Posted by: RAH Infotech | February 1, 2016

Infoblox Introduces the First Streaming DNS Threat Analytics to Prevent Data Exfiltration in Real Time

Behavioral analytics applied to DNS traffic helps enterprises and service providers prevent data theft

Infoblox Inc., the network control company, today introduced Infoblox DNS Threat Analytics, the first technology that applies behavioral analytics to DNS queries in real time to detect and actively block data exfiltration attempts using DNS as a communications pathway. Stealing proprietary information through DNS has recently become commonplace among cybercriminals, and Infoblox is uniquely positioned to help block loss of valuable data.

This growing problem is creating concern among enterprises and service providers:

  • Nearly half (46 percent) of large businesses have experienced DNS-based data exfiltration and 45 percent experienced DNS tunneling in the previous year, according to a December 2014 survey.1
  • According to a 2015 report, the average total cost of a data breach to an enterprise is $3.8 million, including forensic efforts, resolution, and the consequences of customer defection.2
  • A data breach at a major U.S. health insurance company reported earlier this year could ultimately cost the firm more than $100 million.3

As the leader in enterprise-grade DNS technology, Infoblox is making significant investments in building technologies to help secure DNS. Infoblox DNS Threat Analytics further enables enterprises and service providers to protect their DNS infrastructure and leverage DNS as a control point to defeat cybercrime. Infoblox is the first to offer a DNS server with built-in behavioral analytics to address DNS-based threats.

Domain Name System (DNS) queries are typically small packets of data that make a simple request: translating a domain name such as into an Internet Protocol (IP) address such as that computers and endpoints understand. However, cybercriminals have learned to exploit DNS to smuggle out an organization’s dataincluding highly sensitive information such as trade secrets and customer credit card numbers.

Infoblox DNS Threat Analytics examines outgoing DNS traffic for characteristics that are associated with data exfiltration attacks in real time. These characteristics include:

  • Size: The query is larger than normal, or contains more information than normal.
  • Encryption: The query contains encrypted data.
  • Timing: The query is being repeated at precise intervals, unlike the intermittent DNS requests initiated by humans.

Traditional reputation-based and signature-based securityalready built into Infoblox DNS security appliancescan already block known threats that have been identified by threat intelligence researchers. Infoblox DNS Threat Analytics goes a step further with its ability to automatically block so-called zero-day threatsattacks that haven’t yet been discoveredafter analyzing DNS queries and spotting suspicious behavior. There’s no need to install additional software on end-user devices or to deploy additional devices in the data center. Infoblox DNS Threat Analytics can scale to provide enforcement across the network and provide visibility into infected devices or rogue employees trying to steal data. Infoblox can also notify other security systems when threats are detected, accelerating remediation.

The unique real-time analysis and detection capability in Infoblox DNS Threat Analytics works as queries are being processed. This is essential to fast identification of indicators of compromise (IOC). Other off-line approaches such as gathering mountains of log data and analyzing these files after the fact can take weeks to monthswhich is unacceptable in todays’ high-stakes security environments.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: