Upload
brix76
View
218
Download
0
Embed Size (px)
Citation preview
8/19/2019 Infoblox - 160217 General Pitch GPb
1/118
1 | © 2013 Infoblox Inc. All Rights Reserved.
1 | © 2015 Infoblox Inc. All Rights Reserved.
Secure and Control Your Network!Giancarlo Palmieri | Pre-Sales Engineer | Infoblox Italy
17 February 2016
8/19/2019 Infoblox - 160217 General Pitch GPb
2/118
2 | © 2013 Infoblox Inc. All Rights Reserved.
2 | © 2015 Infoblox Inc. All Rights Reserved.
Agenda
2
1 The Infoblox Solution
2 The Grid
3 Advanced DNS Protection
4 DNS Firewall
5 DNS Traffic Control
6 Cloud Automation
7 Network Automation
8 Infoblox
8/19/2019 Infoblox - 160217 General Pitch GPb
3/118
3 | © 2013 Infoblox Inc. All Rights Reserved.
3 | © 2015 Infoblox Inc. All Rights Reserved.
Automate the Network and its Core Services
NetworkRouting, Switching!
Core Services:DNS / DHCP / IPAM
Closed Loop
Automation
Real Time Visibilityand
Task Automation
Applications
Track and automate change
Automate IP Mgt, DNS & DHCP
Communicate /Take Action
Infoblox NetMRI
Infoblox DDI,
Trinzic Enterprise
8/19/2019 Infoblox - 160217 General Pitch GPb
4/118
4 | © 2013 Infoblox Inc. All Rights Reserved.
4 | © 2015 Infoblox Inc. All Rights Reserved.
IT Analyst Validation
•
Gartner: “usage of a commercialDDI solution can reduce (network)OPEX by 50% or more.”
•
IDC: Infoblox is the only major DDI vendor
to gain market share over thepast three years.
• Gartner: “Infoblox has the highest degree
of visibility in the market shows up onnearly all client shortlists, and is commonlyperceived as the market leader.
Worldwide DDI
Market Share – 2013
8/19/2019 Infoblox - 160217 General Pitch GPb
5/118
5 | © 2013 Infoblox Inc. All Rights Reserved.
5 | © 2015 Infoblox Inc. All Rights Reserved.
Top CIO Concerns
Agility Security Efficiency
Are We NimbleEnough?
Are We Protectingthe Business?
Can We Shift $$ toStrategic Projects?
8/19/2019 Infoblox - 160217 General Pitch GPb
6/118
6 | © 2013 Infoblox Inc. All Rights Reserved.
6 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox listen to Key IT InitiativesSecurity
•
Malware & Advanced Persistent Threats (APT)• Infrastructure attacks (DDoS)• Data Exfiltration
Cloud •
Ongoing evolution of the Data Center• Private, Public, Hybrid
Automation • Budget for IT headcount continues to decline• Skilled staff more difficult to find and retain
8/19/2019 Infoblox - 160217 General Pitch GPb
7/1187 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved.
Barriers to SuccessSecurity
•
Attacks growing in volume and sophistication•
Traditional approaches are helpful but insufficient
Cloud • Manual network orchestration•
Takes hours or days to setup network elements• Different DDI constructs for on Prem & Public
Cloud
Automation • Manual network configuration, spreadsheet
management, and home-grown scripts
8/19/2019 Infoblox - 160217 General Pitch GPb
8/1188 | © 2013 Infoblox Inc. All Rights Reserved.8 | © 2015 Infoblox Inc. All Rights Reserved.
Automate the mosttime-consuming network tasks
like discovery, change andconfiguration management
Infoblox Recommended Approach
2.
Control
3.Automate
1.
Secure
Address risk to critical infrastructurefirst. Protect against externalattacks & malware call-backs Deliver reliable, high performancenetwork services for
data center, branch, cloud
8/19/2019 Infoblox - 160217 General Pitch GPb
9/1189 | © 2013 Infoblox Inc. All Rights Reserved.9 | © 2015 Infoblox Inc. All Rights Reserved.
Traditional Network Architecture
I N T E
R N E T
I N T R A N E T
MICROSOFTDNS
MICROSOFTDHCP
DENVER
D M Z
A P P S &
E N D - P O I N T S
FIREWALL
BIND DNS
EUROPE
BIND DNS
AMERICAS
BIND DNS
APJ
VulnerableVulnerable Vulnerable
Vulnerable(Malware)
Vulnerable Vulnerable Vulnerable
Security Vulnerabilities• Hacks of DNS server• External attacks (DNS DDoS)• Malware inside network
Management Silos• Multiple points of management• Multiple data silos
MICROSOFTDNS
MICROSOFTDHCP
LONDON
MICROSOFTDNS
MICROSOFTDHCP
TOKYO
Single Points of Failure
APPS &END POINTS
VIRTUALIZATION &PRIVATE CLOUDS
8/19/2019 Infoblox - 160217 General Pitch GPb
10/11810 | © 2013 Infoblox Inc. All Rights Reserved.10 | © 2015 Infoblox Inc. All Rights Reserved.
IPAM
INTERNAL
DNS & DHCPTOKYO
EXTERNALDNS
EXTERNALDNS
INTERNALDNS & DHCP
DENVER
Where Infoblox Helps
I N T E R N E T
I N T R A N E T
D M Z
A P P S &
E N D - P O I N T S
APPS &END POINTS
VIRTUALIZATION &PRIVATE CLOUDS
(1) Secure! Secure Platform! Protection from external attacks! Block Malware call-backs! Data Exfiltration protection
(3) Automate! DDI + Automation for
Virtualization & Hybrid Clouds
(2) Control! Highly efficient, centralized control! ONE authoritative IPAM data source
8/19/2019 Infoblox - 160217 General Pitch GPb
11/11811 | © 2013 Infoblox Inc. All Rights Reserved.11 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Appliances AutomateCore Network Services
DNS (DNSSEC) DHCPIPAMFTP/TFTP/HTTPNTP !
"
Integrated Core Network Services on hardened appliances
"
Centralized visibility & control of appliances, protocols and data
SIMPLE RELIABLESECURE
8/19/2019 Infoblox - 160217 General Pitch GPb
12/11812 | © 2013 Infoblox Inc. All Rights Reserved.12 | © 2015 Infoblox Inc. All Rights Reserved.
8/19/2019 Infoblox - 160217 General Pitch GPb
13/11813 | © 2013 Infoblox Inc. All Rights Reserved.13 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Grid – Robust, Reliable Technology
Infoblox Grid™
Virtual Appliance
Member
All devices aresynchronized through
a shareddistributed database
Centralized
visibility& control
Grid™ Benefits
" Automated Failover &Disaster Recovery
" Automated Maintenance
GridMaster
LocalMember
RemoteMember
ReportingMember
8/19/2019 Infoblox - 160217 General Pitch GPb
14/11814 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. 14
Coordinated by the Grid Master
Sharing a Distributed Database(with Zero Maintenance)
Grid: a collection of secure memberappliances, all running the same
software, providing one or moreservices (DNS, DHCP, Discovery, FileDelivery, NTP etc.)
Communicating via an SSL VPN
Provides:- Centralized visibility and control- Real time IPAM & discovery- Monitoring and reporting- Failover and disaster recoveryfor services, data & management
GridMaster
InfobloxGrid
Infoblox Grid TechnologySimple, Secure and Reliable
Grid Manager GUI
External DNS
External DNSDNS, DHCP, NTP
DNS
NTP
Member
Member
ReportingMember
Member
Member
Grid MasterCandidate
DNS, DHCP, NTP
IPAM, DNSDHCP, NTP
Configuration Examples
8/19/2019 Infoblox - 160217 General Pitch GPb
15/11815 | © 2013 Infoblox Inc. All Rights Reserved.15 | © 2015 Infoblox Inc. All Rights Reserved.
Real-time and Automated DNS/DHCP & IPAM
Reduce Risk & Expense
"
Real-time and historical insighton connected IP endpoints andnetworks
" Monitoring of IP and subnetusage
"
Delegation and automation of IPprovisioning tasks
" Secure DNS
"
Auditing and reporting
" Enhances installed Microsoft
DNS/DHCP
8/19/2019 Infoblox - 160217 General Pitch GPb
16/11816 | © 2013 Infoblox Inc. All Rights Reserved.16 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Physical and Virtual Appliance
InfobloxGrid
Replacing Servers with Appliances in Branch Offices Improves Performance,
Provides Local Survivability and Drives Compelling ROI16
Virtual GridMember
Grid Master Candidate
VMWareESX / ESXi
Infoblox vNIOSVirtual Appliance
Software
Virtual GridMember
Cisco 28/29xx & 38/39xxISR with Infoblox vNIOS
Virtual GridMember
Riverbed Appliance withInfoblox vNIOS
Grid Member
Microsoft®DNS / DHCP
Agent-less
Microsoft®DNS / DHCP
Virtual GridMember
Grid Master
ManagementInterface
Virtual GridMember
8/19/2019 Infoblox - 160217 General Pitch GPb
17/11817 | © 2013 Infoblox Inc. All Rights Reserved.17 | © 2015 Infoblox Inc. All Rights Reserved.
Virtual Appliances
Infoblox Appliances Family
RegionalCenters
BranchOffices
Edge/RemoteLocations
Headquarters
Trinzic Reporting
PT-4000
PT-2200
PT-1400
NetworkAutomation
4000
NetworkAutomation
2200
NetworkAutomation
1400Trinzic 810
Trinzic 820
Trinzic 1410
Trinzic 1420Trinzic 2210
Trinzic 2220
Trinzic 4010
Trinzic 4030
Trinzic 100
ND-1400
ND-800
ND-4000
ND-2200
8/19/2019 Infoblox - 160217 General Pitch GPb
18/118
18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Grid™Real-time Network Database
The Infoblox Product Portfolio
NetworkAutomation
NetMRI
Automation ChangeManager
Physical & Virtual Appliances
Core NetworkServices
Infoblox DDI:(DNS, DHCP, IPAM)
Security
Internal DNS Security
DNSFirewall-FireEye Adapter
DNS Firewall
S u b s c r i p t i o n s
Infoblox Advanced Reporting
DNS Traffic Control
Cloud Network AutomationExternal DNS Security
IP AddressManagement (IPAM)
IPAM
Network Insight
IPAM for Microsoft (WindowsServer)
DDI for Amazon Web Services(AWS)
8/19/2019 Infoblox - 160217 General Pitch GPb
19/118
19 | © 2013 Infoblox Inc. All Rights Reserved.19 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Grid™Real-time Network Database
The Infoblox Product Portfolio
NetworkAutomation
NetMRI
Automation ChangeManager
Physical & Virtual Appliances
Core NetworkServices
Infoblox DDI:(DNS, DHCP, IPAM)
Security
Internal DNS Security
DNSFirewall-FireEye Adapter
DNS Firewall
S u b s c r i p t i o n s
Infoblox Advanced Reporting
DNS Traffic Control
Cloud Network AutomationExternal DNS Security
IP AddressManagement (IPAM)
IPAM
Network Insight
IPAM for Microsoft (WindowsServer)
DDI for Amazon Web Services(AWS)
8/19/2019 Infoblox - 160217 General Pitch GPb
20/118
20 | © 2013 Infoblox Inc. All Rights Reserved.20 | © 2015 Infoblox Inc. All Rights Reserved.
8/19/2019 Infoblox - 160217 General Pitch GPb
21/118
21 | © 2013 Infoblox Inc. All Rights Reserved.21 | © 2015 Infoblox Inc. All Rights Reserved.
The Position
Protect Now or Wait until its Too Late?
8/19/2019 Infoblox - 160217 General Pitch GPb
22/118
22 | © 2013 Infoblox Inc. All Rights Reserved.22 | © 2015 Infoblox Inc. All Rights Reserved.
The Problem
DNS-based attacksare on the rise
Traditionalprotection is
ineffective againstevolving threats
DNS outage causesnetwork downtime,
loss of revenue,and negative brand
impact
Unprotected DNS infrastructure introduces security risks
8/19/2019 Infoblox - 160217 General Pitch GPb
23/118
23 | © 2013 Infoblox Inc. All Rights Reserved.23 | © 2015 Infoblox Inc. All Rights Reserved.
Why is DNS an Ideal Attack Target?
DNS is thecornerstone of theInternet, used by
every business andgovernment
DNS protocol isstateless and hence
vulnerable
DNS as a protocolis easy to exploit
Maximum impact with minimum effort
8/19/2019 Infoblox - 160217 General Pitch GPb
24/118
24 | © 2013 Infoblox Inc. All Rights Reserved.24 | © 2015 Infoblox Inc. All Rights Reserved.
Attack apps being built
How DNS DDoS is Becoming Easier
• DDoS attacks against majorU.S financial institutions
• Launching (DDoS) taking
advantage of Server bandwidth
• 4 types of DDoS attacks:
" DNS amplification,
" Spoofed SYN,
"
Spoofed UDP " HTTP+ proxy support
• Script offered for $800
8/19/2019 Infoblox - 160217 General Pitch GPb
25/118
25 | © 2013 Infoblox Inc. All Rights Reserved.25 | © 2015 Infoblox Inc. All Rights Reserved.
2013: The Threat is Significant
Source: Arbor Networks
DNS is #2 attack vector protocol Source: Prolexic Quarterly Global DDoS Attack Report Q3 2013
" Attacks that target DNS are growing
"
DNS-specific attacks up 200%from 2012
"
ICMP, SYN, UDP flood attacksgrowing significantly too
8/19/2019 Infoblox - 160217 General Pitch GPb
26/118
26 | © 2013 Infoblox Inc. All Rights Reserved.26 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Advanced DNS Protection Solution
Unique Detection and Mitigation
"
Intelligently distinguishes legitimate DNS traffic fromattack traffic like DDoS, DNS exploits, tunneling
" Mitigates attacks by dropping malicious traffic andresponding to legitimate DNS requests
Centralized Visibility
" Centralized view of all attacks happening across thenetwork through detailed reports
" Intelligence needed to take action
Ongoing Protection Against Evolving Threats
" Regular automatic threat-rule updates based onthreat analysis and research
" Helps mitigate attacks sooner vs. waiting for patchupdates
8/19/2019 Infoblox - 160217 General Pitch GPb
27/118
8/19/2019 Infoblox - 160217 General Pitch GPb
28/118
28 | © 2013 Infoblox Inc. All Rights Reserved.28 | © 2015 Infoblox Inc. All Rights Reserved.
ReportingServer
AutomaticThreat-rules
updates
Block DNS attacks
InfobloxThreat-rule Server
Infoblox AdvancedDNS Protection(External DNS)
GRID Master
Reports on attack types, severity
Send reports
New
Grid-wide ruledistribution
L e g i t i m a
t e T r a f f i c
Infoblox AdvancedDNS Protection(Internal DNS)
New
Fully Integrated into Infoblox Grid
ManagementInterface
8/19/2019 Infoblox - 160217 General Pitch GPb
29/118
29 | © 2013 Infoblox Inc. All Rights Reserved.29 | © 2015 Infoblox Inc. All Rights Reserved.
DNSTop
attacks
DNS amplification:
Use amplification in DNS reply toflood victim
TCP/UDP/ICMP floods:
Flood victim’s network with largeamounts of traffic
Protocol anomalies: Malformed DNS packets causingserver to crash
DNS cache poisoning: Corruption of a DNS cachedatabase with a rogue address
DNS hijacking: Subverting resolution of DNS queriesto point to rogue DNS server
DNS tunneling: Tunneling of another protocolthrough DNS for data ex-filtration
Reconnaissance: Probe to get information on networkenvironment before launching attack
DNS based exploits: Exploit vulnerabilities inDNS software
Fragmentation: Traffic with lots of small out oforder fragments
DNS reflection/DrDos: Use third party DNS servers topropagate DDoS attack
NXDOMAIN: Flood DNS server with requestsfor non-existent domains
Phantom Domain: Force DNS server to resolve multiplenon-existent domains and wait for responses
What Attacks Do We Protect Against?The Rising Tide of DNS Threats
8/19/2019 Infoblox - 160217 General Pitch GPb
30/118
30 | © 2013 Infoblox Inc. All Rights Reserved.30 | © 2015 Infoblox Inc. All Rights Reserved.
What Attacks Do We Protect Against?The Rising Tide of DNS Threats
Volumetric/DDoS Attacks DNS-specific Exploits
DNS reflection
DNS amplification
TCP/UDP/ICMP floods
NXDOMAIN attack
Phantom domain attack
Random subdomain attack
Domain lockup attack
DNS-based exploits
DNS cache poisoning
DNS tunneling
Protocol anomalies
Reconnaissance
DNS hijacking
Domain lockup attack
Secure DNS is Not Only About DDoS
8/19/2019 Infoblox - 160217 General Pitch GPb
31/118
31 | © 2013 Infoblox Inc. All Rights Reserved.31 | © 2015 Infoblox Inc. All Rights Reserved.
Intelligence Needed to Take Action
Centralized Visibility: Reporting
• Attack details by category, member, rule, severity, and time•
Visibility into source of attacks for blocking, to understand scope and severity•
Early identification and isolation of issues for corrective action
8/19/2019 Infoblox - 160217 General Pitch GPb
32/118
32 | © 2013 Infoblox Inc. All Rights Reserved.32 | © 2015 Infoblox Inc. All Rights Reserved.
Event Count by Category
Centralized Visibility: Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
33/118
33 | © 2013 Infoblox Inc. All Rights Reserved.33 | © 2015 Infoblox Inc. All Rights Reserved.
Event Count by Severity Trend
Centralized Visibility: Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
34/118
34 | © 2013 Infoblox Inc. All Rights Reserved.34 | © 2015 Infoblox Inc. All Rights Reserved.
Event Count by Member Trend
Centralized Visibility: Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
35/118
35 | © 2013 Infoblox Inc. All Rights Reserved.35 | © 2015 Infoblox Inc. All Rights Reserved.
Event Count by Member Time
Centralized Visibility: Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
36/118
36 | © 2013 Infoblox Inc. All Rights Reserved.36 | © 2015 Infoblox Inc. All Rights Reserved.
8/19/2019 Infoblox - 160217 General Pitch GPb
37/118
37 | © 2013 Infoblox Inc. All Rights Reserved.37 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox ADP - External AuthoritativeProtection against Internet-borne Attacks
INTERNET
Data Center
Advanced DNSProtection
Grid Masterand Candidate (HA)
Advanced DNSProtection
D M Z
INTRANET
- Campus office- Regional office(s)- Disaster recovery site(s)
Grid Reporting Member
Advanced DNS Protection when deployed as an external authoritative DNS servercan protect against cyberattacks
8/19/2019 Infoblox - 160217 General Pitch GPb
38/118
38 | © 2013 Infoblox Inc. All Rights Reserved.38 | © 2015 Infoblox Inc. All Rights Reserved.
Internal DNSProtection against Internal Attacks on Recursive Servers
Advanced DNS Protection can secure internal DNS environments where internaluser traffic is hostile
Data Center
GRID Masterand Candidate (HA)
INTRANET
- Campus office- Regional office(s)- Disaster recovery site(s)
Endpoints
Advanced DNSProtection Advanced DNSProtection
Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
39/118
39 | © 2013 Infoblox Inc. All Rights Reserved.39 | © 2015 Infoblox Inc. All Rights Reserved.
Advanced Appliances Come in ThreePhysical Platforms
Advanced Appliances have next-generation programmable processorsthat provide dedicated compute for threat mitigation.
The appliances offer both AC and DC power supply options.
Note: Customers who have IB-4030 Rev2 just need to purchase the Advanced DNS Protection service
8/19/2019 Infoblox - 160217 General Pitch GPb
40/118
40 | © 2013 Infoblox Inc. All Rights Reserved.40 | © 2015 Infoblox Inc. All Rights Reserved.
Internet
ADP
How Does IB-4030 & ADP Work?
ADPDCA
Smart NIC
Host Appliance
BIND
5-Synthesized Response (Pre-Recursion)
9-Synthesized Response (Post-Recursion)
6-Recursion
7-Response
4-BIND CachedResponse
3-DCA CachedResponse
9-Synthesized Response (Post-Recursion)
1- DNS Query
2-Drop/Rate Limit
Client
BLK-LIST
Match? YesNo
NXDR
Match? Yes
DFW
Match?
No
No
9-Recursive Response
Yes
ThreatRule
Match?
No
Yes
DCACached
?
Yes
BINDCached
?
Yes
No
No
8-Drop/Rate Limit
8/19/2019 Infoblox - 160217 General Pitch GPb
41/118
41 | © 2013 Infoblox Inc. All Rights Reserved.41 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox - Differentiation and Value
InfobloxStandard
InfobloxAdvanced
LoadBalancers
PureDDoS NGFW IPS Cloud
DNS server
General DDoS
DNS DDoS
DNS server OS and
applicationvulnerabilities
Flood attacks
Semantic attacks
Cache poisoning
DNS Reflection
Tunneling
DNS Amplification
8/19/2019 Infoblox - 160217 General Pitch GPb
42/118
42 | © 2013 Infoblox Inc. All Rights Reserved.42 | © 2015 Infoblox Inc. All Rights Reserved.
The Basic ADP Technology Principles
• DNS Traffic Pre-Filtering
• Real-Time AutomaticPattern Detection
•
Automatic Rulesupdate
L e g i t i m a t e T r a f f i c
Advanced DNS Analysis Engine
DNSBIND Engine
Legitimate Traffic BAD Traffic
Automaticupdates
Infoblox
Threat-rule Server
8/19/2019 Infoblox - 160217 General Pitch GPb
43/118
43 | © 2013 Infoblox Inc. All Rights Reserved.43 | © 2015 Infoblox Inc. All Rights Reserved.
8/19/2019 Infoblox - 160217 General Pitch GPb
44/118
44 | © 2013 Infoblox Inc. All Rights Reserved.44 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Advanced DNS Protection
ReportingServer
Automatic Updates
(Threat Rules)
InfobloxThreat-rule
Server
Reports on attack types, severity
Infoblox AdvancedDNS Protection(Internal DNS)
Grid-wide ruledistribution
D a t a f o r
R e p o r t s
GridMaster
InfobloxAdvanced DNS
Protection(External DNS)
ManagementInterface
L e g i t i
m a t e T r a f f i c
8/19/2019 Infoblox - 160217 General Pitch GPb
45/118
45 | © 2013 Infoblox Inc. All Rights Reserved.45 | © 2015 Infoblox Inc. All Rights Reserved.
How to Run an ADP PoC
In-Line
•
Deploy the ADP in-line to acceptand deal with your incoming traffic(run in Monitor Mode)
Traffic Capture
•
Capture traffic in front of the DNS(PCAP) to be analyzed in theInfoblox Labs
Off-Line
•
Deploy ADP on a SPAN port withlive DNS traffic. ADP will configureMAC Address of customer’s DNS,resolve and generate reports onattacks found
8/19/2019 Infoblox - 160217 General Pitch GPb
46/118
46 | © 2013 Infoblox Inc. All Rights Reserved.46 | © 2015 Infoblox Inc. All Rights Reserved. 46
In-Line PoC with ADP
Advanced DNSProtection Reporting
Internet
Grid Master
!"#$ %&'(
ManagementInterface
DNS
Switch
) * + " ,
- + . / 0 1 . +
X
• Replace the standard DNS with anInfoblox solution with ADPprotection (run in Monitor Mode)
8/19/2019 Infoblox - 160217 General Pitch GPb
47/118
47 | © 2013 Infoblox Inc. All Rights Reserved.47 | © 2015 Infoblox Inc. All Rights Reserved.
Traffic Capture
Traffic Capture
•
Capture traffic (PCAP) in front of theExternal DNS to be analyzed in theInfoblox Labs
• We will run the same PCAP traffic in
our Lab and return all valuableresults in a structured document
Off C
8/19/2019 Infoblox - 160217 General Pitch GPb
48/118
48 | © 2013 Infoblox Inc. All Rights Reserved.48 | © 2015 Infoblox Inc. All Rights Reserved. 48
Off-Line PoC with ADP (Enterprise)
CachingDNS
Switch
Internal Network
2/31 50"6
Advanced DNSProtection Reporting
78#+16.
Internet
!
) * + " ,
- + . / 0 1 .
+
Grid Master
!"#$
%&'(
%&'9
ManagementInterface
Off Li P C ith ADP
8/19/2019 Infoblox - 160217 General Pitch GPb
49/118
49 | © 2013 Infoblox Inc. All Rights Reserved.49 | © 2015 Infoblox Inc. All Rights Reserved. 49
Off-Line PoC with ADP (Service Provider)
CachingDNS
Switch 25&' 50"6
Advanced DNSProtection Reporting
Internet
!
Grid Master
!"#$
) * + " ,
- + . / 0 1 . +
%&'9
%&'(
ManagementInterface
S DNS Att k ith R t
8/19/2019 Infoblox - 160217 General Pitch GPb
50/118
50 | © 2013 Infoblox Inc. All Rights Reserved.50 | © 2015 Infoblox Inc. All Rights Reserved.
See DNS Attacks with Reports
•
POC hardware shipped with temp license to enable threat protectionautomatically (License expiration: 60 days)
•
POC includes virtual Reporting Server and virtual Grid Master
ADP G id S t ( ith Li T ffi )
8/19/2019 Infoblox - 160217 General Pitch GPb
51/118
51 | © 2013 Infoblox Inc. All Rights Reserved.51 | © 2015 Infoblox Inc. All Rights Reserved.
ADP Grid Setup (with Live Traffic)
ReportingServer
Automatic Updates
(Threat Rules)
InfobloxThreat-rule
Server
Reports on attack types, severity
Grid-wide ruledistribution
D a t a f o r
R e p o r t s
GridMaster
ManagementInterface
Internet
Incoming DNS Traffic(with threats)
LAN1
Grid
MGMT
LAN1
LAN1
Advanced DNSProtection
(External DNS)
N t St
8/19/2019 Infoblox - 160217 General Pitch GPb
52/118
52 | © 2013 Infoblox Inc. All Rights Reserved.52 | © 2015 Infoblox Inc. All Rights Reserved.
Next Steps
•
Request the free POC " https://www.infoblox.com/downloads/
software/advanced-dns-protection-trial
• Deploy with help of an Infoblox SE
• See if your DNS is under attack
•
Block attacks and prevent downtimewith the full featured Advanced DNSProtection
8/19/2019 Infoblox - 160217 General Pitch GPb
53/118
53 | © 2013 Infoblox Inc. All Rights Reserved.53 | © 2015 Infoblox Inc. All Rights Reserved.
O ll M l Th t B i
8/19/2019 Infoblox - 160217 General Pitch GPb
54/118
54 | © 2013 Infoblox Inc. All Rights Reserved.54 | © 2015 Infoblox Inc. All Rights Reserved.
Overall Malware Threats Booming
54
•
Around 7.8 million new Malwarethreats per quarter in 2012
•
Mobile threats grew about 10Xin 2012*
•
855 successful breaches / 174 millionrecords compromisedin 2012**
• 69% of successful breachesutilized Malware**
• 54% took months to discover,29% weeks**
• 92% discovered by external party**
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
Q12010
Q22010
Q32010
Q42010
Q12011
Q22011
Q32011
Q42011
Q12012
Q22012
Q32012
New Malware
0
5,000
10,000
15,000
20,000
25,000
2004 2005 2006 2007 2008 2009 2010 2011 2012
Total Mobile Malware Samples in the Database
Startling statistics
* Source: McAfee Threats Report: Third Quarter 2012** Source: Verizon Security Study 2012
Security Breaches – 2013
8/19/2019 Infoblox - 160217 General Pitch GPb
55/118
55 | © 2013 Infoblox Inc. All Rights Reserved.55 | © 2015 Infoblox Inc. All Rights Reserved.
Nasdaq, Visa, JCPenney among hacking victims:prosecutors
NEWARK, New Jersey (Reuters) - The United States on Thursdaynamed major corporations including Nasdaq OMX Group Inc, NewYork Times, J.C. Penney Co Inc and Visa Inc as among the victimsof what federal prosecutors said is the largest hacking and data
breach case prosecuted in the nation.
July 25, 2013
Security Breaches 2013Advance Persistent Threat is on the Rise!.
$300 MillionStolen
Security Breaches – 2014
8/19/2019 Infoblox - 160217 General Pitch GPb
56/118
56 | © 2013 Infoblox Inc. All Rights Reserved.56 | © 2015 Infoblox Inc. All Rights Reserved.
Malware attack hits thousands of Yahoo users perhour
(CNN) -- A malware attack hit Yahoo's advertising server over thelast few days, affecting thousands of users in various countries, anInternet security company said.
In a blog post, Fox-IT said Yahoo's servers were releasing an
"exploit kit" that exploited vulnerabilities in Java and installedmalware.
"Clients visiting yahoo.com received advertisements served byads.yahoo.com," the Internet security company said. "Some of theadvertisements are malicious."
December 31, 2013
Security Breaches 2014Malware from Yahoo!.
For a time during the attack, which started on Dec. 31, 2013, and
was discovered on Jan.3, 2014, the malware was creating an
estimated 27,000 infections per hour.
The Infoblox DNS Firewall Subscription service had identifiedand blocked the malicious IP before Yahoo noticed themalware.
DNS Firewall quick overview
8/19/2019 Infoblox - 160217 General Pitch GPb
57/118
57 | © 2013 Infoblox Inc. All Rights Reserved.57 | © 2015 Infoblox Inc. All Rights Reserved.
DNS Firewall – quick overview
• Many organizations on the Internet track malicious activity "
They know which web sites are malicious " They know which domain names malware look up to rendezvous with
command-and-control servers
•
DNS Firewall relies on RPZ (Response Policy Zones)
• Response Policy Zones are funny-looking zones thatembed rules instead of records " The rules say, “If someone looks up a record for this [malicious]
domain name, or that points to this [malicious] IP address, do this.” " “This” is generally “return an error” or “return the address of this
walled garden” instead
Infoblox DNS Firewall
8/19/2019 Infoblox - 160217 General Pitch GPb
58/118
58 | © 2013 Infoblox Inc. All Rights Reserved.58 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox DNS FirewallBlocking Malware An infected device brought intothe office. Malware spreads to
other devices on network.
1
2
3
Malware makes a DNS queryto find “home.” (botnet / C&C).DNS Firewall detects & blocksDNS query to malicious domain
Maliciousdomains
Infoblox DDIwith DNSFirewall Blocked attempt
sent to Syslog
Malware / APT
1
2
Malware / APT spreadswithin network; Calls home
4
Pinpoint. Infoblox Reporting listsblocked attempts as well as the:
• IP address• MAC address• Device type (DHCP fingerprint)• Host name• DHCP lease history
DNS Firewall is updated every 2hours with blocking informationfrom Infoblox DNS FirewallSubscription Servic
Infoblox MalwareData Feed Service
4
IPs, Domains, etc.of Bad Servers
Internet
Intranet
3
2
8/19/2019 Infoblox - 160217 General Pitch GPb
59/118
Infoblox Malware Data Feed Service
8/19/2019 Infoblox - 160217 General Pitch GPb
60/118
60 | © 2013 Infoblox Inc. All Rights Reserved.60 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox Malware Data Feed Service
GeographicBlocks
Inbound Attacks
MalwareDroppers
Botnet C&C /DNS Servers
InfobloxDNS Firewall
InfobloxMalware DataFeed Service
RPZ datapushed thrusigned XFR
•
24/7 service
•
Data from over 35 different public and
proprietary sources – 7 feed types•
Incremental threat data changes are
pushed every 2 hours
•
Significant threats cause immediate
updates (notify)
External Feed:Legge Gentiloni
DNS Firewall & Reporting
8/19/2019 Infoblox - 160217 General Pitch GPb
61/118
61 | © 2013 Infoblox Inc. All Rights Reserved.61 | © 2015 Infoblox Inc. All Rights Reserved.
DNS Firewall & Reporting
• List of Top Infected
Clients
• What malicious domainnames were requestedand number of requests
•
Mitigation performed(e.g., Redirect, Block, orPass)
•
Lease history by MACaddress & OS Fingerprintvia drilldown option
Click to view historyfor this IP
Security Policy Violations Report
Customizing DNS Firewall
8/19/2019 Infoblox - 160217 General Pitch GPb
62/118
62 | © 2013 Infoblox Inc. All Rights Reserved.62 | © 2015 Infoblox Inc. All Rights Reserved.
Customizing DNS Firewall
RPZ Feed Data Export example
8/19/2019 Infoblox - 160217 General Pitch GPb
63/118
63 | © 2013 Infoblox Inc. All Rights Reserved.63 | © 2015 Infoblox Inc. All Rights Reserved.
RPZ Feed Data Export example
zumbapolska.combecomes NXDOMAIN
DNS Firewall implementation
8/19/2019 Infoblox - 160217 General Pitch GPb
64/118
64 | © 2013 Infoblox Inc. All Rights Reserved.64 | © 2015 Infoblox Inc. All Rights Reserved.
DNS Firewall implementationReal life example
•
Existing customer DNS caching infrastructure(large research institute)
• DNS firewall implemented on caching NS
•
Log only policy
•
“! We got the first high risk trojan within an hour !”
From the reputation lookup tool
8/19/2019 Infoblox - 160217 General Pitch GPb
65/118
65 | © 2013 Infoblox Inc. All Rights Reserved.65 | © 2015 Infoblox Inc. All Rights Reserved.
From the reputation lookup tool!
Industry’s First True DNS Security Solution
8/19/2019 Infoblox - 160217 General Pitch GPb
66/118
66 | © 2013 Infoblox Inc. All Rights Reserved.66 | © 2015 Infoblox Inc. All Rights Reserved.
PREVENTIVE TIMELY TUNABLE
Leverages highquality MalwareData Feed
updated in nearreal time
Maximizespotency againstmalware
worldwide
Preventsmalwareinfection and
execution
Industry s First True DNS Security Solution
Infoblox DNS FirewallStops DNS-exploiting malware (APT & Botnets)
Solution Components
" Product License (cost based on appliance model) "
Malware Data Feed from Infoblox (optional annual subscription)
"
Infoblox Grid TM
Infoblox DNS Firewall Differentiators
8/19/2019 Infoblox - 160217 General Pitch GPb
67/118
67 | © 2013 Infoblox Inc. All Rights Reserved.67 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox DNS Firewall Differentiators
The ONLY solution in the market that offers
these capabilities
• Near real-time feed targeted toDNS-exploiting malware
•
Proactively prevents infection
•
Ability to target infected device daysor even weeks later
• Policy flexibility by action, by Geo,and by type
• Ranking of the malware that isactually impacting your organization
8/19/2019 Infoblox - 160217 General Pitch GPb
68/118
68 | © 2013 Infoblox Inc. All Rights Reserved.68 | © 2015 Infoblox Inc. All Rights Reserved.
How does the DNS Firewall work?
8/19/2019 Infoblox - 160217 General Pitch GPb
69/118
69 | © 2013 Infoblox Inc. All Rights Reserved.69 | © 2015 Infoblox Inc. All Rights Reserved.
How does the DNS Firewall work?
Malware Data Feedfrom Infoblox
Dynamic Grid-WidePolicy Distribution
2
Landing Page /Walled Garden
InfectedClient4
Redirect
6
Write to Syslogand send toTrinzic Reporting
Infoblox DNS Firewall /Recursive DNS Server
Infoblox DNS Firewall /Recursive DNS Server
Infoblox DNS Firewall /Recursive DNS Server
Dynamic PolicyUpdate
1
Link to maliciouswww.badsite.com
3
Apply Policy Block / Disallowsession
Contact botnet
5
How to Run a DNS Firewall PoC
8/19/2019 Infoblox - 160217 General Pitch GPb
70/118
70 | © 2013 Infoblox Inc. All Rights Reserved.70 | © 2015 Infoblox Inc. All Rights Reserved.
How to Run a DNS Firewall PoC
In-Line
•
Deploy the DFW on existingInfoblox appliances to accept anddeal with your internal DNS traffic
Traffic Capture
•
Capture traffic in front of the DNS(PCAP) to be analyzed in theInfoblox Labs
Off-Line
•
Deploy DFW on a SPAN port withlive DNS traffic. DFW will configureMAC Address of customer’s DNS,resolve and generate reports onMalware/Botnet/APT found
In-Line PoC with DFW
8/19/2019 Infoblox - 160217 General Pitch GPb
71/118
71 | © 2013 Infoblox Inc. All Rights Reserved.71 | © 2015 Infoblox Inc. All Rights Reserved. 71
In-Line PoC with DFW
InternalDNS
Switch
Internal Network
DNS FirewallGrid Master
Reporting
78#+16.
Internet
) * + "
,
- + . / 0 1
. +
!"#$ %&'(
%&'9
:&55 01
;
8/19/2019 Infoblox - 160217 General Pitch GPb
72/118
72 | © 2013 Infoblox Inc. All Rights Reserved.72 | © 2015 Infoblox Inc. All Rights Reserved.
Traffic Capture
Traffic Capture
•
Capture traffic (PCAP) in front of theInternal DNS to be analyzed in theInfoblox Labs
• We will run the same PCAP traffic in
our Lab and return all valuableresults in a structured document
Off-Line PoC with DFW
8/19/2019 Infoblox - 160217 General Pitch GPb
73/118
73 | © 2013 Infoblox Inc. All Rights Reserved.73 | © 2015 Infoblox Inc. All Rights Reserved. 73
Off Line PoC with DFW
InternalDNS
Switch
Internal Network
2/31 50"6
DNS FirewallGrid Master
Reporting
78#+16.
Internet
!
) * + "
,
- + . / 0 1
. +
!"#$
%&'(
%&'9
:&55 01
;
8/19/2019 Infoblox - 160217 General Pitch GPb
74/118
74 | © 2013 Infoblox Inc. All Rights Reserved.74 | © 2015 Infoblox Inc. All Rights Reserved.
See DNS Attacks with Reports
•
POC vAPP shipped with temp license and feed activation (Public IPregistration required). License expiration: 60 days
•
POC is a vAPP for vCenter including a virtual DNS Firewall, also GridMaster, and a virtual Reporting Server
Click to view historyfor this IP
Next Steps
8/19/2019 Infoblox - 160217 General Pitch GPb
75/118
75 | © 2013 Infoblox Inc. All Rights Reserved.75 | © 2015 Infoblox Inc. All Rights Reserved.
Next Steps
•
Download the free POC " https://www.infoblox.com/catchmalware
• Deploy with help of an Infoblox SE
• See if your DNS carrying maliciousDNS requests
•
Block attacks and prevent downtimewith the full featured DNS Firewallinstallation
8/19/2019 Infoblox - 160217 General Pitch GPb
76/118
76 | © 2013 Infoblox Inc. All Rights Reserved.76 | © 2015 Infoblox Inc. All Rights Reserved.
What is Global Server Load Balancing? (GSLB)
8/19/2019 Infoblox - 160217 General Pitch GPb
77/118
77 | © 2013 Infoblox Inc. All Rights Reserved.77 | © 2015 Infoblox Inc. All Rights Reserved.
What is Global Server Load Balancing? (GSLB)
Global Server Load Balancing (GSLB) uses DNS to direct users to anappropriate instance of an application. GSLB can be used for distributing
workloads across multiple computing resources or data centers
Web/App Server(myapp.abc.com)
Web/App Server(myapp.abc.com)
DNS for“abc.com”
GSLB
1
2
g s l b . m y a p p . a
b c . c o m
3
C on
n e c t t o
D C 1
4
DC1
DC2
IT Networking Challenge
8/19/2019 Infoblox - 160217 General Pitch GPb
78/118
78 | © 2013 Infoblox Inc. All Rights Reserved.78 | © 2015 Infoblox Inc. All Rights Reserved.
IT Networking Challenge
Availability
Provide 100%availability of
internet facingservices
Service Optimization
Optimizeperformance by load
balancingapplication requests
Cost Efficiency & Easeof Management
Cost and complexityof traditional GSLB
solutions
Introducing Infoblox DNS Traffic Control
8/19/2019 Infoblox - 160217 General Pitch GPb
79/118
79 | © 2013 Infoblox Inc. All Rights Reserved.79 | © 2015 Infoblox Inc. All Rights Reserved.
Introducing Infoblox DNS Traffic ControlMarket Leading DNS & Integrated Global Load Balancing
•
Uses DNS to intelligently route traffic to theappropriate data center based on server load, health(availability), or pre-defined ratio.
• Helps Internet facing apps (eg. Web sites) performbetter and ensure greater service availability.
• Improves response time by directing web requestsbased on geo-location
•
Integrated DNS + GSLB reduces your CAPEX (one
less box) and OPEX (management effort &administrator overhead)
• Fully integrated with Infoblox NIOS and AdvancedDNS Protection
Infoblox DNS Traffic Control
8/19/2019 Infoblox - 160217 General Pitch GPb
80/118
80 | © 2013 Infoblox Inc. All Rights Reserved.80 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox DNS Traffic ControlScalable DNS with Integrated Global Load Balancing
• Integrates a cost-effective GSLB within an Authoritative DNS server to simplify web infrastructureand reduce the cost of deploying, configuring andmanaging multiple devices
• Simplified management
•
Uses DNS to Intelligently route traffic to theappropriate global datacenter
•
Directs web requests across active or standby sitesbased on servers’ health
• Optimizes performance and ensures 100% availabilityof internet facing services (e.g. web site)
•
Improves response time by directing web requestsbased on Geo-Location
DNS Traffic Control (DTC)
8/19/2019 Infoblox - 160217 General Pitch GPb
81/118
81 | © 2013 Infoblox Inc. All Rights Reserved.81 | © 2015 Infoblox Inc. All Rights Reserved.
( )
100%
50%
100%
• Integrated GSLB Functionality
• Directs customer web traffic to most efficientlocation based on server availability /
geography / health-check
• Directs queries between load balancedresources utilizing multiple load balancingalgorithms
• Global Availability, Ratio, Round Robin,Topology
• Supports both paid and free Maxmind geo-
location data bases
•
Automated health-check
•
Performs health check against load balanced
resources• HTTP / HTTPS / TCP / SIP / ICMP / PDPconnections
• Integration with NIOS, Grid and Advanced DNSProtection
•
New Reports
How Does DNS Traffic Control Work?
8/19/2019 Infoblox - 160217 General Pitch GPb
82/118
82 | © 2013 Infoblox Inc. All Rights Reserved.82 | © 2015 Infoblox Inc. All Rights Reserved.
Health Check
ResourcePool A
ResourcePool B
Health Check
Client sends a DNS request to IB DNSServer
IB DNS Server resolves the query
• If the final query name belongs to a
zone for which the server isauthoritative and matches anLBDN linked to that zone, then
DTC handles the response• Otherwise normal DNS processing
occurs
If the cache contains a previous
answer to the same request for thesame client and that server is stillavailable, it is selected.
• Otherwise, based on theavailability and configured topology
rules, DTC selects first a pool andthen a specific server from thatpool
A DNS record is synthesized from theaddress of the selected server andreturned to the client
The client contacts the server
myapp.abc.com(101.10.0.1)
myapp.abc.com(201.10.0.1)
Each member performsindependent health monitoring to
ensure that pool members orservers are able to receive traffic
1
2&3
4
5
Load Balancing Methods and Health Monitors
8/19/2019 Infoblox - 160217 General Pitch GPb
83/118
83 | © 2013 Infoblox Inc. All Rights Reserved.83 | © 2015 Infoblox Inc. All Rights Reserved.
gLoad Balancing Methods
Global Availability Clients are directed to the first resource in a list, i.e. a resource pool. Only ifthe first resource becomes unavailable then DNS Traffic Control directs clients
to the next resource in the list.Ratio Clients are directed to servers in a pool or among pools (in a multiple pool
configuration) using weighted round robin.
Topology DNS Traffic Control uses predefined geo mapping and other user-definedsource IP/subnet-based mapping to adjust the response to a query.
Health Monitors
HTTP/HTTPS Validates the health of a HTTP/HTTPS service by first sending a specificHTTP message to a server and then examining the returned code receivedfrom the server.
TCP Validates the health of a server by attempting a full TCP handshake.Completing a handshake and establishing a connection constitutes success.
SIP The SIP monitor determines the health of a SIP server by issuing SIP options
to the server and examining the returned code received from the server.Supports the following transports: TCP, UDP, TLS, SIPS
PDP Validates the health of a server by sending a fixed GTP ECHO. Receiving anyECHO response constitutes success.
ICMP Sends an ICMP/ICMPv6 Echo Request to the IP address of the target serverand expects an ICMP/ICMPv6 Echo Response.
Use Cases
8/19/2019 Infoblox - 160217 General Pitch GPb
84/118
84 | © 2013 Infoblox Inc. All Rights Reserved.84 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox DNS Traffic Control
• DC Disaster Recovery
•
Load Balancing Requests
•
Geo Location
• Internal server balancing and failover
•
DNS views for records
Use Case 1: DC Disaster Recovery
8/19/2019 Infoblox - 160217 General Pitch GPb
85/118
85 | © 2013 Infoblox Inc. All Rights Reserved.85 | © 2015 Infoblox Inc. All Rights Reserved.
Site 1 (San Francisco)
x.abc.com
Local LoadBalancer
VIP =100.10.0.1
Ib_sf.abc.com
Site 2 (London)
x.abc.com
Local LoadBalancer
VIP =200.10.0.1
Ib_ld_.abc.com
x.abc.com
201.10.0.1
x.abc.com
101.10.0.1
Remote Site 3 (San Jose)
Remote Site 4 (Paris)
Health Check
Hong Kong
yPolicy:• Direct all requests originating from U.S to
SJ or SF using Round Robin
•
Direct all request originating from ROW toParis or London using Round Robin
1
2 3
Use Case 2: Load Balancing Requests
8/19/2019 Infoblox - 160217 General Pitch GPb
86/118
86 | © 2013 Infoblox Inc. All Rights Reserved.86 | © 2015 Infoblox Inc. All Rights Reserved.
Site 1 (San Francisco)
x.abc.com
Local LoadBalancer
VIP =100.10.0.1
Ib_sf.abc.com
Site 2 (London)
x.abc.com
Local LoadBalancer
VIP =200.10.0.1
Ib_ld_.abc.com
x.abc.com
201.10.0.1
x.abc.com
101.10.0.1
Remote Site 3 (San Jose)
Remote Site 4 (Paris)
Health Check
New York
g qPolicy:• Direct all requests originating from U.S
to SJ or SF using Round Robin,
•
Direct all request originating from ROW toParis or London using Round Robin
Boston
1
45
2
3
Use Case 3: Geo Location
8/19/2019 Infoblox - 160217 General Pitch GPb
87/118
87 | © 2013 Infoblox Inc. All Rights Reserved.87 | © 2015 Infoblox Inc. All Rights Reserved.
Site 1 (San Francisco)
x.abc.com
Local LoadBalancer
VIP =100.10.0.1
Ib_sf.abc.com
Site 2 (London)
x.abc.com
Local LoadBalancer
VIP =200.10.0.1
Ib_ld_.abc.com
x.abc.com
201.10.0.1
x.abc.com
101.10.0.1
Remote Site 3 (San Jose)
Remote Site 4 (Paris)
Health Check
Sydney, Au Policy:• Direct all requests originating from U.S to
SJ or SF using Round Robin
•
Direct all request originating fromROW to Paris or London using RoundRobin
1
2
3
Health Check Capabilities/Parameters
8/19/2019 Infoblox - 160217 General Pitch GPb
88/118
88 | © 2013 Infoblox Inc. All Rights Reserved.88 | © 2015 Infoblox Inc. All Rights Reserved.
p• Descriptions: The health check monitors validates the health of a service by first
sending a specific message to a server and then examining the response received fromthe server. The validation is successful if the received response matches the expected
message.
• Heath Check Options: HTTP / HTTPS / TCP / SIP / ICMP / PDP
• Common Configuration Parameters• Interval
•
Timeout•
Retry up counts• Retry down count
• Other configurable parameters• HTTP / HTTPs / SIP:
• Http Request
•
Expected Return Code• Client Certificate• Ciphers• Port• Transport (SIP only)
• TCP: • Port
Infoblox Advantages
8/19/2019 Infoblox - 160217 General Pitch GPb
89/118
89 | © 2013 Infoblox Inc. All Rights Reserved.89 | © 2015 Infoblox Inc. All Rights Reserved.
•
High Integrity DNS Platform with a robust DNS control plane•
Intelligent DNS query direction to ensure high application availability
•
Superior management via advanced DNS control plane
• Centralized visibility into all DNS conditions
•
Server consolidation and lower TCO
•
Best-in-class protection against DNS threats
g
SecurityControl Availability Performance
Licensing Strategy
8/19/2019 Infoblox - 160217 General Pitch GPb
90/118
90 | © 2013 Infoblox Inc. All Rights Reserved.90 | © 2015 Infoblox Inc. All Rights Reserved.
g gy
New Licenses(DTC)
• Requires NIOS 7.0 or higher • Enables:
• Creation and management of LBDN records
•
Assignment of Global Pools of Load Balanced Resources•
Perform Health Check against Load Balanced Resources•
Direct queries between Load Balanced Resources using various Load Balancing
Algorithms• DNS Traffic Control Reports (Reporting appliance required)
LicensingPackages
• Licensed per Appliance
•
Available as add-on modules (for existing deployments)•
Available as bundled SKUs (for new deployments)
PlatformSupportability
8/19/2019 Infoblox - 160217 General Pitch GPb
91/118
91 | © 2013 Infoblox Inc. All Rights Reserved.91 | © 2015 Infoblox Inc. All Rights Reserved.
Market Dynamics:
8/19/2019 Infoblox - 160217 General Pitch GPb
92/118
92 | © 2013 Infoblox Inc. All Rights Reserved.92 | © 2015 Infoblox Inc. All Rights Reserved.
Private Clouds Deployments on the Rise
• Commodity gear• Better utilization
Cost SavingsIT & Business
Agility
• Faster App roll-out• Self-service
LOB Productivity
•
Less time waiting• More time producing
IT Departments Increasingly Want Their OwnAmazon-like Cloud In-house!here is why:
Private Cloud Perception vs. Reality
8/19/2019 Infoblox - 160217 General Pitch GPb
93/118
93 | © 2013 Infoblox Inc. All Rights Reserved.93 | © 2015 Infoblox Inc. All Rights Reserved.
• Perception " Snap of the fingers
" Measured in seconds or
minutes
• Reality " Slow with manual processes
" Measured in hours, days or
weeks
How long does it take deploy a new virtual instance?
Hidden Achilles Heel for Cloud Deployments
8/19/2019 Infoblox - 160217 General Pitch GPb
94/118
94 | © 2013 Infoblox Inc. All Rights Reserved.94 | © 2015 Infoblox Inc. All Rights Reserved.
Manual
Traditional Approach
ProvisionVirtual
Instance
1
Request IPor Use
Allotment
2
Forward IPData forTracking
3
UpdateDatabase orSpreadsheet
4
RequestDNS
Record
5
Allocateand Manually
Enter DNS
6
Clean UpWhen
De-provisioned
Automated
• Multiple teams and handoffs
• Shortcuts cause gaps and dangers
•
Lack of correlated view across the organization•
Risk for compliance and auditing
Cloud Network Pain Points
8/19/2019 Infoblox - 160217 General Pitch GPb
95/118
95 | © 2013 Infoblox Inc. All Rights Reserved.95 | © 2015 Infoblox Inc. All Rights Reserved.
No visibility to IP address/DNS records for VM/network resources
No central reporting on lease history, DNS/IP associations
Lack of reliable DDI for Private CloudStability and simplified upgrades of underlying network inhibits Cloud rollout
Requires too much administrator overhead Manual IP address/DNS provisioning is slow, error-prone
Network provisioning is too slow for application deliveryNo Amazon-like capabilities i.e., on-demand, self-service, DevOps
8/19/2019 Infoblox - 160217 General Pitch GPb
96/118
Infoblox Cloud Network Automation(Adapters Only)
8/19/2019 Infoblox - 160217 General Pitch GPb
97/118
97 | © 2013 Infoblox Inc. All Rights Reserved.97 | © 2015 Infoblox Inc. All Rights Reserved.
id Master
id Master
( p y)
CorporateWide DNS
Private CloudData Center 1
InternalDNS
ReportingServer
Private CloudData Center 2
Grid Master
VMs
DHCP
Grid Member
id Master InternalDNS
VMs
Grid Member
Corporate Data Center
DHCP
Grid Member
CMP 1 with IB Adapter(E.g. OpenStack)
CMP 2 with IB Adapter(E.g. VMware vCAC)
Infoblox Cloud Network Automation(Cloud Platform)
8/19/2019 Infoblox - 160217 General Pitch GPb
98/118
98 | © 2013 Infoblox Inc. All Rights Reserved.98 | © 2015 Infoblox Inc. All Rights Reserved.
id Master
id Master
( )
CorporateWide DNS
Private CloudData Center 1
InternalDNS
ReportingServer
Private CloudData Center 2
Grid Master w/Cloud Network Automation
CMP 1 with IB Adapter(E.g. OpenStack)
WAPI
VMs
DHCP
Cloud Platform Appliance
id Master InternalDNS
CMP 2 with IB Adapter(E.g. VMware vCAC)
WAPI
VMs
Cloud Platform Appliance
Corporate Data Center
DHCP
Cloud Platform Appliance
New
New
New
New
Infoblox Cloud Network Automation
8/19/2019 Infoblox - 160217 General Pitch GPb
99/118
99 | © 2013 Infoblox Inc. All Rights Reserved.99 | © 2015 Infoblox Inc. All Rights Reserved.
Cloud-focused discoveryand visibility
"
Centralized, integrated management user interface " Cloud widgets for monitoring cloud network elements
" Cloud-specific reports2
Scalable cloud platformdeployment
" Virtual appliances that supports communication with
Cloud Management Platforms through Infoblox Adapters
" Deployed per data center to support scale-out
3
1 Integrated adapters " Free adapters to integrate with key cloud
management / orchestration platforms " Leveraging RESTful API
Cloud Network Automation – New GUI
8/19/2019 Infoblox - 160217 General Pitch GPb
100/118
100 | © 2013 Infoblox Inc. All Rights Reserved.100 | © 2015 Infoblox Inc. All Rights Reserved.
Provisioning a VM using a Cloud Management Platformwith Infoblox Integration
8/19/2019 Infoblox - 160217 General Pitch GPb
101/118
101 | © 2013 Infoblox Inc. All Rights Reserved.101 | © 2015 Infoblox Inc. All Rights Reserved.
Hypervisor
CMP/Orchestrator
Infoblox Adapter
2 - CMP/Orchestrator calls theInfoblox Adapter
1 - A cloud admin/user requests a VM to be created throughself service portal
6 - VM starts upeither withinjected static IP
or IP allocated viaDHCP Request to
Member (Fixed Address)
5 – CMP/OrchestratorSpins up VM onHypervisor
Infoblox Grid Member
DNS/DHCP
3 - Infoblox Adaptercontacts NIOS via WAPIfor Next Available IP and
creates DNS Recordsfor VM
End User
7 - End User accesses VMusing DNS FQDN
Infoblox Grid Master
4 - GM synchronizesHost record or Fixed
Address + A/AAAA/PTR
with Grid Member
DDI Support for OpenStack
8/19/2019 Infoblox - 160217 General Pitch GPb
102/118
102 | © 2013 Infoblox Inc. All Rights Reserved.102 | © 2015 Infoblox Inc. All Rights Reserved.
Grid Master
GridMember
GridMember
Description
Extend DDI to manage VM networks created by
OpenStack
Infoblox Grid
"
Creates/Deletes networks via OpenStack UI/CLI/APIs
" Allocates/De-allocates IP addresses whenVMs are created or floating IPs are assigned
"
Creates/Deletes DNS host records or A/AAAA/PTR/CNAME records for allocated IPs
"
Provides DNS and DHCP Services to VMs
" Manages internal and external networks
Benefits
Centralized Cross Platform DDI Service(OpenStack/VMware/Microsoft Compatible)High AvailabilityOperational EfficiencyLower cost of migration (Physical to Virtual toCloud)
Project 9
IP IP IP
Project 10
IP IP IP
Project 11
IP IP IP
Infoblox Adapter
API
DDI Service DDI Service
GridMember
DDI Service
ReportingServer
Delivering the Cloud Promise with Infoblox
8/19/2019 Infoblox - 160217 General Pitch GPb
103/118
103 | © 2013 Infoblox Inc. All Rights Reserved.103 | © 2015 Infoblox Inc. All Rights Reserved.
IPAM & DNSAutomation
Multi-vendorCloud
Integration
Enhancedand
ExtendedVisibility
Auditing andCompliance
Centralizedand
IntegratedManagement
Always OnCore
NetworkServices
Speed Deployment Times with Infoblox Cloud Network Automation
The Power of Cloud Network Automation
8/19/2019 Infoblox - 160217 General Pitch GPb
104/118
104 | © 2013 Infoblox Inc. All Rights Reserved.104 | © 2015 Infoblox Inc. All Rights Reserved.
Manual
Traditional Approach
ProvisionVirtual
Instance
1
Request IPor Use
Allotment
2
Forward IPData forTracking
3
UpdateDatabase orSpreadsheet
4
RequestDNS
Record
5
Allocateand Manually
Enter DNS
6
Clean UpWhen
De-provisioned
1 62 3 4 5
Automated
ProvisionVirtual
Instance
Automated
Automated
Infoblox Cloud Network Automation
8/19/2019 Infoblox - 160217 General Pitch GPb
105/118
105 | © 2013 Infoblox Inc. All Rights Reserved.105 | © 2015 Infoblox Inc. All Rights Reserved.
Infoblox NetMRI i DDI
8/19/2019 Infoblox - 160217 General Pitch GPb
106/118
106 | © 2013 Infoblox Inc. All Rights Reserved.106 | © 2015 Infoblox Inc. All Rights Reserved.
The way to active DDI
•
Network discovery and inventory•
Monitor and track changes•
Switch Port Management• Proactive Check against best practices• Proactive Check against security policies
•
Automate change in lock step with DDI• Automatic VRF detection and handling
Interaction with network Via:SNMP
CLI/configurationSyslog
Fingerprinting
Infoblox NetMRI Infoblox DDI Automation
106
8/19/2019 Infoblox - 160217 General Pitch GPb
107/118
Managing Issue Analysis with NetMRI
8/19/2019 Infoblox - 160217 General Pitch GPb
108/118
108 | © 2013 Infoblox Inc. All Rights Reserved.108 | © 2015 Infoblox Inc. All Rights Reserved.
Proactively alerts of issues – problemsand potential suboptimal settingslurking within the devices
Easy ability to select individual issuesand drill down for more detailedinformation
108
Managing Issue Analysis with NetMRI
8/19/2019 Infoblox - 160217 General Pitch GPb
109/118
109 | © 2013 Infoblox Inc. All Rights Reserved.109 | © 2015 Infoblox Inc. All Rights Reserved.
Proactively alerts of issues – problemsand potential suboptimal settingslurking within the devices
Easy ability to select individual issuesand drill down for more detailedinformation
Once the issue is identified, the auto-remediation options greatly reduce timeto resolve
109
Understanding the Impact of Change
8/19/2019 Infoblox - 160217 General Pitch GPb
110/118
110 | © 2013 Infoblox Inc. All Rights Reserved.110 | © 2015 Infoblox Inc. All Rights Reserved.
Cause & Effect
•
Help user identifyhard to find issues
•
See if a change had apositive or negative
impact on health
• Verify if changeimpacts policycompliance
• View impact ondevice neighbors
110
Enforce Compliance and Standardization
8/19/2019 Infoblox - 160217 General Pitch GPb
111/118
111 | © 2013 Infoblox Inc. All Rights Reserved.111 | © 2015 Infoblox Inc. All Rights Reserved.
Build Consistency
• Over 200 pre-
packaged rules
• Wizard encoding ofcomplex rule logic
•
Deploy easily
• Proactive alerts forpolicy violations
•
Built-in remediation• Live and historical
status, trends andreports
111
8/19/2019 Infoblox - 160217 General Pitch GPb
112/118
Packaging
8/19/2019 Infoblox - 160217 General Pitch GPb
113/118
113 | © 2013 Infoblox Inc. All Rights Reserved.113 | © 2015 Infoblox Inc. All Rights Reserved. 113
"
Standalone
" ACM (Automated Change Management)
"
NetMRI
NetMRI – Appliance and VM version
8/19/2019 Infoblox - 160217 General Pitch GPb
114/118
114 | © 2013 Infoblox Inc. All Rights Reserved.114 | © 2015 Infoblox Inc. All Rights Reserved.
• NetMRI can be provided in " Hardware (usual Infoblox Appliance, 3 different models)
" In VMWare (ESX, ESXi)
VMWareESX / ESXi
Virtual GridMember
114
8/19/2019 Infoblox - 160217 General Pitch GPb
115/118
About Infoblox
8/19/2019 Infoblox - 160217 General Pitch GPb
116/118
116 | © 2013 Infoblox Inc. All Rights Reserved.116 | © 2015 Infoblox Inc. All Rights Reserved.
Founded in 1999
Headquartered in Santa Clara, CAwith global operations in 25 countries
Market leadership• DNS, DHCIP, IPAM (DDI) Market
Leader (Gartner)
• 50% DDI Market Share (IDC)
8300+ customers89,000+ systems shipped to 100
countries
63 patents, 25 pending
IPO April 2012: NYSE BLOX
Leader in securing and automatingmission-critical network services
Total Revenue(Fiscal Year Ending July 31)
35
56 62
102
133
169
225
250
306
$0
$50
$100
$150
$200
$250
$300
$350
FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 FY 15
($MM)
8/19/2019 Infoblox - 160217 General Pitch GPb
117/118
117 | © 2013 Infoblox Inc. All Rights Reserved.117 | © 2015 Infoblox Inc. All Rights Reserved.
8/19/2019 Infoblox - 160217 General Pitch GPb
118/118
Giancarlo PalmieriInfoblox Pre-Sales EngineerMob: +39 335 789 3463Email: [email protected]