Upload
doantram
View
220
Download
2
Embed Size (px)
Citation preview
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2017 Infoblox Inc. All Rights Reserved.
DNS Security im EcosystemPhil Rumi – Senior Systems Engineer CEUR
10.10.2017
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2017 Infoblox Inc. All Rights Reserved.
Infoblox: Track Record of Success & Growth
$56 $62$102
$133$169
$225$250$306
$358
2008 2010 2012 2014 2016
Market Share Leadership
• 6,900+ Customers
• 83 of Fortune 100
• Global Sales & Support Presence
Infoblox49.90%
BT Diamond IP…
BlueCat Netw …
Nokia (ALU) - …
Ohers9.20% 2015
Market Share
73 patents | 18 pending
Sustained YOY Growth($MM)
“All organizations looking
to deploy DDI should
consider Infoblox.”
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2017 Infoblox Inc. All Rights Reserved.
DHCPDNS
IPAM
Supporting the ecosystem…
Orchestration plug-ins and integration
e.g. SCO, vRA, ServiceNow, BMC,
AWS, Azure, Openstack
Security integrations
e.g. Cisco ISE, Carbon Black, FireEye,
Rapid7, STIX/TAXII
APIs for integration and automation
RESTful API
Inbound and Outbound
Reporting to monitor, manage & alert
Infoblox
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2017 Infoblox Inc. All Rights Reserved.
Network and Security – Separate Teams with Different Priorities
Silos Between Teams and Technologies
NetworkTeam
ü High Availability
ü Network Infrastructure:
routers, APs, switches,
etc.
ü Network Logging and
Monitoring
SecurityTeam
ü Risk Mitigation
ü Security Infrastructure:
firewalls, endpoints,
sandboxing, etc.
ü Security Logging and
Monitoring (SIEM)
“Silos between network,
edge, endpoint and data
security systems and
processes can restrict an
organization’s ability to
prevent, detect and respond
to advanced attacks.”
Best Practices for Detecting and Mitigating Advanced Threats, 2016
Update 29 March 2016
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2017 Infoblox Inc. All Rights Reserved.
• Too many alerts with no way to prioritize based on
actual risk
• Lack of easy access to network data for context
Context – environmental information required to take
the right action
Who (identity)
What (what network device)
Where (where and what part of the network)
When (time of day, how often)
No Knowledge of Threat Context
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2017 Infoblox Inc. All Rights Reserved.
• Security tools can’t take action
automatically based on activities seen
by network tools
• When new network elements join the
network
• When malicious activities are detected
by DNS security tools
Difficult, manual processes of trying to assemble data from disparate sources
Lack of Automation
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2017 Infoblox Inc. All Rights Reserved.
Infoblox CyberSecurity EcosystemActiveTrust® - Threat Intelligence Providers
Infoblox On-Premise Ecosystem Partners
STIX RESTCustom
REST
RPZ
ActiveTrust® – Security Operations Partners
JSON CSV
Data ConnectorCEF
Cloud API’s
Confidential
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2017 Infoblox Inc. All Rights Reserved.
Cisco ISE pxGrid Integration
Improving Operational Efficiency thru Information Exchange
•
The Challenge• Security and Network Operation Center tools are isolated
leading to inefficiency
Infoblox Solution• Infoblox will publish critical data that will enrich the ISE
database and 3rd party partners
• Infoblox will subscribe for user identity data available via
ISE to enhance IPAM.
• Infoblox will publish Secure DNS events (infected devices)
for further analysis and remediation by ecosystem partners.
Customer Benefits• Easier Troubleshooting: With additional identity and
network data
• Security Operations Efficiency: By sharing data
CISCO ISEpxGrid ecosystem
INFOBLOX
Subscribe
publish
INFOBLOXCISCO ISE
pxGrid ecosystem
CISCO NETWORK
EVENT
MITIGAT
E
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2017 Infoblox Inc. All Rights Reserved.
Infoblox + Qualys - Integration Overview
Vulnerability Scans Policy Enforcement Remediation
•Lack of complete and up-to-date information about network
devices, compromised hosts, and DNS threats limits
effectiveness of vulnerability scanning
Opportunity
• Infoblox acts as the ‘Single Source of Truth’ for the network and devices.•Network & device discovery via Network Insight
•Extensible attributes for object metadata
•Notifies Qualys on new networks, devices, and threats as
they are identified
•Triggers Qualys on-demand vulnerability scan
•Enforces Network Access Control policy based on scan
results
•Quarantines device based on malicious outbound DNS
connections
Solution
•Efficient vulnerability management & compliance processes
•Faster response to potential risks associated with new
devices on the network
Benefits
10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2017 Infoblox Inc. All Rights Reserved.
Data Connector to Splunk Enterprise Deployment
Infoblox Data Connector VM
Splunk Enterprise
Infoblox Grid Master
Infoblox Grid
Members
CSV
• Helps reduce Splunk Enterprise
license costs by optimizing DNS
data transfer through filtering
• Saves time and human
resources by automating the
collection, transfer, and
conversion of DNS data from
Infoblox Grid members
Splunk Universal Forwarder
11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2017 Infoblox Inc. All Rights Reserved.
Infoblox Solutions
DNS/DHCP IPAM
DNS Traffic Control
ADP
GRID
DNS Traffic Control
DDI for Cloud/Virtualization
Activetrust / AT Cloud
Threat Insight
Cybersecurity Ecosystem
DNSSEC
Network Insight
IPAM
Reporting & Analytics
• Highly available core
network services to
connect any device to
any application
• Optimize and load
balance traffic for
application availability
• Resilient to DNS DDoS
and other attacks
• Context-aware security
to protect transactions,
data and infrastructure
• Integrations into broader
security ecosystem
• Robust and detailed
visibility across diverse
infrastructure –
physical, virtual or
cloud
• Capacity planning
Availability Scale Security Visibility
• Distributed architecture for
centralized management
of heavy workloads
• Optimize and load balance
traffic for communications
between billions of
devices
• Support scale through
cloud deployments