undertaking (e.g. driving somewhere). On a similar note, when you consider the decisions various teams (IT security, Incident Response (IR) and Security Operations Center (SOC)) have to follow based on disparate data, it is quite overwhelming.
From monitoring network vulnerabilities using one or multiple systems, to cleaning up infected systems with a different set of tools, to sifting through seemingly endless logs of data from one or more sources, and eventually trying to prioritize alerts and act on the most critical ones—it seems like they could never possibly stay on top of their game. This is evidenced by the fact that even the most presumably “secure” organizations such as top financial and banks have been publicly shamed for having suffered a data breach at least once.
Getting back Control with Data that is Relevant and Timely
Part of the challenge faced by organizations is that they are constantly using and maintaining multiple security products simultaneously for defense-in-depth and security best practices. Wouldn’t it be optimal if the security products they have on the network could seamlessly and automatically share data with each other and also glean contextual data from the network to be better informed and to take action more easily and quickly? In the absence of interoperability and real-time data sharing between security and network products, decisions are being based on isolated data points, and sometimes stale data, and too often, it is too late – sensitive data has already been exposed or stolen by the time an organization even discovers that. Unfortunately, an organization even with its best intentions has vulnerabilities that can ultimately get exposed by an attacker who is persistent.
What can help is having the right data, complete with historical record of events, at the right time, from multiple sources (security and network) which when aggregated, can help aid with or possibly automate threat response. In fact, Cisco Systems has already put in place an infrastructure, which they call Cisco Platform Exchange Grid or pxGrid, an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. At the one year anniversary of pxGrid in late 2015, Cisco introduced nine new ecosystem partners, including Infoblox.
Infoblox Helps Security and Network teams be more Efficient and Effective
As a market leader in network control services, specifically DNS, DHCP and IP address management (DDI) solutions, Infoblox provides rich contextual data to multiple security, incident response, and compliance solutions such as Cisco Identity Services Engine (ISE) Network Access Control (NAC), Bit9+Carbon Black endpoint security and Rapid7 Nexpose vulnerability scanner. Since Infoblox DDI is serving as a core component of the network infrastructure, it is immensely beneficial to be sharing the data gleaned from our unique vantage point in the network with IT security and network teams so they can be more informed and less dependent on each other– saving time and being more productive.
By sharing information, in real-time, such as the discovery of new devices on the network, DHCP lease information and IP address changes, and compromised devices talking to malicious domain destinations, such as those associated with data exfiltration, Infoblox helps extend the intelligence of solutions you’re already using. IT teams can be in better control of the network, devices and users. Also, Infoblox DNS security solutions offer policy enforcement using DNS. Our Internal DNS Security and DNS Firewall solutions automate threat response by integrating with threat intelligence solutions such as FireEye.
For example, Infoblox obtains information from FireEye NX Series on malicious connections and executes an administrator defined action using DNS Response Policy Zones (RPZ) on the device making the malicious DNS query. Our solutions can redirect an infected device to a safe location (e.g. walled garden site) or even block the connection to a bad domain.
In January 2016, check out Part 2 of this blog series to learn more about how Infoblox can help reduce siloes in your security ecosystem, closing the gap between and helping IT security and network teams be more efficient and effective in their day-to-day operations.