Network context for more security insight
According to Infoblox’s SVP of International Business, Cherif Sleiman, the intelligence which they are able to collect will enable all manner of endpoint protection.
Think about it.
Infoblox is a leading network management player and they are uniquely positioned to collect intelligence to enhance domain name system or DNS security.
He explained, “Intelligence in our systems knows the user, the device, operating system, locations they are at, the apps they use… because we have to resolve it for them. We are the monkeys behind the scenes. You take for granted that you will get to your URLs but Infoblox has to do all the work.”
The beautiful thing is that in all the spaghetti of networks; or as Sleiman called it ‘siloed systems’; that is required for the World Wide Web to work, there is one constant in terms of intelligence -Infoblox.
“(We) have gone from all the various disconnected systems, to being a grid that is connected and automated to ensure two things – personalisation of service and security of service.”
The DDI management player also proposes that value-adding services can integrate with their solution to provide more enhanced protection of the Internet infrastructure.
At the moment, they do have integrations with an ecosystem of 14 partners, security devices like next-generation firewalls (NGFW), and vulnerability scanning services, are among them.
How it works with these two solutions for instance, is that if Internet traffic doesn’t hold up to the corporate policy, it will not be allowed to come online. “Infoblox moves from batch to just-in-time scanning,” Sleiman pointed out.
He also added that with public APIs, any other system integrator or vendor can use the power of analytics that Infoblox has, for free.
DNS security – overlooked?
Over 90-percent of malware will exploit weaknesses in DNS, but despite this, there is more effort going into blocking HTTP traffic, and in essence block the natural way that malware communicates.
“What is the one common protocol that all security devices must trust? It’s DNS. But, if you block DNS, there will be no more communication!” he said.
So, as a result every security device has an ALLOW policy for DNS, he added.
More granular policies are called for, that are based upon intent of DNS queries.
“But, there hasn’t been a security device at all, invented in the history of security so far, that can judge things based on intent.”
A piece of software only reveals its true nature after the dirty deed is done and by then it is too late.
Infoblox Machine Learning and analytics play a huge role in predicting the intent of malware through real-time analysis of DNS traffic and when you couple this with Infoblox contextual network information like who, where, when and what, it provides organisations clear and actionable intelligence to accurately protect its users and digital assets.
At the mercy of security industry
The intelligence that firewalls use was something that vendors had to actually code in, until recently.
“Basically, until 2 to 3 years ago, organisations were at mercy of vendors who may not be responsive to cyberattacks,” Sleiman said.
With the amount of cyber breaches increasing exponentially, something had to be done.
What if firewalls could get instructions about what is good or bad, from a single source of truth?
“As hacks become so sophisticated and as security infrastructure becomes more critical, these intelligence feed about who is good or bad cannot be best effort anymore.”
Big data analytics is a good step in the right direction, but Infoblox also went ahead and bought IID, a leader in global cyber threat intelligence. This data base or platform of threat intel combined with network context offers actionable security insights for organisations.
When this combination is further consolidated with other threat intel feeds, the result is something that is powerful, but significantly also a single version of truth. This is called Infoblox’s Active Trust platform that other security devices and security services can plug into and leverage.
“We pride ourselves on being the quality delivery mechanism for that type of threat intelligence,” Sleiman shared.
The senior VP opined, “Digital transformation will not stop at any boundaries. No industry is safe doing things the old way. GDP growth of any country is proportional to the amount of connectivity it has in the world of 5G and Internet of Things.
“Even building management systems are going onto the IP network. And as every one of these things and devices come online, there is still lack of visibility and lack of control.”
This calls for automation to keep up with the massive demand of network resources, and this automation also has to be intelligent and secure. “Networks must never be compromised so using Infoblox for automated networking and security services is no longer a ‘nice-to-have.;”
Sleiman also emphasised that Infoblox does not compete with anyone and concluded that Infoblox solutions are small cents to the dollar spending, to make an organisation’s multi-million dollars investments work.