Infoblox DNS Firewall

DNS-based Malware – Too Dangerous To Ignore

Statistics from McAfee show that over 7 million new malware threats were detected each quarter in 2012. A 2012 Verizon study indicated that 69% of the successful corporate breaches leveraged malware. Further, 92% of data breaches were discovered by an external party rather than the impacted organization.

Infoblox Reporting server automatically identifies infected devices when malware attempts to call home, reduces time and cost for removing APT malware

Of the various types of malware, DNS-based malware is perhaps the most dangerous. It is often directed to steal customer and /or sensitive corporate information over an extended period of time. As more and more end users bring their own devices (such as smart phones and tablets) to work, malware is able to sidestep outward-facing corporate protective measures such as firewalls. Further, as communications are made using the DNS protocol, existing IP-based malware protection technologies are circumvented.

Quick Actions
Getting started with Infoblox is simple – contact us for further information:Further Reading: Download the Whitepapers and Datasheets for further information:

FireEye Integration: Learn how DNS Firewall can integrate with FireEye, delivering a powerful defense against APT.

Webinar: Register for our webinar to learn more about Infoblox products and understand the top reasons for choosing Infoblox

Callback: Register for a callback to discuss how Infoblox can protect your business against Malware

Information: Request more details on the Infoblox product range and pricing

Contact Us

Proactive and Disruptive at the Same Time

Infoblox is leveraging its market leading DNS technologies into industry’s first true DNS Security solution. The Infoblox DNS Firewall protects against DNS-based Malware by proactively preventing clients from becoming infected and by disrupting infected clients’ ability to communicate with the Botnet master controller.

How the Solution Works

As shown in the diagram below, the solution works as follows:

  1. When Infoblox security experts detect a new malware, the Infoblox Malware Data Feed immediately sends an update to Infoblox DNS Firewall customers.
  2. Either directly or by leveraging the Infoblox Grid, the updated data is sent to all Infoblox recursive DNS servers in near real time.
  3. If an end user clicks on a malicious link or attempts to go to a known malware website, the attempt will be blocked at the DNS level.
  4. The session will be redirected to a landing page / walled garden site defined by the company administrator.
  5. For clients that are infected already, very typically user-owned devices, the infected client will attempt to use DNS commands to communicate with the botnet master controller. The Infoblox DNS Firewall will disallow these communications, effectively crippling the Botnet.
  6. All activities are written to industry-standard Syslog format so that the IT team can either investigate the source of the malware links or cleanse the infected client. Data is also fed to the Infoblox Trinzic Reporting for analysis and reporting.
Infoblox DNS Firewall architecture

Infoblox DNS Firewall architecture

Why the Solution is Unique

The Infoblox DNS Firewall provides differentiating capabilities to Security and Networking organizations in terms of being Proactive, Timely, and Tunable.

The Infoblox DNS Firewall stops clients from becoming infected by going to a malware website or clicking on a malicious link. Further, ‘hijacked’ DNS Command and Control requests are not executed to prevent the botnet from operating. Lastly, all malware activities are logged and reported to pinpoint infected clients and attacks.

The Infoblox DNS Firewall leverages comprehensive, accurate, and current malware data to detect and resolve malware weeks to months faster than in-house efforts. The robust data provided by Infoblox is comprehensive in terms of including all known attacks and very accurate in terms of a very low false positive rate. Automated distribution maximizes response timeliness from Infoblox throughout your Grid in near real-time.

The solution is tunable to ensure that all threats can be countered in the customer’s unique environment. The solution allows the definition of hierarchical DNS, NXDOMAIN Redirection, and Malware policies that maximize flexibility. You also have full control over which policies are enforced by each recursive DNS server. The Infoblox Malware Data Feed includes several options that enable the precise matching of data, including geography, to the threats encountered. In addition, the Infoblox Data Feed can also be combined with multiple internal and external reputational data feeds.

Infoblox DNS Firewall – FireEye Adapter

Proactive Detection and Protection Against APT Malware

Infoblox DNS Firewall integration with FireEye NX Series appliance using the FireEye Multi-Vector Virtual Execution (MVX) engine delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks. This solution combines the power of FireEye APT detection and Infoblox DNS level blocking and device fingerprinting – to detect and disrupt APT malware communication and help pinpoint infected devices attempting to access malicious domains. This is the first and only solution in the marketplace that invokes powerful DNS level control upon FireEye APT detection events.Read More: DNS Firewall / FireEye Integration

Infoblox DNS Firewall integration with FireEye Malware Protection System enables automated detection and mitigation of APT detection events

Next Steps

Getting started with Infoblox is simple. No matter what stage in the process you are at, Calleva Networks can enable you with the resources you need to help Evaluate, Design and Deploy your Infoblox infrastructure.

Further Reading: Download the Whitepapers and Datasheets for further information:

Webinar: Register for our webinar to learn more about Infoblox products and understand the top reasons for choosing Infoblox

Experience: Try out our online Infoblox Demo platform

Evaluate: Take the Infoblox product portfolio for a test drive

Design: We will create a design overview so you can assess the deployment choices

Contact Us