FireEye is a very hot company (pun intended) in advanced IT security and they’ve just affirmed the value of the Infoblox DNS Firewall – FireEye Adapter by honoring us with the FireEye Technical Partner of the Year Award.
The award, presented Tuesday during FireEye’s Momentum sales and partner meeting in Las Vegas, recognizes the enhanced protection against Advanced Persistent Threats (APTs) when the FireEye Multi-Vector Virtual Execution (MVX) detection engine is connected to the Infoblox DNS Firewall through the FireEye Adapter.
In my previous blog ‘Partners in (Mitigating) Crime’ , I described how APTs work and how the Infoblox DNS Firewall – FireEye Adapter helps block them.The diagram below illustrates how, at every stage of the propagation, we detect, disrupt and report APTs.
There may be several different approaches, but at the core there is a dropper download, calling home to get instructions or to exfiltrate data to an Internet destination. In every query, the malware client finds its destination by looking for the domain name. The APT could use an IP address to reach out directly, but most bad domains use techniques like fast fluxing at the back end that allow the domain names to be hosted and brought down at very high speed. Using IP addresses makes that hard to do, and in addition takes away the attacker’s flexibility to use infected PCs on home networks that are connected through DHCP.
This is where FireEye’s virtual execution technology and APT detection capabilities play a critical role. As FireEye identifies these organization-specific threats, a notification is sent to the DNS Firewall with the details on the domain. Any effort to connect with the malware’s destination is blocked from that point onward, containing the APT and preventing other clients from getting infected.
It’s a good solution to a serious problem our customers face, and we’re proud of our Technical Partner of the Year Award, and even prouder of our working relationship with FireEye.