More than 90% of malware uses DNS at various stages of the cyber kill chain to penetrate the network, infect devices, propagate laterally and exfiltrate data(1). Infoblox Partners can address this often-ignored threat vector, expand their security portfolio and protect customers’ data.
Gartner estimates the total data loss prevention market “in 2016 to be approximately $894 million and growing at a 9.8% CAGR, to reach $1.3 billion in 2020… By 2022, 60% of organizations will involve line-of-business owners when crafting their data loss prevention (DLP) strategy, up from 15% today. By 2020, 85% of organizations will implement at least one form of integrated DLP, up from 50% today(2).
“The drivers for DLP investments continue to revolve around ensuring regulatory compliance, protecting intellectual property or gaining additional visibility into data movement(2).”
According to recent surveys, 46% of respondents experienced DNS-based data exfiltration and 45% experienced DNS tunneling(3). Malware and data theft are pervasive largely because conventional cybersecurity solutions such as secure email gateway (SEG), secure web gateway (SWG), next generation firewall (NGFW), data loss prevention (DLP) and intrusion prevention systems (IPS) are not designed to protect DNS.
Infoblox Data Protection and Malware Mitigation Solution is designed to address the DNS security gap described above. The Infoblox solution provides:
- Disruption of the cyber kill chain to limit malware proliferation
- Detection and protection against known and zero-day data exfiltration
- Deep visibility into the network
- Centralized reporting that can be leveraged for further analysis and planning
Disruption of Cyber Kill Chain Focus on the DNS control plane:
The Infoblox solution for data protection and malware mitigation uses a multi-pronged approach to threat detection using a combination of reputation, signature and behavioral methods. It proactively contains malware such as phishing, ransomware and more, and stops command and control communications at the DNS choke point. It enforces policy using up-to-date threat intelligence that has been aggregated, verified and curated by an in-house threat research team. Available as an on-premises solution or as a service delivered from the cloud, the solution protects users wherever they are—within headquarters, roaming, or in remote offices/branch offices.
Extending Protection across your Security infrastructure:
By sharing the DNS indicators of compromise with security ecosystem tools such as next-generation endpoint protection (NGEP), NAC, vulnerability scanners, and SIEM, the solution protects against lateral movement of threats.
DNS Data Exfiltration Protection:
The number one goal of malware is to steal sensitive information. There may be several ways of getting to sensitive data, but the pathway that is often left open and under-protected is DNS. Malicious actors know this and use DNS tunneling and other sophisticated zero-day methods to exfiltrate data over DNS queries. The Infoblox solution for data protection and malware mitigation uses a combination of reputation, signatures and behavioral analytics to detect not just standard DNS tunnels but also zero-day techniques that could be low and slow and happen over longer periods of time. This solution is offered both on-premises and in the cloud.
Deep Visibility:
With Infoblox, you get end-to-end visibility into infected endpoints wherever they are and actionable context, including user name, MAC address, device type, and lease history, to hasten remediation. An integrated and sophisticated threat investigation tool enables rapid investigation and provides detailed information on threat actors, campaigns, and associated breaches for deep analysis.
Unified Reporting and Mining Valuable Historical DNS Data:
Infoblox provides detailed and centralized reporting for on-premises and cloud-delivered solutions that:
- Harnesses rich network data to gain actionable insights
- Monitors and analyzes your network, devices, and applications
- Provides details on malicious activities and infected devices
Why Should Channel Partners Care?
- Address customers’ regulatory compliance requirements to protect data. DNS is the often-ignored threat vector and Infoblox provides an opportunity to address this security gap:
- Educate and position the Infoblox solution for protection against DNS-based data exfiltration and malware spread
- Gain end-to-end visibility into infected endpoints
- Consolidate and centralize reporting for on-prem and cloud based DDI infrastructure
- Only DDI vendor that provides a hybrid (on-prem and in the cloud) option to protect data and users
- Only DDI vendor that provides a combination of reputation, signatures and behavioral analytics to detect and protect against DNS based data exfiltration
- Leverage Infoblox threat intelligence platform to prioritize critical threats for containment and to enhance your customers’ security ecosystem
- Grow Your Revenue
- Address a growing data loss prevention market
- Up-sell existing Infoblox DDI and DNS Firewall customers on this Infoblox security solution to enhance their security posture
- Enhance your security portfolio by bundling Infoblox data protection and malware mitigation solution with your current offerings such as cloud, virtualization, managed security and networking
- Create opportunities to cross sell additional security solutions such as Infoblox Infrastructure Protection and Infoblox Threat Containment and Operations
- Source: Cisco 2016 Annual Security Report
- Source: Gartner Magic Quadrant for Enterprise Data Loss Prevention, Feb 2017
- Source: SC Magazine, Dec 2014, “DNS attacks putting organizations at risk, survey finds”