infoblox activetrust cloud - exclusive networks · • all reports enriched with on-premise...

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2016 Infoblox Inc. All Rights Reserved.

Infoblox ActiveTrust® CloudStop DNS Data Exfiltration, Contain Malware and Protect Users Everywhere

Gianluca Silvestri, System Engineer Exclusive Networks Italia


Agenda

Infoblox ActiveTrust Cloud

Protecting Users On and Off Premises

Why DNS is Vulnerable

Call to Action/Next Steps


• Over 91% of malware uses DNS to1: Communicate with Command and Control

(C&C) servers

Exfiltrate data

Redirect traffic to malicious sites

• The longer it takes to discover malware, the greater the damage done

• DNS tunnels are commonly used for data exfiltration

DNS - Leading Culprit for Data Exfiltration and Malware Proliferation

1. Source: Cisco 2016 Annual Security Report 2. Source: Ponemon Institute, 2015 Cost of Data Breach Study 3. Symantec 2016 Internet Security Threat Report

Average consolidated cost of a data breach2$3.8MNew unique pieces of malware in 20153431M


Roaming Users/Remote Offices are Exposed

* Source: A recent remote and mobile user study from Sophos

Are concerned with data loss when users

are off network*

Believe they won’t be able to provide same level of security

for off-network access*

Worry malware would infiltrate the network*

75%70% 69%

By 2019, 57% of workers will not be deskbound in the office. -


• Next-Gen Firewalls, IDS/IPS: General purpose, traffic inspection

• Secure Web Gateways: Web traffic filtering

• Email Gateways: Email monitoring

Traditional Security is Good But Not Enough

*Cisco 2016 Annual Security Report,

CHALLENGE: These purpose-built solutions lack visibility into the critical and strategic control plane - DNS


Stop Data Exfiltration/Malware at the DNS Level

• DNS - ubiquitous N/W infrastructure that can be used as enforcement points

• Detect infections early before they cause damage

• Leverage rich network data, device inventory info

• Get context for prioritization


SOLUTION:

Infoblox ActiveTrust® Cloud

Protect Users Everywhere - On-Premises, Roaming

and in Remote Office/Branch Office


ActiveTrust®(on-premise)

• Early detection, and containment of malware using DNS

• Collection, aggregation and distribution of curated threat intel data – data exchange

• Threat Investigation

• Option to add Data Exfiltration Prevention

• Accelerated remediation with ecosystem integrations

• End to end visibility and context

• Protection for users/devices on-premises

• Highly efficient and scalable, leveraging existing infrastructure

ActiveTrust® Cloud

• Extend protection to

• Off-premise devices• Roaming Users• Branch / Remote offices

• Unified policy management, reporting and analytics across entire spectrum

Flexibility in Deployment: Physical, Virtual or SaaS

Flexibility in Pricing: Capex or Opex

EXTEND


ActiveTrust® Cloud – Functional SummaryHighly scalable protection for on-premise, roaming and remote office/branch office users

Use of Malware Control Point, DNS,

for Detection

Ecosystem Integrations (with

on-premise option)

Unified Policy Management, analytics

and reporting

Improved Visibility and Rich Network

Context

Data Exfiltration Prevention

Detect and Contain Malware using DNS

Prevent DNS Based Data Exfiltration That Other Systems Can’t Detect

Improved Visibility and Context


Components

DNS Firewall/DNS Response Policy Zones (RPZs)

Dossier - Threat Investigation

Verified Threat Intelligence

Threat Insight -Data Exfiltration Prevention

ActiveTrustEndpoint

Cloud Services Portal

Reporting and Analytics

Recursive DNS Services

ActiveTrust Cloud tightly integrates with on-premises DDI for enriched visibility and ecosystem integrations


Infoblox SaaS Benefits

IT Business

• Reduced IT overhead—no infrastructure to manage in remote/branch locations

• Lower upfront costs, with predictable costs thereafter

• Faster deployment, seamless upgrades

• Pay as you go, scale as you grow

• Immediately improve security posture

• Easily extend Infoblox on-premise DNS security to roaming and remote users with unified policy management

• Immediate access to new innovations and features

• Easily try new capabilities before deploying broadly


Security, Data Privacy, and SLAs

Security and Data Privacy

SLAs

• Encrypted communications and data

• Penetration testing, static, and dynamic code analysis

• Patched software

• Restricted access based on location, IP addresses and role

• Data privacy and unique API key for authentication

• Designed for always-on anywhere access with reliable service delivery (Infoblox service-level terms include 99.999% uptime* for core DNS infrastructure)

• Continuous monitoring by Infoblox NOC

• Disaster recovery, and worldwide datacenters

• Daily backup for configurations, policy, and user data

• Superior support, alerts on planned outages or when license limits are about to be reached

* Doesn’t include scheduled maintenance


Workflow Scenarios


Unified Policy Management, Deep Visibility, Reporting and Analytics

Seamless Integration with On-Premise Solution

• Set policy once for each user

• All reports enriched with on-premise Infoblox Grid data

• Unified and complete lifecycle view of device/user activity as they move between on-premise and roaming states

• Deep visibility of end hosts: MAC address, device type, devise OS, DHCP lease history, User ID, Department, Location and risk profile

• Prioritize remediation based on risk profile of asset

On-premise Grid

Data collector

Infoblox Cloud


Note: Alternative to installing the agent, customer can manually configure the local resolver to point to Infoblox service. However visibility into the end client is lost.

5 Steps to Get Started

Sign up for trial or service on website

Receive information to access service

Download and activate agent

Device registers with Infoblox service

You are now protected!

ActiveTrust Cloud Evaluation


Why

Actionable Network Intelligence with context to prioritize and remediate threats rapidly

1

2

Comprehensive protection against multiple DNS threats including data exfiltration, malware and DDoSattacks

3

First and only DDI vendor to provide protection for users on-premise, roaming or in remote/branch offices; unified policy management, reporting and analytics


SummaryAnd Next Steps

• ActiveTrust Cloud allows you to protect your on-premise clients, roaming clients and/or remote locations against data exfiltration/malware

• Provides you flexibility in deployment and flexibility in pricing (opex vs. capex)

• Provides end-to-end visibility across all devices and users

• Next steps:

Sign up for free 30-day trial of service

Engage with sales teams to discuss your security architectures


Q&A

infoblox activetrust cloud - exclusive networks · • all reports enriched with on-premise...

Documents