Upload File

data protection and malware mitigation - …...data protection and malware mitigation, this will...

  • Home
  • Documents
  • DATA PROTECTION AND MALWARE MITIGATION - …...Data Protection and Malware Mitigation, this will focus on reputation, signatures, and heuristics that disrupt the kill chain. ActiveTrust
1
DATA PROTECTION AND MALWARE MITIGATION SOLUTION DESIGN 3111 Coronado Drive, Santa Clara, California 95054, USA | 1.866.463.6256 (Toll-free, U.S. and Canada) | [email protected] | www.infoblox.com | © Infoblox Inc. All rights reserved. 1704 Authoritative IP and DNS/DHCP management as a single pane of glass and a “hub” for sharing actionable intelligence and data enrichment with the security ecosystem. Advanced DHCP service that fingerprints endpoints to provide context and lease history. Infoblox Internal DNS (recursive and authoritative) with security capabilities based on reputation, signatures, and behavioral analysis. Can be deployed in public or private cloud infrastructure. Recursive Infoblox DNS (for Internet name resolution) with security capabilities based on reputation, signatures, and behavioral analysis. Infoblox provides consistent, high-quality threat intelligence information and feeds for consumption not only by Infoblox products, but by any components that form part of your security ecosystem. For Data Protection and Malware Mitigation, this will focus on reputation, signatures, and heuristics that disrupt the kill chain. ActiveTrust ® Cloud provides an advanced cloud-based DNS resolution service that incorporates threat intelligence, reputation, and behavioral analytics. DNS Traffic Good DNS Traffic Bad Traffic Roaming Clients X 6 1 2 Internet Authoritative DNS Cloud Infrastructure e.g. AWS/Azure 3 Secure Internal DNS 1 4 External Perimeter Internal Perimeter 1 3 Secure Recursive/Caching DNS 4 4 Proxies and Secure Gateways X 3 Internal DNS (e.g., Microsoft) Secure Internal DNS DHCP Authoritative IPAM DNS/DHCP Management Single Pane of Glass X 3 1 X 4 2 3 2 1 1 4 1 Network Infrastructure (Physical, Virtual, SDN) Internal Clients 1 2 X SIEM Vulnerability Scanner NAC Active Directory Authentication Events Endpoint Security APT/Malware Detection Security Ecosystem 3 1 2 3 4 5 6 Threat Intelligence Threat intelligence—implemented as RPZ feeds, DNS protection signature updates and threat analytics module updates Cloud service used for threat intelligence Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc. Advanced threat data from ATP/Malware detection 2 3 4 1 Actionable Intelligence Security events with context such as syslog messages and outbound API notifications 1 Data Enrichment Authenticated user data (from NAC and AD) DNS name of malicious client DHCP fingerprinting, MAC, etc. Contextual network data (including DNS, DHCP, IP, L2/L3, and User Data) via APIs 2 3 4 1 X Infoblox Solutions Communication Flow Network Discovery Discovery of switches, routers Discovery of attached endpoints Discovery of virtual infrastructure 2 3 1 3 4 5 Threat Intelligence Cloud-based Recursive/Caching (ActiveTrust ® Cloud) Firewall

Upload: others

Post on 14-May-2020

24 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: DATA PROTECTION AND MALWARE MITIGATION - …...Data Protection and Malware Mitigation, this will focus on reputation, signatures, and heuristics that disrupt the kill chain. ActiveTrust

DATA PROTECTION AND MALWARE MITIGATION SOLUTION DESIGN

3111 Coronado Drive, Santa Clara, California 95054, USA | 1.866.463.6256 (Toll-free, U.S. and Canada) | [email protected] | www.infoblox.com | © Infoblox Inc. All rights reserved. 1704

Authoritative IP and DNS/DHCP management as a single pane of glass and a “hub” for sharing actionable intelligence and data enrichment with the security ecosystem.

Advanced DHCP service that �ngerprints endpoints to provide context and lease history.

Infoblox Internal DNS (recursive and authoritative) with security capabilities based on reputation, signatures, and behavioral analysis. Can be deployed in public or private cloud infrastructure.

Recursive Infoblox DNS (for Internet name resolution) with security capabilities based on reputation, signatures, and behavioral analysis.

Infoblox provides consistent, high-quality threat intelligence information and feeds for consumption not only by Infoblox products, but by any components that form part of your security ecosystem. For Data Protection and Malware Mitigation, this will focus on reputation, signatures, and heuristics that disrupt the kill chain.

ActiveTrust® Cloud provides an advanced cloud-based DNS resolution service that incorporates threat intelligence, reputation, and behavioral analytics.

DNS Traf�c

Good DNS Traf�c

Bad Traf�c

Roaming Clients

X

6

1

2

InternetAuthoritative DNS

Cloud Infrastructuree.g. AWS/Azure

3Secure

Internal DNS

1

4

External Perimeter

InternalPerimeter

1

3

Secure Recursive/Caching DNS 4

4

Proxies andSecure Gateways

X3

Internal DNS(e.g., Microsoft)

SecureInternal DNS

DHCP

Authoritative IPAMDNS/DHCP Management

Single Pane of Glass

X

3

1

X

4

2

3

2

11

4

1

Network Infrastructure(Physical, Virtual, SDN)

Internal Clients

1

2

X

SIEM

VulnerabilityScanner

NAC

Active DirectoryAuthentication Events

EndpointSecurity

APT/MalwareDetection

Security Ecosystem

3

1

2

3

4

5

6

Threat Intelligence

Threat intelligence—implemented as RPZ feeds, DNS protection signature updates and threat analytics module updates

Cloud service used for threat intelligence

Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc.

Advanced threat data from ATP/Malware detection

2

3

4

1

Actionable Intelligence

Security events with context such as syslog messages and outbound API noti�cations

1

Data Enrichment

Authenticated user data (from NAC and AD)

DNS name of malicious client

DHCP �ngerprinting, MAC, etc.

Contextual network data (including DNS, DHCP, IP, L2/L3, and User Data) via APIs

2

3

4

1

X

Infoblox Solutions

Communication Flow

Network Discovery

Discovery of switches, routers

Discovery of attached endpoints

Discovery of virtual infrastructure

2

3

1

3

4

5

Threat Intelligence

Cloud-based Recursive/Caching (ActiveTrust® Cloud)

Firewall

Continuous Diagnostics and Mitigation (CDM) and Mobile ......Aug 30, 2018  · • Mobile Applications: Malware and vulnerabilities in mobile apps and systems. • Networks: Rogue

Secure Pipes with Network Security · Malware scanning: Address and port scan detection and mitigation Outbound email spam: Mitigation of email spam using the CSP’s mail servers

Android Malware Exposed-Evolution of Android Malware

Improving Malware Mitigation For Online Bitcoin …ibimapublishing.com/articles/JIACS/2018/415339/415339.pdfIntroduction Bitcoin is a decentralised cryptocurrency, which means it does

Automatic Mitigation of Kernel Rootkits in Cloud …iahmed3/publications/lncs-wisa-2017.pdfKeywords: Virtual Machine Introspection, malware, virtualization 1 Introduction Kernel rootkits

An Introduction To Keyloggers, RATS And Malware€¦ · Malware Malware has been a problem for ages, Malware is short form of malicious software. A Malware is basically a program

Mobile Malware Network View - Black Hat · Mobile Malware Network View ... ... Windows Malware impacts mobile

Pervasive Malware Propagation Mechanism and Mitigation ...Pervasive Malware Propagation Mechanism and Mitigation Techniques Amit Kumar Master of Engineering, Student, Department of

Infoblox Data Connector User's Guide - ActiveTrust ...help.csp.infoblox.com/.../2018/01/Data_Connector_User_Guide_2.0.pdf · Infoblox User Guide Data Connector 2.0 1 Preface The preface

Malware Slums: Measurement and Analysis of Malware on ...homepage.cs.uiowa.edu/~mshafiq/files/malware... · Malware Slums: Measurement and Analysis of Malware on Traffic Exchanges

Infoblox ActiveTrust Cloud - Exclusive Networkspassport.exclusive-networks.it/upload/workdoc...Seamless Integration with On-Premise Solution • Set policy once for each user • All

An admin's guide to boosting your Office 365 Secure Score · malware attacks their organization is subjected to, and can decide whether they need to harden their malware mitigation

Intrusion Detection and Malware Analysis - Malware collection

Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection

Reversing malware analysis trainingpart9 advanced malware analysis

THE EVOLUTION OF MALWARE & FUTURE MALWARE MITIGATION

MALWARE RISKS AND MITIGATION REPORT

Metamorphic Malware 1 Metamorphic Malware Research

Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible

Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware

Malware and anti-malware (fun with Trojans) - Z. …z.cliffe.schreuders.org/edu/FS/Malware and anti-malware... · 2014-04-02 · Malware and anti-malware (fun with Trojans) ... with

Infoblox Quick Start Guide - ActiveTrust Cloud Threats API · 2019-12-16 · • Collection of ActiveTrust Cloud logs into Splunk using the REST API; • Filter it efficiently with

Dynamic Trust Management for Mitigation of Malware … · 2015-08-10 · Networking Research Laboratory Department of Electrical and Computer Engineering New Jersey Institute of Technology

SECURING THE INDUSTRIAL...Through this collaboration, the NCCoE develops modular, ... This project focuses on data integrity and malware prevention, detection, and mitigation within

Improving accuracy of malware detection by …...FFRI, Inc. Background – malware and its detection 4 Increasing malware Targeted Attack (Unknown malware) Malware generators Obfuscators

Fraud Mitigation Strategies for Business · •Ransomware •Email Account Ransom •Webcam Image Extortion. Ransomware 14 Ransomware is a form of malware that restricts the target

MALWARE RISKS AND MITIGATION REPORT - National Institute

Computer Virology and Mobile Malware Detection · 2019-03-14 · Outline •Introduction •Computer Virology • Malware taxonomy • Encrypted malware •Malware Detection •Mobile

DETECTING AND PROTECTING AGAINST · 84 control system (ICS) application white listing, malware detection and mitigation, change control 85 management, user authentication and authorization,

Risk Mitigation for SpamBotInfections Bot Infectio… · Mitigation: Practice basic computer hygiene Practicing basic computer hygiene is essential to reducing the risk of all malware

Malware & Anti-Malware

Malware and Anti-Malware Seminar by Benny Czarny

AFeature-BasedCallGraphDistanceMeasureforPro- gram ... · Security and privacy~Intrusion/anomaly detection and malware mitigation Theory of computation~Program analysis Software and

Cyber Security Risks and Mitigation for SME · – Mostly on traditional threats (email and web malware …) – Becoming aware of new threats: social engineering and information

MALWARES MALWARE REVIEWED ISE DE Malware Reviewed · MALWARES There are public reports about spreading of malware named as ServHelper malware. It is a backdoor malware used by attacker