Many organizations are not aware that DNS based data exfiltration and malware communication with C&C sites occurs frequently. Unfortunately, your traditional security systems such as next-generation firewalls, secure web gateways (SWG), secure email gateways (SEG) and intrusion prevention systems (IPS) do not address this DNS blind spot.
Infoblox ActiveTrust® allows our customer to proactively detect, investigate, prioritize and prevent cyber threats. Infoblox ActiveTrust® bundles Infoblox DNS Firewall, Threat Insight in the Cloud, Infoblox Threat Intelligence Data Exchange (TIDE) and Infoblox Dossier. The solution prevents data exfiltration and malware C&C communications via DNS, centrally aggregates curated internal and external threat intelligence, distributes threat data to the customer’s existing security infrastructure and enables the rapid investigation to identify the context and prioritize threats.
With Threat Insight in the Cloud bundled with ActiveTrust® Plus and Advanced at no additional cost, cloud customers can:
- Detect DNS based data exfiltration at scale
- Detect threats that use DNSMessenger, Domain Generation Algorithm (DGA), and Fast Flux
We also have new threat intelligence feeds for ActiveTrust®. Those feeds include:
- Automated Indicator Sharing (AIS) data for ActiveTrust® and ActiveTrust® Cloud subscribers – The AIS feed integrates Indicators of compromise (Hostnames and IP addresses), obtained from the US Department of Homeland Security, with existing DNS infrastructure to enhance threat intelligence and expedite remediation.
- SURBL Multi ‘lite’ domains for ActiveTrust® Plus and Advanced subscribers: a subset of the SURBL multi-domain feed is now available to customers so they can leverage the Infoblox Trinzic 800 and 1400 series appliances.
Infoblox ActiveTrust® is a key element of our Data Protection and Malware Mitigation solution and the most recent enhancements further enhance and differentiate this solution.
You can download a free 30-day evaluation of ActiveTrust.