Infoblox DNS Firewall – FireEye Adapter

Proactive Detection and Protection Against APT Malware

Infoblox DNS Firewall integration with FireEye NX Series appliance using the FireEye Multi-Vector Virtual Execution (MVX) engine delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks. This solution combines the power of FireEye APT detection and Infoblox DNS level blocking and device fingerprinting – to detect and disrupt APT malware communication and help pinpoint infected devices attempting to access malicious domains. This is the first and only solution in the marketplace that invokes powerful DNS level control upon FireEye APT detection events.
Take control - Automated Network Management with DNS, DHCP, and IP Address Management

DETECTThe Infoblox DNS Firewall integration with FireEye Malware Protection System (MPS) enables automated detection and mitigation of APT detection events. As FireEye MPS identifies new threats, it sends alerts to DNS Firewall information about malicious domains on the internet targeted for communication by the APT malware.

DISRUPTDNS Firewall automatically disrupts malware communication attempts with Internet-based domains The solution allows definition of hierarchical policies – block, redirect, pass-through and log to meet IT processes for handling APT communication.

PINPOINTInfoblox Reporting server automatically identifies infected devices when malware attempts to call home, reduces time and cost for removing APT malware. Reporting data includes IP address, MAC address, Host name, and device type along with DHCP lease information.

Solution Summary
DNS Firewall – FireEye Adapter enables disruption of DNS queries by advanced persistent threat (APT) malware that “call home” in order to expand attacks and exfiltrate information.

  • Automatic DNS level blocking of detected APTs: DNS Firewall leverages alerts from FireEye to block DNS queries at the domain and IP level.
  • Flexible policy enforcement: DNS Firewall provides options for managing APT malware based DNS queries. The ability to pass through, block or redirect gives administrators the flexibility to direct and act on malware DNS queries within their security frameworks.
  • Identification of infected devices: At the time of malware callback attempt, identification of infected device by IP or MAC address and by device fingerprint via Infoblox Reporting expedites remediation and reduces expansion of attacks.
  • Reporting of malicious domains and IP addresses: Reporting on data sent from FireEye provides IT security personnel with greater understanding of APT attacks.

Solution Benefits

  • Reduced risk of information exfiltration: Alerts from FireEye immediately result in Infoblox DNS Firewall disrupting DNS communication to botnets and command-and-control servers.
  • Minimization of resources spent on APT and malware remediation: Infoblox Reporting server identifies infected devices to enable fast cleanup and visibility into security risks by deice types.
  • APT defense and remediation built into IT systems and processes: After setup, no manual intervention is needed. Reporting automatically provides full audit trails as well as reports of infected devices suitable for inclusion into IT task queues.

Next Steps

Getting started with Infoblox is simple. No matter what stage in the process you are at, Calleva Networks can enable you with the resources you need to help Evaluate, Design and Deploy your Infoblox infrastructure.

Further Reading: Download the Whitepapers and Datasheets for further information:

Webinar: Register for our webinar to learn more about Infoblox products and understand the top reasons for choosing Infoblox.

Experience: Try out our online Infoblox Demo platform.

Evaluate: Take the Infoblox product portfolio for a test drive.

Design: We will create a design overview so you can assess the deployment choices.

Contact Us