Safe, reliable and fast – that’s the first impression service providers want their subscribers to have every time they connect to their networks. At Infoblox, we believe this “first connection impression” – the moment when the subscriber first connects to the network – is crucial to a service provider’s success. One other key facet: protecting subscribers and their network assets helps service providers protect their own brand and reputation.
For these reasons, Infoblox is bringing more capabilities to its line of carrier-grade products (www.infoblox.com/sp), starting with enhancements to its DNS solution portfolio to help service providers block more types of attacks and deliver a better subscriber experience.
The Domain Name System (DNS) is tied for first place as the most frequently targeted application layer service for distributed denial of service (DDoS) attacks, according to Arbor Networks, and many service providers experience these attacks on a regular basis. Cybercriminals are also now using DNS to introduce malware and exfiltrate data from subscriber devices or network assets.
That’s why it’s no surprise that research conducted by Heavy Reading and commissioned by Infoblox reveals that service providers are experiencing a wider range of more sophisticated attacks from hackers, including highly complex combinations of botnets, chain reactions, and misbehaving domains. These attacks are increasingly difficult to detect and protect against.
Take non-existent domain (NXDOMAIN) attacks, for example. NXDOMAIN is the standard error message provided when a domain name can’t be resolved by the DNS. Malicious hackers are now leveraging this routine response, using botnets to send large volumes of requests to fake domains and tie up networks. A single volumetric flood of such requests is easy to spot. Small quantities initiated by hundreds or thousands of infected devices, distributed across a large network, are much harder to detect – yet subscribers can still be impacted with slower network response or suspicious activity on their devices.
That’s why Infoblox has introduced robust protection into its DNS appliances – protection that helps keep subscribers from inadvertently visiting malicious sites and prevent service disruption when attacks do strike. Infoblox has beefed up the performance and capacity of its Infoblox 4030 series appliance, to process millions more DNS queries across multiple disks. This gives the appliances the ability to detect and withstand increasing sophisticated NXDOMAIN attacks, while still maintaining availability for subscribers.
Infoblox is also adding dual-engine DNS, allowing carriers to easily switch between BIND Unbound DNS resolvers for “hybrid vigor” and code diversity when responding to DNS threats. Finally, we’re making it harder for cybercriminals to exfiltrate data by enhancing DNS tunneling protection.
With the expansion in the threat landscape, and the increased use of less secure mobile devices, smartphones and the increased popularity of downloadable applications, service providers need new ways to protect their infrastructure. And they need to ensure that when subscribers connect, their first impression is always good.