The RSA Conference is always a highlight of the cybersecurity calendar, and this year was no different.
The theme of this year’s conference was “the Human Element,” and it’s important to note that even in this age of digital transformation—security remains a fundamentally human issue.
It’s a human that unwittingly clicks the phishing link. It’s a human whose personal information is collected, stored, and misused by bad actors. And it’s a human who manages and protects the networks and systems that tie these technologies together.
Some companies are developing innovative ways to change human behavior, building easier and more intuitive cybersecurity solutions to encourage their use. Others are creating new technologies to protect user privacy from unauthorized access. And some are innovating ways to reduce the load on the overworked human in cybersecurity, who manages and secures our networks through automation and orchestration.
And the more I thought about this theme, the more I realized that Infoblox is at the core of all three. Our expertise in DNS security provides protection for infrastructure and data, while our core network services—DNS, DHCP and IPAM (collectively known as DDI) gives valuable insight to the humans involved in incident response element of cybersecurity.
Privacy and protecting human data
Some of the biggest news at RSA this year was Mozilla’s announcement that it would begin enabling DNS over HTTPS (DoH) by default for all users of its Firefox web browser in the United States.
Mozilla says it’s rolling out this feature to improve the privacy and security of their users, but like any conference with over 700 companies and hundreds of product launches and announcements, not every innovation will be relevant to every use. And DoH is a perfect example.
DoH is a welcome contribution to the conversation of privacy as it relates to DNS traffic, which is currently unencrypted and can leave users vulnerable to spoofing, interception, and other attacks. But it can also raise challenges for network managers as it circumvents internal DNS controls and can expose organizations to security risks such as data exfiltration and malware proliferation. For example, recent versions of PsiXBot malware use DoH to encrypt malicious communications allowing it to hide in normal HTTPS traffic, and install malware that can steal data or add a victim to a botnet.
As the market leader in DNS and other core network infrastructure, Infoblox recommends that companies block DoH traffic between internal IP addresses and external DNS servers so that employees use IT-managed DNS infrastructure, thus ensuring that security policies are enforced.
Extending human capabilities
The sheer number of security solutions offered at RSA can be overwhelming. Much of this is due to the sophisticated nature of today’s threats, the break neck speed of digital transformations like SD-WAN, SaaS, multi-cloud and IoT, and the products developed to secure them. A security stack today is made of next-gen firewalls, NACs, DLP, web proxies, CASB, endpoint security, sandboxing and more—all to combat the mushrooming number of threats that networks face. This presents a huge challenge to security admins who must manage a growing number of technologies and identify and prioritize a cacophony of alerts.
What we at Infoblox have long known is that DNS can be a very effective security control point to address these challenges. More than 90% of cyberthreats use DNS to infiltrate a network or exfiltrate valuable data, and DNS can be used to give managers visibility into what’s on their networks and automatically identify and easily mitigate threats. Our BloxOne™ Threat Defense leverages the visibility and forensic data that DNS infrastructure provides to detect and identify threats, block threats, provide intelligence to the security stack, prioritize alerts, and inform security staff to isolate and mitigate threats faster and more efficiently.
Our history at Infoblox has been about simplifying and automating the core processes that make networks run, making network services easier and more reliable. With BloxOne™ Threat Defense, we are leveraging our expertise in DNS to bring that same mission to cybersecurity.