Theft of sensitive data is one of the most serious risks to enterprises and service providers today. We often hear about high profile data breaches. While many organizations have traditional security systems in place such as firewalls, intrusion detection systems and proxies, they often leave one pathway open – the Domain Name System (DNS). Hackers and cybercriminals have learned to exploit this vector to infiltrate the network, establish tunnels and steal a corporation’s crown jewels – its data.
Infoblox, the industry leader in enterprise-grade DNS, announced today a unique technology, Infoblox DNS Threat Analytics, which can actively block data exfiltration over DNS. The technology leverages streaming analytics and machine learning to detect data exfiltration in real time and block those attempts. It can even detect sophisticated zero-day methods that don’t necessarily use standard tunneling signatures. Unlike alternate approaches that analyze log data after a compromise, Infoblox DNS Threat Analytics is built into the Infoblox DNS server for real-time detection and blocking without the need for additional network infrastructure or end-point agents.
Infoblox DNS Threat Analytics blocks communications to destinations associated with data exfiltration by automatically adding those destinations to a blacklist and sending an update to other Infoblox appliances on the network with DNS firewalling/RPZ capability, scaling enforcement to across the organization. In addition, it provides visibility into infected devices or rogue employees trying to steal data.
Data Loss Prevention (DLP) solutions typically look at data leakage via email, web, FTP and other vectors, but don’t have visibility into DNS-based exfiltration. Infoblox DNS Threat Analytics complements traditional DLP solutions by closing the gap and helping prevent DNS from being used as a backdoor for data theft.
To learn more about how DNS can be used as a transport protocol for infiltration of rogue software or exfiltration of data, read this white paper.
You can also register to attend my webinar at 10 am Pacific (1 pm Eastern) on January 7th on DNS-based data exfiltration, including DNS exfiltration methods used by hackers, what data they are after, and how Infoblox can help. Click here to sign up.