“Work together or find yourself left behind,” is how one Chief Information Security Officer (CISO) put it at a recent breakfast event as he was talking to a handful of security vendors. Nothing can be closer to the truth.
In today’s age of highly complex networks, ever-evolving threats, and constantly overburdened Security Operations Center (SOC) teams, organizations are using best of breed solutions that are optimal for a specific security purpose. However, they want to ensure that these best of breed solutions are tightly integrated, complement each other and automatically share data and insights for holistic protection and faster response to threats.
Most security teams are familiar with Secure Web Gateways. They offer protection for web traffic and filter unwanted software/malware from user-initiated Internet traffic. These gateways usually support URL filtering, malicious-code detection and content filtering, and application controls for popular Web-based applications. However, these web gateways alone cannot completely secure organizations.
The Need for DNS Security
DNS is used by 91% of malware1 to communicate with command and control (C&C) sites and for data exfiltration. Existing security tools don’t inspect DNS traffic making DNS a huge security gap in most organizations. Hackers have long sensed this opportunity. A recent survey2 showed that 46% of respondents experienced some sort of DNS tunneling or data exfiltration via DNS. However, DNS can be turned from a liability into an asset and be used as a first (and fast) line of defense against malicious activity. A combination of reputation (aggregated, curated threat feeds), signatures, and advanced behavioral analytics applied at the DNS level can be valuable in detecting malware like ransomware as well as zero-day threats like DNS data exfiltration and fileless malware (think DNSMessenger).
DNS Security + Web Gateway => Superior Protection
Combining DNS layer security with a web gateway solution can provide protection for web and non-web protocols, while ensuring holistic visibility and faster detection of malicious activity, including DNS based threats. And integrating leading solutions enables customers to take advantage of the superior capabilities from each solution while having them work seamlessly as one.
Bringing Infoblox and McAfee Together
Infoblox and McAfee recently launched a joint DNS security + Web Gateway solution. The integration includes Infoblox ActiveTrust® Cloud and McAfee Web Gateway Cloud Service products, unifying domain blocking and HTTP security to provide broader protection for mutual customers. Infoblox ActiveTrust Cloud detects and prevents DNS-based data exfiltration, blocks DNS communications with command-and-control servers (C&Cs) and botnets, and automatically blocks access to content not in compliance with the policy. McAfee Web Protection uses secure gateway technology to protect every device, user, and location from sophisticated threats, providing web filtering and anti-malware scanning to deep content inspection and granular control over how cloud applications are used.
Here is how the joint solution works:
- ActiveTrust Cloud will detect and block malicious activities including zero-day threats like data exfiltration at the DNS layer.
- It then conditionally redirects suspicious (but not confirmed as malicious) traffic to McAfee Web Gateway.
- Web Gateway does the additional inspection, SSL, and malware scanning, thus expanding the protection.
This integrated solution allows customers to:
- Combine the power of web gateway and DNS security for broader protection
- Take advantage of threat intelligence from both McAfee and Infoblox for comprehensive coverage
- Leverage best of breed capabilities from McAfee and Infoblox
Check us out at RSA Conference
To try ActiveTrustÒ Cloud free for 30 days, signup here.
- Cisco 2016 Annual Security Report
- SC Magazine, Dec 2014, “DNS attacks putting organizations at risk, survey finds”