For Cybersecurity Awareness Month in 2024, we shared a series of blogs– best practices to secure our world, how to secure our world using DNS, and how threat actors are using DNS in their campaigns to deceive consumers. To wrap up October Cybersecurity Awareness month, I interviewed Infoblox CISO Ed Hunter, to learn about the programs he runs at Infoblox, understand his views on various industry trends and what his thoughts are for the future.
Q: Ed, can you share more about your background, how you got to Infoblox and what you’re responsible for here?
Ed Hunter: As CISO, I’m responsible for leading the Information Security program here at Infoblox. This includes the security operations, compliance and architecture functions. My team also manages product certification initiatives such as FedRAMP, SOC-2 and ISO. Since joining Infoblox, my team has implemented many security improvements in policy, access control, asset posture and zero-trust.
I joined Infoblox from Palo Alto Networks where I created and led the security team there and established the red team and product security programs. My past experience covers a wide range of industries from cybersecurity, space and defense and manufacturing at other companies such as Space Systems Loral, Trident Microsystems, NXP Semiconductors, Philips, EDS, IBM and Lotus Development.
Q: Within the industry, there are vendors that are pushing the Platformization approach. What is your perspective on this versus Defense-in-Depth?
Ed Hunter: Both defense in depth and platformization are essential strategies in cybersecurity, but they serve different purposes. Defense in depth involves layering multiple security technologies and controls to protect against threats, ensuring that if one layer fails, that other measures are in place to properly mitigate the risk. This approach provides a robust and resilient security posture by addressing various attack vectors and risks in a comprehensive manner.
On the other hand, platformization focuses on integrating security tools and solutions into a unified platform, often from a single vendor or short list of vendors. This can streamline management, improve visibility, and enhance the efficiency of security operations. There are vendors that are pushing for platformization within a single vendor platform or ecosystem with the assertion that the technologies work better or have been designed to work better within one platform.
In the real world, most will end up with a mix of the 2 approaches. Pick platform partners you trust, and leverage their portfolio capabilities as much as possible, but don’t be afraid to step outside of your existing platforms where it makes sense to do so in order to appropriately mitigate your companies’ risks.
Q: How do you approach evaluating our security stack?
Ed Hunter: Security vendors continue to innovate, and the threat landscape continues to change. This has always been the case. Therefore, evaluating our security stack is a continuous process. We conduct a review of all our security tools on an annual basis in order to ensure that we continue to see appropriate value from the technologies and vendors we’ve selected. The value delivered by each solution when compared to their competitors changes over time as security is a dynamic space.
This involves assessing the effectiveness of our current tools, identifying any gaps, and staying updated with the latest security trends and threats. We also consider feedback from our internal teams and external audits. Based on this evaluation, we make necessary adjustments, whether it’s upgrading existing tools, integrating new solutions, or enhancing our policies and procedures. This proactive approach helps us maintain a strong security posture and adapt to the ever-evolving threat landscape.
Q: I think one of the interesting things you do is using our own products within Infoblox – “drinking our own champagne”?
Ed Hunter: Absolutely. At Infoblox, we believe in the quality and effectiveness of our products, so it only makes sense that we use them ourselves. By using our own products, we not only ensure that they meet our high standards but also gain firsthand experience that fuels future product improvement. This practice allows us to identify any potential issues early and address them swiftly, also ensuring our customers receive the best possible solutions. Some of these learnings can also serve as best practices for our customers.
Our DNS, DHCP, and IPAM (DDI) solutions are integral to our network infrastructure. We are also using Infoblox Threat Defense solutions; using DNS to stop cybersecurity attacks 63 days prior to the first malware activation is unique to the industry. Most vendors are “right of boom”, very few offer proactive, “left of boom” benefits like we do. Extending these benefits out to the endpoint with our endpoint agent is also a game-changer in this post-Covid world where employees spend more time out of the office than ever before.
Our incident response team also uses our SOC Insights to enable better efficiencies when dealing with incidents. With SOC insights and its built-in AI capabilities, we were able to reduce the vast amounts of event, network, ecosystem, and DNS intelligence data; in one situation, we were able to reduce 1.7 million events into 15 very clear actionable insights that we needed to address.
Q: What are some of the other programs you run within Infoblox to secure our users?
Ed Hunter: Every new hire goes through a cybersecurity awareness program, and every employee has to do a refresher every year. Infosec authors a new custom training each year to keep it interesting and engaging. My team also conducts monthly phishing campaigns; some of them are very good at crafting “creative” phishing emails but the goal really is to ensure every user is educated on how to conduct business in a safe and secure manner. Users are a key aspect of any security program. We also have regular internal “TAD Talks” on our research projects, security incidents and what’s happening in the industry to regularly disseminate security knowledge within the company.
Q: What is your perspective on AI and the impact on cybersecurity?
Ed Hunter: Infoblox, just like many other companies today, is embracing AI and generative AI tools to improve our productivity and efficiency. AI adds some new requirements to our cybersecurity programs.
The key point from an Infosec perspective is to ask the question: “How can we safely enable innovation and progress in this space without putting the companies key data at risk”. We’ve all heard the story by now of the developer that pasted company source code into ChatGPT, thus losing control of that data.
Developing and disseminating an AI Policy is a good place to start, to provide overall guardrails. Providing directions on correct AI use and providing a secure vetted platform to safely enable employees to use AI comes next. The addition of monitoring and compliance checks to ensure adherence to policy is also good practice.
As our vendors continue to deploy AI within their enterprises and various products, it is important to take that into account in our 3rd Party Vendor assessments to ensure that they are doing the right things as they also go through this journey.
Q: Any last-minute advice or guidance to the cybersecurity community on DNS?
Ed Hunter: I would encourage the cybersecurity community to read up on our Threat Intel team’s research. Renee Burton and team are doing very interesting research on threat actor campaigns. I would also take advantage of our security workshops, these workshops are technical deep dives on how threat actors are using DNS, and customized to your organization.
