Infoblox DNS Firewall

Proactive and Disruptive at the Same Time

Infoblox is leveraging its market leading DNS technologies into industry’s first true DNS Security solution. The Infoblox DNS Firewall protects against DNS-based Malware by proactively preventing clients from becoming infected and by disrupting infected clients’ ability to communicate with the Botnet master controller.

How the Solution Works

As shown in the diagram below, the solution works as follows:

1. When Infoblox security experts detect a new malware, the Infoblox Malware Data Feed immediately sends an update to Infoblox DNS Firewall customers.
2. Either directly or by leveraging the Infoblox Grid, the updated data is sent to all Infoblox recursive DNS servers in near real time.
3. If an end user clicks on a malicious link or attempts to go to a known malware website, the attempt will be blocked at the DNS level.
4. The session will be redirected to a landing page / walled garden site defined by the company administrator.
5. For clients that are infected already, very typically user-owned devices, the infected client will attempt to use DNS commands to communicate with the botnet master controller. The Infoblox DNS Firewall will disallow these communications, effectively crippling the Botnet.
6. All activities are written to industry-standard Syslog format so that the IT team can either investigate the source of the malware links or cleanse the infected client. Data is also fed to the Infoblox Trinzic Reporting for analysis and reporting.

Infoblox DNS Firewall architecture

Why the Solution is Unique

The Infoblox DNS Firewall provides differentiating capabilities to Security and Networking organizations in terms of being Proactive, Timely, and Tunable.

Proactive
The Infoblox DNS Firewall stops clients from becoming infected by going to a malware website or clicking on a malicious link. Further, ‘hijacked’ DNS Command and Control requests are not executed to prevent the botnet from operating. Lastly, all malware activities are logged and reported to pinpoint infected clients and attacks.

Timely
The Infoblox DNS Firewall leverages comprehensive, accurate, and current malware data to detect and resolve malware weeks to months faster than in-house efforts. The robust data provided by Infoblox is comprehensive in terms of including all known attacks and very accurate in terms of a very low false positive rate. Automated distribution maximizes response timeliness from Infoblox throughout your Grid in near real-time.

Tunable
The solution is tunable to ensure that all threats can be countered in the customer’s unique environment. The solution allows the definition of hierarchical DNS, NXDOMAIN Redirection, and Malware policies that maximize flexibility. You also have full control over which policies are enforced by each recursive DNS server. The Infoblox Malware Data Feed includes several options that enable the precise matching of data, including geography, to the threats encountered. In addition, the Infoblox Data Feed can also be combined with multiple internal and external reputational data feeds.

Infoblox DNS Firewall – FireEye Adapter

Proactive Detection and Protection Against APT Malware

Next Steps

Getting started with Infoblox is simple. No matter what stage in the process you are at, Calleva Networks can enable you with the resources you need to help Evaluate, Design and Deploy your Infoblox infrastructure.