Infoblox Appliance Secures Enterprise DNS
Infoblox today announced Infoblox Internal DNS Security securing domain name servers (DNS) inside enterprise networks.
Enterprise network firewalls typically do not examine incoming and outgoing DNS traffic, a blind spot that cybercriminals are now exploiting. Once malware inserts itself into a network, the rogue code often relies on DNS to communicate with its command-and-control server and to exfiltrate sensitive data. Malicious users inside the network can also take advantage of DNS to mount internal distributed denial of service (DDoS) attacks from systems they have compromised.
Infoblox Internal DNS Security is a hardened DNS appliance that turns the internal DNS server from a vulnerability into a strength by providing protection against exploitation of DNS for infrastructure attacks, malware, advanced persistent threats (APTs), and data exfiltration via DNS.
Infoblox Internal DNS Security improves defense against multiple types of attacks by:
- Detecting and blocking DNS infrastructure attacks. It detects and blocks internal DNS DDoS attacks, DNS-based exploits, and DNS tunneling. Hardware-accelerated DDoS mitigation can maintain system integrity and availability—even under extreme attacks.
- Disrupting APTs and malware. With a continuously updated threat feed of malicious IP addresses and domain destinations, red-flagged APTs and other malware are blocked from communicating with their command-and-control servers.
- Preventing data exfiltration. Infoblox Internal DNS Security is capable of detecting DNS tunneling, providing alerts, and blocking queries—helping to stop DNS-based data exfiltration to prevent the loss of sensitive information.
There are two sides to the story of securing DNS infrastructure, and Infoblox covers both. Infoblox External DNS Security, previously known as Infoblox Advanced DNS Protection, is a hardened DNS appliance that provides the widest range of protection against external threats such as volumetric DDoS, DNS hijacking, DNS-based exploits, and reconnaissance attacks. When a DDoS attack is detected, the appliance can mitigate the impact by blocking hostile DNS traffic and responding only to legitimate queries.
Both Infoblox Internal DNS Security and Infoblox External DNS Security use standards-based APIs that work with the multi-vendor security ecosystems typical in today’s networks. These APIs make it possible for Infoblox appliances to accept threat intelligence from other solutions for attack mitigation, and to share threat detection data that pinpoints compromised client devices.
“Due to recent high-profile attacks, organizations are generally more willing to invest in security solutions. Further, organizations have increasing concerns over protecting DNS, and many DDI vendors now provide DNS-based security. Thus, we see an increased interest from clients in DNS-based security associated with DDI solutions. Security components such as DNS firewalls now exist in roughly 20 percent to 30 percent of the client deals that Gartner reviews," according to Gartner's recently released report, “Market Guide for DNS, DHCP and IP Address Management (DDI).”
Infoblox Internal DNS Security and Infoblox External DNS Security are both available now worldwide. Pricing information is available from Infoblox sales representatives and channel partners.
