DNS Security imEcosystem - Startseite - magellan … · DNS Security imEcosystem ... • Infoblox will publish Secure DNS events ... •Quarantines device based on malicious outbound

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2017 Infoblox Inc. All Rights Reserved.

DNS Security im EcosystemPhil Rumi – Senior Systems Engineer CEUR

10.10.2017


Infoblox: Track Record of Success & Growth

$56 $62$102

$133$169

$225$250$306

$358

2008 2010 2012 2014 2016

Market Share Leadership

• 6,900+ Customers

• 83 of Fortune 100

• Global Sales & Support Presence

Infoblox49.90%

BT Diamond IP…

BlueCat Netw …

Nokia (ALU) - …

Ohers9.20% 2015

Market Share

73 patents | 18 pending

Sustained YOY Growth($MM)

“All organizations looking

to deploy DDI should

consider Infoblox.”


DHCPDNS

IPAM

Supporting the ecosystem…

Orchestration plug-ins and integration

e.g. SCO, vRA, ServiceNow, BMC,

AWS, Azure, Openstack

Security integrations

e.g. Cisco ISE, Carbon Black, FireEye,

Rapid7, STIX/TAXII

APIs for integration and automation

RESTful API

Inbound and Outbound

Reporting to monitor, manage & alert

Infoblox


Network and Security – Separate Teams with Different Priorities

Silos Between Teams and Technologies

NetworkTeam

ü High Availability

ü Network Infrastructure:

routers, APs, switches,

etc.

ü Network Logging and

Monitoring

SecurityTeam

ü Risk Mitigation

ü Security Infrastructure:

firewalls, endpoints,

sandboxing, etc.

ü Security Logging and

Monitoring (SIEM)

“Silos between network,

edge, endpoint and data

security systems and

processes can restrict an

organization’s ability to

prevent, detect and respond

to advanced attacks.”

Best Practices for Detecting and Mitigating Advanced Threats, 2016

Update 29 March 2016


• Too many alerts with no way to prioritize based on

actual risk

• Lack of easy access to network data for context

Context – environmental information required to take

the right action

Who (identity)

What (what network device)

Where (where and what part of the network)

When (time of day, how often)

No Knowledge of Threat Context


• Security tools can’t take action

automatically based on activities seen

by network tools

• When new network elements join the

network

• When malicious activities are detected

by DNS security tools

Difficult, manual processes of trying to assemble data from disparate sources

Lack of Automation


Infoblox CyberSecurity EcosystemActiveTrust® - Threat Intelligence Providers

Infoblox On-Premise Ecosystem Partners

STIX RESTCustom

REST

RPZ

ActiveTrust® – Security Operations Partners

JSON CSV

Data ConnectorCEF

Cloud API’s

Confidential


Cisco ISE pxGrid Integration

Improving Operational Efficiency thru Information Exchange

•

The Challenge• Security and Network Operation Center tools are isolated

leading to inefficiency

Infoblox Solution• Infoblox will publish critical data that will enrich the ISE

database and 3rd party partners

• Infoblox will subscribe for user identity data available via

ISE to enhance IPAM.

• Infoblox will publish Secure DNS events (infected devices)

for further analysis and remediation by ecosystem partners.

Customer Benefits• Easier Troubleshooting: With additional identity and

network data

• Security Operations Efficiency: By sharing data

CISCO ISEpxGrid ecosystem

INFOBLOX

Subscribe

publish

INFOBLOXCISCO ISE

pxGrid ecosystem

CISCO NETWORK

EVENT

MITIGAT

E


Infoblox + Qualys - Integration Overview

Vulnerability Scans Policy Enforcement Remediation

•Lack of complete and up-to-date information about network

devices, compromised hosts, and DNS threats limits

effectiveness of vulnerability scanning

Opportunity

• Infoblox acts as the ‘Single Source of Truth’ for the network and devices.•Network & device discovery via Network Insight

•Extensible attributes for object metadata

•Notifies Qualys on new networks, devices, and threats as

they are identified

•Triggers Qualys on-demand vulnerability scan

•Enforces Network Access Control policy based on scan

results

•Quarantines device based on malicious outbound DNS

connections

Solution

•Efficient vulnerability management & compliance processes

•Faster response to potential risks associated with new

devices on the network

Benefits


Data Connector to Splunk Enterprise Deployment

Infoblox Data Connector VM

Splunk Enterprise

Infoblox Grid Master

Infoblox Grid

Members

CSV

• Helps reduce Splunk Enterprise

license costs by optimizing DNS

data transfer through filtering

• Saves time and human

resources by automating the

collection, transfer, and

conversion of DNS data from

Infoblox Grid members

Splunk Universal Forwarder


Infoblox Solutions

DNS/DHCP IPAM

DNS Traffic Control

ADP

GRID

DNS Traffic Control

DDI for Cloud/Virtualization

Activetrust / AT Cloud

Threat Insight

Cybersecurity Ecosystem

DNSSEC

Network Insight

IPAM

Reporting & Analytics

• Highly available core

network services to

connect any device to

any application

• Optimize and load

balance traffic for

application availability

• Resilient to DNS DDoS

and other attacks

• Context-aware security

to protect transactions,

data and infrastructure

• Integrations into broader

security ecosystem

• Robust and detailed

visibility across diverse

infrastructure –

physical, virtual or

cloud

• Capacity planning

Availability Scale Security Visibility

• Distributed architecture for

centralized management

of heavy workloads

• Optimize and load balance

traffic for communications

between billions of

devices

• Support scale through

cloud deployments

Documents

DNS Security imEcosystem - Startseite - magellan … · DNS Security imEcosystem ... • Infoblox will publish Secure DNS events ... •Quarantines device based on malicious outbound