secure dns for your network · 2018-11-20 · • use different exploitation techniques–e.g....
Post on 09-Feb-2020
0 Views
Preview:
TRANSCRIPT
1 | © Infoblox Inc. All rights reserved.
SECURE DNS FOR YOUR NETWORK
Mitigate DNS Attacks, Malware, and Data Exfiltration
Pheerawat Kittivacharaphong
Systems Engineer, Infoblox (Thailand)
pkittivacharaphong@infoblox.com
2 | © Infoblox Inc. All rights reserved.
• Introduction of Secure Network and Security Trends
• Why DNS is the #1 Targeted by Attackers?
• Innovation for Secure DNS (AI, Machine Learning)
• Best Practices for Enterprise to Secure Your Network
• Case Study
Agenda
3 | © Infoblox Inc. All rights reserved.
Introduction of Secure Network and
Security Trends
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © Infoblox Inc. All Rights Reserved.
1 Billion
in 200720012 Billion
in 20071975
Trends Shaping Our Future
Digital
Everything
Accelerated
Pace of Change
Security for
Everything
1 Billion
in 20101879
5 | © Infoblox Inc. All rights reserved.
Connecting and Serving a Global Community of
Customers, Partners and Employees
Reliably
Safely
Intelligently
Anytime Anywhere Hyper Connectivity
Through any InfrastructureANY ‘Thing’ EVERY ‘Thing’
eBusiness and eCommerce is collectively referred to as the Digital Economy
6 | © Infoblox Inc. All rights reserved.
Growth and Complexity in the Digital Economy
Active internet users
worldwide in 2018
People
4.1 Billion
From 4.9 billion to 25 billion
connected devices by 2020
25 Billion
Devices Data
2.5 Million
Terabytes of data created
each day
7 | © Infoblox Inc. All rights reserved.
Challenges in Realizing Digital Economy
Availability
• Underlying infrastructure not
always highly available to
support always on
communications and
transactions
Scale
• Operational challenges to supporting
communications between billions of
connected devices
• Inability of infrastructure to handle
volume of transactions/connections
Security
• Security for eCommerce
transactions, data and
underlying infrastructure
• Are IoT devices compliant?
• IoT botnets
Visibility
• Visibility into all the devices
connecting to the network across
diverse infrastructure
• Operational efficiency – knowing
when you will run out of capacity
8 | © Infoblox Inc. All rights reserved.
Weaponization of IoT Devices Drive Massive DDoS Attacks
650 GBPS IN 2016
1.7 TBPS IN 2018
> 100%
INCREASE
Source: Arbor Networks, Inc – 13th annual Worldwide Infrastructure Security Report (2018)
9 | © Infoblox Inc. All rights reserved.
What is the weapon of choice?
Source: Arbor Networks, Inc – 2017 Security Report
DNS is the most commonservice targeted by DDoS attacks
10 | © Infoblox Inc. All rights reserved.
IoT botnet “Mirai” Used to Attack DynDNS
• Consists of compromised ~1.5M“Internet of Things” (IoT) devices
– IP CCTV cameras
– Digital video recorders
• Hurled traffic at Dyn’s name servers
– Said to peak at 1.2 Tbps
– Name servers rendered unresponsive
• High-profile Dyn customers impacted
• Impact
– Customers cannot connect to your web presence
– Cannot receive emails
– VPN or remote workers may be impacted
More than 14,000 internet domains
dropped Dyn as their DNS service
provider in the wake of the incident
11 | © Infoblox Inc. All rights reserved.
DNS Hijacking – Bank With $27B Assets HijackedMajor Brazilian bank, hundreds of branches, operations in the US and the Cayman Islands, 5M customers, 36 External DNS Online Presence
Hackers changed the DNS registrations of all 36 of the bank’s online properties. Hijack was so complete that the bank wasn't even able to send email. Bank couldn’t even communicate with customers to send them an alert. All of the bank's online operations were under the attackers' control for five to six hours.
“…, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party.”
Read the full story http://securityaffairs.co/wordpress/57736/cyber-crime/brazilian-bank-hacked.html
12 | © Infoblox Inc. All rights reserved.
https://www.scmagazineuk.com/hackers-crack-blackwallet-dns-server-steal-us-400000/article/737083/
http://securityaffairs.co/wordpress/67146/cyber-crime/exchange-etherdelta-dns-attack.html
Cryptocurrency vs DNS Threats16 Jan 2018 27 Dec 2017
13 | © Infoblox Inc. All rights reserved.
91% of Malware (ab)uses DNS to communicate with C&C sites to carry out campaigns
Source: Cisco 2016 Annual Security Report
Malicious Traffic!!
14 | © Infoblox Inc. All rights reserved.
Examples and Impact of DNS Based Threats
• Use different exploitation techniques– e.g.
Microsoft SMB vulnerabilities, email
phishing
• Upon infection, uses DNS for callback to
C&C server and attain encryption software
• Encrypts files on local hard drive and
mapped network drives
• If ransom isn’t paid, encryption key deleted
and data irretrievable
Ransomware – CryptoLocker, WannaCry
15 | © Infoblox Inc. All rights reserved.
University in Thailand
Chart Shows 1 Week of DNS Traffic to Infoblox ATC (40M Queries Per Day, 400K Malicious Queries Stopped)
About 40M DNS queries
per day
Up to 400,000 malicious DNS
queries per day blocked by ATC
16 | © Infoblox Inc. All rights reserved.
Human Organization in Thailand
Chart Shows 1 Week of DNS Traffic to Infoblox ATC (8.5M Queries Per Day, 30K Malicious Queries Stopped)
About 8.5M DNS queries
per day
Up to 30,000 malicious DNS
queries per day blocked by ATC
17 | © Infoblox Inc. All rights reserved.
During DNS Traffic Security Assessment
What DNS Threats They Found?
Cryptomining malware abuses corporate resources leading to increased cost and greater exposure to risk for organizations.
Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers.
Hackers using DNS to circumvent next-generation firewalls, DLP, IDSs, and IPSs to unauthorized transfer of data from an organizations
18 | © Infoblox Inc. All rights reserved.
Cryptomining Malware
https://threatvector.cylance.com/en_us/home/threat-spotlight-cryptocurrency-malware.html
https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf
https://www.fortinet.com/blog/threat-research/yet-another-crypto-mining-botnet.html
https://securityintelligence.com/network-attacks-containing-cryptocurrency-cpu-mining-tools-grow-sixfold/
19 | © Infoblox Inc. All rights reserved.
gyptnmywbowgvlw.net 1raqjrrzjj3x1127cx9hof.net dl83vn1wffiy6echyls1oo37m.nethcbwivdzyau816vo1n3.org oldhyccnopvmm.info 8pxtfz24iir4126ygd919hht23.org4q24akcpfafgfk7tfmsjd.net hpdjysgstusos.info ckexxboehohcygj.comvxrhyqrgjtuckyj.co.uk d6psn41m8mkxs17x5.net fxaprvbcgqin.comemdunksgvdeg.net yfrogfkwuibhfjx.org ndhydgidtephnka.orgnpwxquiibnqqwf.org gnndxotmiosivqg.info 1pb1e3khu3n971sseh8ptfe.org
1vtyrnt630wec1uu2bg.net aquwdnrhsevy.info ogqfacfqmvdiha.combipebdnhnqwl.ru 1ue6ouu1yovhc61t7dj7.biz cag6h866ennjti89u5c98pvv.net
yluxdyqyaibtw.org hslcrmhdthgwww.net gqdhbpwoynfnlmk.net1cp7c5fw90azo1v177.org bpxivvloyljdne.info umftdkuqbsxgm.biz
glhwwpkfyyrskrj.info ivqimpseremnhia.info yohpdjmlgsgw84.comgmvcuvfpraisn.info qqrsdwrhrdlhu.org rtxkyfsnmcvfhti.info
uvvhqwpuwmfk.biz gcqxijlvwgwk.net emnscidlbvbmke.ruyiwaictfihos.info dinffjrcrvmgnf.org 1o395ta1dbuqxirg75umgttx.biz
What is DGA (Domain Generation Algorithm)?
20 | © Infoblox Inc. All rights reserved.
46% Of Respondents experienced data Exfiltration / data Leakage thru DNS
Source: SC Magazine, Dec 2014, “DNS attacks putting organizations at risk, survey finds”
Malicious Traffic!! Malicious Traffic!!
21 | © Infoblox Inc. All rights reserved.
According to organizations that sustained a breach
Transports used to exfiltrate sensitive data
Source: The SANS 2017 Data Protection Survey
22 | © Infoblox Inc. All rights reserved.
PoS Malware Steals Credit Card Data via DNS
https://www.fireeye.com/blog/threat-research/2016/04/multigrain_pointo.html
23 | © Infoblox Inc. All rights reserved.
24 | © Infoblox Inc. All rights reserved.
DNS Tunneling
• Infected client initiate DNS queries
• Firewall allow DNS traffic
• Attacker response to complete a 2-way transactional communication
• DNS tunnel is set up
• File could be sent out / remote access to infected client
Internet
Internal Network
InternalDNS
DNS query
DNS response
DNS
Tunnel
Infected End-Point
Credit Card info / User credential / Sensitive Data
25 | © Infoblox Inc. All rights reserved.
Data Leakage over DNS Queries
Internet
Internal Network
Infected End-Point
InternalDNS
Credit Card info / User credential / Sensitive Data
DNSQueries
a2b5c8.1.12.xyz.comd1e3f0.2.12.xyz.comd5e6f2.3.12.xyz.com
• Sophisticated (zero-day)
• Infected endpoint gets access to file containing sensitive data
• Data break down into pieces, encrypt and encoded in DNS queries
• Exfiltrated data reconstructed at attacker side
• Spoofed addresses to avoid detection
Pheerawat-Kitti Name543112197 ID04-10-1999 DOB7895-2068-2234-8781
Visa Card #
567 2017-12 CVV & Expiry
Pheerawat-Kitti Name543112197 ID04-10-1999 DOB7895-2068-2234-8781
Visa Card #
567 2017-12 CVV & Expiry
26 | © Infoblox Inc. All rights reserved.
Live Demo- Data Leakage over DNS Queries
27 | © Infoblox Inc. All rights reserved.
Government in Thailand
Infoblox ATC detects DNS Data Exfiltration on Holiday(~9K Malicious Queries Stopped)
28 | © Infoblox Inc. All rights reserved.
Why DNS is the #1 Service Targeted by Attacker?
29 | © Infoblox Inc. All rights reserved.
• ใช้เก็บข้อมลูของช่ือโดเมน (โดเมนเนม) ท่ีใช้ในระบบเครือข่าย
• แปลงหมายเลขไอพีซึง่เป็นชดุตวัเลขท่ีจดจ าได้ยาก มาเป็นช่ือท่ีสามารถจดจ าได้ง่ายแทน
DNS – Domain Name System
ระบบ DNS เปรียบเทียบง่ายๆ ไดก้บั Contact List บนโทรศพัท์มือถือ
Domain Name
Domain Name
IP Address
161.47.10.70 infoblox.com
30 | © Infoblox Inc. All rights reserved.
DNS – Domain Name System
Domain Name IP Address
31 | © Infoblox Inc. All rights reserved.
DNS – Service พืน้ฐานที่ท าให้ Apps, Users สามารถเช่ือมต่อกันได้
i
32 | © Infoblox Inc. All rights reserved.
ท าไม DNS ถึงเป็นเป้าหมายอันดบัหน่ึง?
Unprotected DNS increases risk to critical infrastructure and data
#1protocol for volumetric reflection/
amplification attacks
DNS is critical networking
infrastructure
DNS protocol is easy to exploit and attacks
are rising
Traditional security is ineffective against evolving threats
33 | © Infoblox Inc. All rights reserved.
DNS in the Attack Kill Chain
1
ReconnaissanceHarvesting email
addresses, conference information, etc.
2
WeaponizationCoupling exploit with backdoor
into deliverable payload
3
DeliveryDelivering weaponized bundle to the victim via email, web, USB, etc.
4
ExploitationExploiting a vulnerability to
execute code on victim’s system
5
InstallationInstalling malware on
the asset
7
Actions on ObjectivesWith “Hands on Keyboard”
access, intruders accomplish their original goal
6
Command & Control (C2)Command channel for remote
manipulation of victim
DNS ReconnaissanceDNS ResolutionDNS Infiltration
DNS TunnelingDNS Exfiltration
DNS DDoS
DNS ResolutionDNS Callback
DNS Tunneling
DNS Protocol AnomaliesDNS Exploits
DNS Hijacking
34 | © Infoblox Inc. All rights reserved.
Innovation for Secure DNS
35 | © Infoblox Inc. All rights reserved.
36 | © Infoblox Inc. All rights reserved.
Innovation for Threat Detection
Detect & prevent communications to malware,
C2, ransomware
Government-grade threat intelligence
Ecosystem
Reputation
Infrastructure protection for critical core services
Carrier-grade deep packet inspection
Instant identification of popular tunneling tools
Signature
Patented streaming analytics technology
Detect & prevent data exfiltration
”Machine learning”
Behavior
37 | © Infoblox Inc. All rights reserved.
An infected device brought into the office.
Malware spreads to other devices on
network.
1
Malware makes a DNS query to find “home”
(botnet / C&C). DNS Firewall looks at the DNS
response and takes admin-defined action
(disallows communication to malware site or
redirects traffic to a landing page or “walled
garden” site).
2
Pinpoint. Infoblox Reporting lists DNS
Firewall action as well as
• User name
• Device IP address
• Device MAC address
• Device type (DHCP fingerprint)
• Device host name
• Device lease history
3 Threat intelligence is regularly updated for up-to-
date protection.4
Additional threat intelligence from sources
outside Infoblox can also be used by DNS
Firewall and DNS Firewall can likewise share
indicators of compromise with other security
technologies for enhancing protection and
easing incident response efforts.
5
Malware
3rd party security
technologies
exchange data
Malicious
Internet
destinations
ActiveTrust Threat
Intelligence Feed
database of
malicious hostnames
Malware spreads within
network; calls home
INTERNET
INTRANET
Infoblox DNS
Firewall
Blocked communication
attempt/indicator of
compromise
Reputation-based for Known Threats Protection
1 2
3
4
5
38 | © Infoblox Inc. All rights reserved.
Leveraging Threat Intel Across Entire Security Infrastructure
Infoblox
SURBL
Marketplace
Custom TI
Single-source of TI managementRESULT:
Various
file
formats
C&C IP List
Spambot IPs
C&C & Malware Host/Domain
Phishing & Malware URLs
WWW
DNS
SIEM
TIDE
Define Data
Policy,
Governance &
Translation
Dossier
Investigate
Threats
Faster triage Threat Prioritization
39 | © Infoblox Inc. All rights reserved.
40 | © Infoblox Inc. All rights reserved.
Customer
3rd Party
AIcontinuous
12B per day
2.5 years
1 PB
Data Scientists
Universities
Infoblox
ActiveTrust Cloud
Infoblox
ActiveTrust (on-prem)
AI Powered to address the “unknown” threats
41 | © Infoblox Inc. All rights reserved.
Behavior-based to Detect Zero Day Attacks using AI
• Analytics algorithms are sophisticated and complex
• Simplifying greatly, certain attributes add to a threat score, others subtract from it
• All attributes are evaluated and weighted
• After all attributes are evaluated, a final score will classify a request as exfiltration or not
• If the finding is exfiltration, the destination DNS server is added to a special RPZ zone
that contains the block, log, redirect policy
Entropy
• Does the request contain lots of information?
Frequency / Size
• It is unusual to send many different requests to the same external domain.
Lexical Analysis
• Does it appear to be encoded or encrypted?
n-Gram Analysis
• Does the request contain words in a language?
Proprietary methods
• False positive mitigation
• Other indicators and factors
Adds to score Adds to score Adds to score Subtracts
from scoreAdjusts score
42 | © Infoblox Inc. All rights reserved.
AI powered DNS service is a solution!
Malicious domains automatically added
to custom list
AI
43 | © Infoblox Inc. All rights reserved.
44 | © Infoblox Inc. All rights reserved.
Best Practices for Enterprise to
Secure Your Network
45 | © Infoblox Inc. All rights reserved.
Best Practice for the Digital Economy Network
An Ideal Solution Provides the following key aspects
• Highly available redundant architecture for core network
services that keeps the infrastructure up and running
• Global load balancing of network traffic to handle the volumes
of transactions and communications
• Scaling with automation, centralized management, templates
and wizards for consistent expansion and growth
• Enhanced visibility into devices connecting to the network
across diverse environments (on premise, virtual or cloud)
• Operational efficiencies using network context and insights
(capacity planning)
• Context-aware security for data and infrastructure in any
environment – physical, virtual or cloud; faster remediation of
threats
redundant
architecture
Global
load
balancing
Scaling
with
automation
Enhanced
visibility into
devices
Operational
Efficiencies
Context-
aware
security
46 | © Infoblox Inc. All rights reserved.
การรักษาความปลอดภยัให้ระบบ DNS
เพ่ือสามารถให้บริการได้อย่างต่อเน่ือง
#1ป้องกัน DNS Server
เพ่ือปอ้งกนัการติดต่อไปยงั C&C Server และขโมยข้อมลูส าคญัขององค์กร
#2ป้องกัน Malware ที่มาใช้ DNS Server
เพ่ือให้สามารถตรวจสอบความผิดปกตท่ีิเกิดขึน้และแจ้งเตือน เพ่ือปอ้งกนัอยา่งทนัทว่งที
#3เฝ้าระวังและป้องกันภัยคุกคาม
ที่เกดิขึน้
47 | © Infoblox Inc. All rights reserved.
Security built-in to the DNS infrastructure
DNS Server DNS Server
Security Protection against all DNS threats
Serve DNS queries under attack
Traditional security mitigate only partial attacks against DNS
Internet
48 | © Infoblox Inc. All rights reserved.
DNS hosting
provider
Malware
Malware
Existing: Hosted Authoritative Name Servers
Legitimate
querier
ns1 ns2
Normal RTT 17 ms 12 ms
Duress RTT 999 ms 911 ms
49 | © Infoblox Inc. All rights reserved.
How-to: Heterogeneous Authoritative Name Servers
ns1.provider ns2.provider ns1.corp ns2.corp
Normal RTT 17 ms 12 ms 53 ms 61 ms
Duress RTT 999 ms 911 ms 53 ms 61 ms
DNS hosting
provider
Malware
Malware
Legitimate
querier
50 | © Infoblox Inc. All rights reserved.
February 1st,
2019• ALL DNS servers which do not
respond at all to EDNS queries are going to be treated as DEAD
• EDNS (Extension mechanisms for DNS) for DNSSEC, DNS Cookies
• Action:• Check your domain• Upgrade/Reconfig your DNS• Revise firewall configuration
(Allow UDP packet > 512 bytes)
51 | © Infoblox Inc. All rights reserved.
การรักษาความปลอดภัยให้ระบบ DNS
• ส าหรับ External DNS แนะน าให้ตดิตัง้อยา่งน้อย 2 ชดุ คือภายในองค์กรและท่ี ISP หรือ Cloud Provider เพ่ือให้มี Redundant กรณีท่ีใดท่ีหนึง่ถกูโจมตี และสามารถท า Integrity Check ได้
• ส าหรับ Internal DNS อาจถกูโจมตีจาก Infected Clients ภายในองค์กร แนะน าให้ตดิตัง้แบบHA (High Availability) หรือใช้ DNS Anycast เพ่ือเพิ่มประสิทธิภาพ, มี Redundant และกระจาย Load ไปยงั DNS Server หลายๆ ตวัได้
• ตรวจสอบ DNS Traffic แบบ Deep Packet Inspection เพ่ือคดักรอง ทราฟฟิกการโจมตีออกก่อนสง่ให้ DNS Engine ประมวลผล
• ตรวจสอบ DNS Traffic แบบ Rate-based เพ่ือ Block หรือ Rate Limit ทราฟฟิกท่ีมีปริมาณมากผิดปกตกิ่อนสง่ให้ DNS Engine ประมวลผล
• Update DNS Software/Firmware อยา่งสม ่าเสมอ• ท า Hardening ให้กบั DNS Server หรือใช้ DNS Appliance ท่ีออกแบบมาโดยเฉพาะ เพ่ือ
ปอ้งกนัการโจมตีไปยงัชอ่งโหวต่า่งๆ
เพ่ือสามารถให้บริการได้อย่างต่อเน่ือง
#1ป้องกัน DNS Server
52 | © Infoblox Inc. All rights reserved.
Malwares/APTs rely on DNS at various stages of the cyber kill chain
Penetration
Query malicious domains and report to C&C
Download Malware to the infected host
Transport the data offsite
Infection Exfiltration
DNS Server
53 | © Infoblox Inc. All rights reserved.
Malwares/APTs rely on DNS at various stages of the cyber kill chain
Penetration
Query malicious domains and report to C&C
Download Malware to the infected host
Transport the data offsite
Infection Exfiltration
DNS Server
54 | © Infoblox Inc. All rights reserved.
การรักษาความปลอดภัยให้ระบบ DNS
• ตรวจสอบ DNS Query จากโดเมนวา่เป็น Malicious Query หรือไม?่
• หากเป็น Malicious Query ให้ท าการ Block เพ่ือ ปอ้งกนั MalwareCallback ไปหา C&C Server
• มีการอพัเดท Feed ของโดเมนท่ีอนัตรายจากหลายๆแหลง่อยา่งสม ่าเสมอ เพ่ือความถกูต้องและแมน่ย า
• วิเคราะห์ DNS Query วา่มีความผิดปกตหิรือไม?่
• Domain name• Encoded Text• Query rate
• อาจเป็นการขโมยข้อมลูผา่น DNSQueries
เพ่ือปอ้งกนัการติดต่อไปยงั C&C Server และขโมยข้อมลูส าคญัขององค์กร
#2ป้องกัน Malware ที่มาใช้ DNS Server
55 | © Infoblox Inc. All rights reserved.
การรักษาความปลอดภัยให้ระบบ DNS
• ตรวจสอบสถิติการใช้งานอย่างสม ่าเสมอ เช่น DNS Query Rate (qps), CPU/Memory Utilization
• ตรวจสอบเหตกุารณ์ท่ีผิดปกติ เช่น Malicious Domain Queries, DNS Attacks Events เป็นต้น
• ตัง้ค่าการแจ้งเตือนเม่ือเกิดเหตกุารณ์ผิดปกติผ่านทาง Email, SNMP, SMS เป็นต้น• ก าหนด Workflow ในการแก้ไขปัญหาเม่ือเกิดเหตกุารณ์ผิดปกติ เช่น การท า
Security Event Correlation, Quarantine Client, การสแกนช่องโหว่ เป็นต้น• Integrate กบัระบบ Security ภายในองค์กรเพ่ือปอ้งกนัปัญหาแบบอตัโนมตัิ
เพ่ือให้สามารถตรวจสอบความผิดปกตท่ีิเกิดขึน้และแจ้งเตือน เพ่ือปอ้งกนัอยา่งทนัทว่งที
#3เฝ้าระวังและป้องกันภัยคุกคาม
ที่เกดิขึน้
56 | © Infoblox Inc. All rights reserved.
Case Study
57 | © Infoblox Inc. All rights reserved.
Case Study – Top Bank in Thailand
Challenges:• Cannot access internal system due to security incident last year.
• Internal clients send a large number of DNS queries to outside domain that makes DNS server
down that caused service downtime.
Infoblox solution:• Advanced appliance with Advanced DNS Protection (ADP) to protect the DNS appliance from
DDoS attacks and related exploits
• ActiveTrust to prevent malware C&C
• Threat Insight to prevent data leakage via DNS
Outcome:• ADP prevents DNS infrastructure from internal attackers
• ActiveTrust and Threat Insight blocked all malware lookups with DNS tunneling and data
exfiltration
58 | © Infoblox Inc. All rights reserved.
Case Study – Large Auto Manufacturer
Background
• Have scanners, welders and robots on the factory
floor that are connected
• Reliability of manufacturing processes is very much
dependent on DNS and DHCP functioning efficiently
• They have sensitive data running through three data
centers, so security is critical too
Solution
• Infoblox DNS, DHCP
• Advanced DNS Protection
• DNS Firewall
• Network Insight
• Reporting
59 | © Infoblox Inc. All rights reserved.
Case Study – Chain for Gourmet Burgers
Challenges:
• The attackers in the high profile Chipotle breach were targeting restaurants wanted to prevent a
similar attack to their organizations
• Conducted a security audit by a 3rd party and DNS was a major vulnerability
• During evaluations of other products, This restaurant was attacked; that product was not stopping
the attack
Infoblox solution:
ActiveTrust Cloud Plus to protect up to 5,000 users for the point of sale
Outcome:
ActiveTrust Cloud blocked all malware lookups with DNS tunneling and data exfiltration
60 | © Infoblox Inc. All rights reserved.
Infoblox: Industry Leading DDI SolutionDNS, DHCP, IPAM (IP Address Management)
$56 $62$102
$133$169
$225$250
$306
$358
2008 2010 2012 2014 2016
DDI Market Share Leadership
• 8,900+ Customers
• 83 of Fortune 100
• Global Sales & Support Presence
73 patents | 18 pending
Sustained YOY Growth($MM)
“All organizations looking
to deploy DDI should
consider Infoblox.”Infoblox49.90%
BT Diamond IP…
BlueCat Netw…
Nokia (ALU) -…
Ohers9.20% 2015
Market
Share
54%
61 | © Infoblox Inc. All rights reserved.
Free! DNS Security Assessment with Infoblox ATC
Without control it is not a proof of concept!
62 | © Infoblox Inc. All rights reserved.
Questionnaire
ชุดที่ 1 DNS Traffic Assessment Request ชุดที่ 2 ความคดิเหน็เก่ียวกับ DNS Security
63 | © 2013 Infoblox Inc. All Rights Reserved. 63 | © 2018 Infoblox Inc. All Rights Reserved.
มีข้อสงสัย หรือต้องการสอบถามข้อมูลเพิ่มเตมิSuwatchai Chitphakdeebodin <schitphakdeebodin@infoblox.com>Pheerawat Kittivacharaphong <pkittivacharaphong@infoblox.com>
64 | © Infoblox Inc. All rights reserved.
top related