Context-aware Security from the Core

Srikrupa Srivatsan, Sr. Manager, Product Marketing | 06/15/2017

1
1 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 Agenda

• Evolving networks and increased cyber threats

• Closing the DNS gap
• Solutions to protect infrastructure and data
• Next steps

2
2 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Evolving Network Environment and Paradigm Shifts...

Active Internet Connected Network Digital Internet

Users Devices Evolution Transformation of Things
3.4 Billion1 21 Billion2 Networks are Digital New trends like
Active internet users Connected devices being transformed transformation is IoT are increasing
worldwide in 2016, +25% by 2020, +30% over – Cloud, SDN, happening faster the attack surface
over last year last year others than you think

1. Internet Live Stats (http://www.internetlivestats.com/internet-users/)

2. http://www.cnbc.com/2016/02/01/an-internet-of-things-that-will-number-ten-billions.html
3. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
3
3 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
...Are Leading to Increased Exposure to Cyber Threats

Organizations are facing an unprecedented

challenge of data breaches

4
4 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 Products Galore: Solutions Missing

400+
VENDORS

5
5 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Modern Networks
External Endpoints
DNS

DNS SIEM DNS

Threat
Intel

Data Center(s) SOC Office Locations

6
6 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Potential Gaps in Modern Networks
External Endpoints
DNS

C&C/Data
Exfiltration?

DDoS?

Data
Exfiltration?
? C&C?

DNS SIEM DNS

? ?
Network context? Network context?
Threat
Intel

What’s on What’s on
my network? my network?

Data Center(s) SOC Office Locations

7
7 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 DNS – The Critical Yet Vulnerable Asset

8
8 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 The DNS Gap – A Multi Dimensional Threat Vector
Making Your
Infrastructure Work 78% 84% >$500 $1.5M
Against You DNS: most common Of reflection/amplification Per min cost of downtime Average cost per year to
application layer attacks1 attacks use DNS1 due to DDoS attack2 deal with DNS attacks2

The Leading
Culprit in Data
$4M 46% 45%
Average consolidated % of survey respondents that % of survey respondents that
Exfiltration cost of a data breach3 experienced DNS data exfiltration4 experienced DNS tunneling4

APT/Malware
Proliferation
91% 431M #1
Of malware uses DNS New unique pieces of malware in Malware C&C is #1 responsible
Rooted in DNS to carry out campaigns5 20156 vector for crimeware7

Ineffective Threat 70% 46% 45%

Intelligence of survey respondents that % of survey respondents unable to % of survey respondents lacked context
felt Threat Intel is not timely8 prioritize the threat by category8 for threat intel to make it actionable8

1. Arbor WISR2016 Report 7. Verizon 2016 Data Breach Investigations Report

2. Ponemon Institute Study – The Cost of Denial-of-Service Attacks. March 2015\ 8. Source: Ponemon Institute, 2015 Second Annual Study on Exchange Cyber Threat Intelligence
3. Source: Ponemon Institute, 2016 Cost of Data Breach Study
4. Source: SC Magazine, Dec 2014, “DNS attacks putting organizations at risk, survey finds”
5. Source: Cisco 2016 Annual Security Report
6. 9 || ©©2017
9
Symantec 2013
2016 Infoblox
Infoblox
Internet Inc.
Inc. All
Security All
Rights
Threat Rights Reserved.
Reserved.
Report
Three Aspects of Security

#1 #2 #3
Infrastructure Data Protection and Threat Containment
Protection Malware Mitigation and Operations
Better Application and Protect Users and Data Efficiency & Optimization
Service Availability of Security Operations

10 | | ©©2017
10 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Modern Networks: Agile & Secure
External Endpoints

DDoS

DNS DDoS

SIEM

Data
Exfiltration Threat C&C
Intel

IPs on the Network IPs on the Network

Data Center(s) SOC Office Locations

11 | | ©©2017
11 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 #1 Infrastructure Protection
Maintain Service and Application Availability

Visibility Vulnerability Protection DNS Attack Data Enrichment

of Network Devices
• Visibility into devices and
hosts on the network
• Visibility into attack points
and patterns
• OS and configuration
vulnerabilities on network
devices
• Detect network devices
with vulnerabilities
• Automate remedial action
Protection
• Protect infrastructure against
DNS DDoS, exploits, cache
poisoning, NXDOMAIN
• Detect DNS hijacking
• DDoS resiliency with highly
available architecture
/Ecosystem
• Share events and alerts with
SIEM via APIs
• Notify vulnerability scanners
of new devices or virtual
workloads

#1 Infrastructure #2 Data Protection and #3 Threat Containment

Protection Malware Mitigation and Operations

12 | | ©©2017
12 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 #2 Data Protection and Malware Mitigation
Avoid brand damage, financial and legal implications caused by data breaches, malware

Disruption of Cyber Kill Chain Data Exfiltration Prevention Visibility

• Block malware/APT activity at DNS
control plane
• Enforce policy with curated up-to date
threat intelligence
• Protect users on or off premises
• Prevent lateral movement of threats
• Accelerate remediation by sharing DNS
IoCs with ecosystem
• Prevent DNS based data exfiltration
that other systems can’t detect
• Detect and prevent zero day threats
using Big Data, machine learning
and streaming analytics
• Scalable enforcement on-premises
and in the cloud
• Visibility into devices and hosts on
the network
• Visibility into infected endpoints
• Network context for prioritization
• Contextual information on threat
actor, threat campaign, associated
breaches in other organizations

#1 Infrastructure #2 Data Protection and #3 Threat Containment

Protection Malware Mitigation and Operations

13 | | ©©2017
13 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 #3 Threat Containment and Operations
Ease Security Operations, Get Better ROI from Your Security Investments

Threat Intelligence Security Rapid Triage/Resource

Optimization
• Enforce policy using timely, consolidated
& high quality threat intelligence
• Improve incident response with
consolidate threat intelligence from
multiple sources
• Eliminate silos and accelerate remediation
by centralizing threat intelligence
Orchestration Optimization
• Automatically share DNS IoCs with • Investigate threats faster to free up
security ecosystem for more efficient security personnel
incident response
• Timely access to context for threat
• Share network context and actionable indicators
intelligence (IP address, DHCP
fingerprint, lease history etc.) to help
assess risk and prioritize alerts

#1 Infrastructure #2 Data Protection and #3 Threat Containment

Protection Malware Mitigation and Operations

14 | | ©©2017
14 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Multipronged Approach to Threat Detection

Reputation Signature Behavior

Detect & prevent Infrastructure protection Patented streaming
communications to for critical core services analytics technology
malware, C2, ransomware
Carrier-grade deep packet Detect & prevent data
Government-grade threat inspection exfiltration
intelligence
Instant identification of ”Machine learning”
Ecosystem popular tunneling tools

15 | | ©©2017
15 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Leverage Threat Intel Across Entire Security Infrastructure
Infoblox C&C IP List

SURBL Phishing & CSV File

Malware URLs JSON
TIDE STIX
Define Data Spambot IPs RBL Zone File
Marketplace
Policy, RPZ
Governance &
Translation C&C & Malware
Custom TI Host/Domain

Dossier
Investigate
Threats

RESULT: Single-source of TI management Faster triage Threat prioritization

16 | | ©©2017
16 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Security Orchestration & Data Sharing
Accelerating Incident Handling and Response Data to Prioritize Remediation

Device Audit Trail and

Fingerprinting
DHCP • Device info, MAC, lease history
SIEM Vulnerability
Management

Application and
Business Context
Threat IPAM • “Metadata” via Extended
Network
Intelligence Attributes: Owner, app, security
Platform Access level, location, ticket number
Control
• Context for accurate risk
assessment and event
prioritization

• Internal activity inside the

security perimeter

Advanced Next-gen • Includes BYOD and IoT devices

DNS
Threat Endpoint
Detection Security • Profile device & user activity

17 | | ©©2017
17 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
 • Try Infoblox Products – Free of
Cost & Risk
• ActiveTrust Cloud eval

Next Steps • ActiveTrust (on-premises) eval

• Data Exfiltration demo
• Security(PCAP) assessment
Path to Engagement
• Engage with Infoblox to discuss
your security architectures

18 | | ©©2017
18 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.
Q&A

19 | | ©©2017
19 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved.