Interview News

DNS is the only Detection Method that is Ubiquitous

Scott Harrell Infoblox President and CEO

Core to Infoblox protection strategy is the identification of suspicious domains. Threat actors often register domains well in advance of using them for attacks, typically 14-120 days in advance, but Inflobox has seen domains held dormant for upwards of two years. Infoblox identifies suspicious domains through several custom-built algorithms and DNS based threat hunting.  

“Infoblox is the only company that can provide real-time visibility and control over who and what connects across networks and multi-cloud environments to help customers build safer, more resilient environments.”

Scott Harrell, President & CEO, Infoblox 

Can you give us an overview of the evolution of the Infoblox brand and the new positioning of the company. 

We’ve unveiled a new brand, including a fresh brand identity and story that reflects where Infoblox is as a business today, and where we are heading in the future. Our mission is to simplify and unite networking and security. This comes for us at such a critical time, as the industry at large faces increased cybersecurity threats and breaches at an all time high. We envision a future where networking and security unite to power a world that never stops.  

We have grown a strong brand over the past 23 years; A brand that has stayed very consistent.  Over those two decades, we have earned our place as the global market leader in enterprise DNS management and we’re known and trusted by 10’s of thousands of network professionals.  But that brand is tied to our history and falls short of capturing how we’ve evolved and where we are going as a company. Because we’ve been so focused on product innovation, and our security solutions have evolved greatly, we felt now was the natural time for us to unveil a new brand that resonates with both, networking and security professionals alike.  

When you have deep roots and are a market leader that is known for something, it takes a conscious effort to evolve. Our goal is to make sure the industry and our customers and partners understand the hidden opportunities they have to better secure their networks to improve performance and protection – and they know we are innovating along with them.  

Infoblox is the only company that can provide real-time visibility and control over who and what connects across networks and multi-cloud environments to help customers build safer, more resilient environments. By bringing NetOps and SecOps teams together with shared visibility, data context, automation and control, they can prevent malware communications and pinpoint the source of threats, taking the performance and protection to new heights. 

We understand that you are a big advocate of the ‘as a service’ movement. Do you see organizations globally pivoting to this IT consumption model, especially in the networking and security domain, and why? 

Yes, as-a-service is critical to help simplify and accelerate the adoption of new technology.   

With the rise of multi-cloud, hybrid work, IoT/OT, and AI the application, user, and device environment is becoming much more complex and dynamic. Providing solutions in ‘as-a-service’ consumption models allows IT to be agile and get rapid time-to-value (TTV). It also enables them to flex how much they consume based on their changing needs.   

Using an as-a-service solution like Infoblox’s BloxOne® platform allows for easy integration  – and can help customers with a multitude of services that can deliver unique outcomes like the bringing together of Networking and Security.  With Infoblox’s BloxOne®  Threat Defense solution, customers are protected with best of breed DNS security. By adding real-time visibility into application, user and device context with BloxOne® DDI,  Infoblox can enable SecOps teams to investigate and remediate incidents more efficiently and accurately.   

DNS is being increasingly targeted by cyber criminals. As a company that is leading innovation in DNS security, what do organizations need to do to combat threats to their DNS infrastructure? 

Protect and monitor your DNS – it’s so critical to your security posture. DNS is the only detection method that is ubiquitous. It is the first thing all users and devices use to connect to any resource and it is the first thing most malware use to initiate a breach.   If you aren’t working with us today, I’ll give you a few reasons why you should.  

Firstly, we all know that cyberattacks have become more sophisticated and staying on top of evolving threats is a constant challenge. Robust and accurate threat intelligence that has broad coverage is absolutely key to stopping attacks early and minimizing risk.  

Here’s a prime example why: On Thursday, April 13 Infoblox was the first to find and share a critical security threat communicating with Russian C2 that is selectively targeting many organizations worldwide – and it was going undetected. We broke this intel via a post on Mastodon, and one of our first priorities was to notify our customers/partners of this threat. We flagged 6 domains and urged the industry to block these immediately.  

The Threat Intelligence Group at Infoblox is dedicated to creating high fidelity “block-and-forget” domain name service (DNS) intelligence data for use in BloxOne Threat Defense. Our Threat Intelligence Group uses a patented machine learning algorithm to minimize the risk of enterprise outages while enabling maximum coverage of threats. Because we are focused on DNS and infrastructure actors, we can identify suspicious behavior before its impact is known by the adjacent areas of the industry (endpoint, netflow vendors), and we can track persistent actors to block their DNS infrastructure before it becomes a problem for our customers. 

Core to our protection strategy is the identification of suspicious domains. Threat actors often register domains well in advance of using them for attacks, typically 14-120 days in advance, but we have seen domains held dormant for upwards of two years. Infoblox identifies suspicious domains through several custom-built algorithms and DNS based threat hunting.  

No other vendor provides customers the ability to configure their own set of domains for customized lookalike threat protection, while also identifying and protecting them from lookalike domains to popular products and services. 

In response to this increased threat actor activity, Infoblox developed technology specifically to identify suspicious and malicious lookalikes, including the emerging multi-factor authentication (MFA) targeted attacks. Infoblox now provides additional lookalike defenses including those targeting MFA. These state-of-the-art attacks break the protective shield companies have come to rely on to protect their internal networks. Additionally, refined algorithms and user experience, allow Infoblox to identify suspicious and phishing lookalikes to customer-chosen monitored domains. This affords protection against spear phishing and brand abuse with alerts for suspicious activity that is tailored to their needs. 

What do you see as the primary drivers of Infoblox’s business globally? 

Businesses today are increasingly adopting hybrid and multi-cloud environments to stay competitive, creating additional complexity and expanding attack surfaces. With accelerating adoption of multi-cloud, hybrid work, IoT/OT and other transformations, protecting critical assets has become more complex than ever before.  

Beyond what Mohammed has outlined in the regional view of market drivers, I’d add the two following points:  

  • Uniting SecOps & NetOps – Recent industry reports reveal the growing need for consistent network visibility and automation, requiring coordination across SecOps and NetOps for optimized network performance. A single pane of glass to provide visibility and control to who and what is connecting to their networks is an important market need.  
  • DNS Detection and Response – In today’s cyber climate, security teams are under tremendous pressure to protect more with less. As XDR has been defined to encompass Endpoint (EDR), Network (NDR), and other technologies, the realization that DNS provides unique security visibility and protection that is not being addressed by traditional security solutions has become apparent. DNS has largely been ignored from traditional security solutions, and not seen as a possible threat vector that attackers can leverage. This has led to the evolution of attack techniques that utilize DNS as a way to infiltrate a network, expand without detection and exfiltrate data. The need for DNS as a detection and response solution as part of a Detection and Response strategy gives us an incredible opportunity to shore up a gap not covered in the current XDR approach.  Something we know that will greatly enhance every organization’s security posture, without adding yet another security tool: every network in the world has DNS, and converting it to a DNS Detection and Response capability is extremely simple, and every device in the network already communicates with DNS before any other activity.  

Related posts

SANS Institute Drives Saudi Vision 2030 with SANS Summer Dunes

Enterprise IT World MEA

Tenable Now Available Through AWS Abu Dhabi Region

Enterprise IT World MEA

Nutanix Simplifies Management and Operations of Kubernetes Clusters

Enterprise IT World MEA

Leave a Comment