Infoblox Inc., the network control company that provides Actionable Network Intelligence, today announced significant enhancements to its ActiveTrust®Cloud offering that now leverages advanced analytics to expand detection of potential zero day threats and prevent the loss of data, adds the ability to distribute threat intelligence to other security products in the network and ensures that content on the network conforms to corporate policies. In this latest release, organizations are able to strengthen their protection across their entire security ecosystem with advanced machine learning as well as distribute actionable threat intelligence across existing security solutions on the network.
Most internet communications rely on DNS, however DNS is often not sufficiently secured, which creates vulnerabilities that can be exploited for data exfiltration and spreading malware. Over 91 percent of malware uses DNS to communicate with C&C servers, lock up data for ransom or exfiltrate data. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks.
"DNS is a target for common cyber-attacks such as DNS cache poisoning, DNS hijacking, and DNS spoofing," said Jon Oltsik, senior principal analyst at ESG. "To turn DNS into a first line of defense, enterprise DNS security offerings should include abundant functionality including strong detection/blocking capabilities, behavior analytics (for detecting/blocking zero-day and sophisticated attacks that can't be detected using threat intelligence alone), a hybrid architecture (that protects on-premises and mobile/roaming users), aggregated and curated threat intelligence feeds, central management, and tight integration into the network and security infrastructure for better visibility and context."
Delivered as a service, ActiveTrust® Cloud is easy to configure and use without dedicated IT resources and protects devices everywhere—on the enterprise network, roaming, or in remote office/branch offices. Additional benefits include:
Ability for security administrators to restrict access to certain types of content (e.g. social media, adult content and other restricted categories) allowing for policy enforcement and review of non-compliant activity in the organization
A hybrid solution to seamlessly manage policy, provide unified visibility into devices on premise or while roaming and network context required to prioritize action
Capability to aggregate, curate and distribute threat intelligence across the entire security infrastructure in a customer's environment
Scalable threat detection and analytics in the cloud
Accelerated remediation with ecosystem integrations via open APIs
"We were looking to automate our monitoring and reporting processes to prevent potential ransomware or other types of cyberattacks from impacting our network," said Ron Washburn, senior system administrator and network engineer for City University of Seattle. "We chose Infoblox's cloud-based SaaS security solution to protect our data from being stolen and machines from becoming infected, while keeping our users safe. The licensing scheme also worked well with our organization's needs and deployment of multi-use machines."
Infoblox is changing the model of how security is delivered. It is the industry's first and only DDI vendor to provide a hybrid approach for DNS security—on-premises and in the cloud—protecting devices everywhere. Customers get seamless integration of the cloud service and the on-premises solution for unified policy management, deep context and visibility, and detailed reporting and analytics on infections and network activity.
"Because DNS sits in core of the network – it sees a lot of malicious activity first," said Scott Fulton, executive vice president of products at Infoblox. "DNS should be an organization's first line of defense as most ransomware and malware uses DNS at multiple points in the cyber kill chain. The data we collect provides essential context and visibility so IT admins can be alerted of any network anomalies, report on what assets/devices are joining and leaving the network and resolve problems faster."