01-31-2018 05:50 PM - edited 01-31-2018 05:52 PM
If you are a security operations specialist in a fairly large organization, you probably already know how difficult it is to manage multiple security tools, gather data from multiple sources, and make sense of those security alerts that never seem to stop. You need relevant data fast so that you can respond to threats fast. On top of all the operational headaches, you get asked – why are these breaches happening? Where are the gaps?
While you can never really close all the gaps, you can look at your existing infrastructure to see how it can better help you improve your security posture. Case in point – DNS, DHCP and IPAM (DDI).
Here are two ways DDI can help:
- Adding DNS layer security to make it your first line of defense. When 91% of malware uses DNS, it naturally becomes a control point to detect and block malicious activity early.
- Unlocking the data and business context in your DDI infrastructure can lead to a wealth of information that can be leveraged by other security tools. DDI offers a treasure trove of information about normal as well as anomalous communications. They also provide visibility and context (importance and criticality of infrastructure assets) that helps prioritize remediation of security events.
ActiveTrust Cloud Adds DNS Layer Security
Infoblox is happy to announce new enhancements to ActiveTrust® Cloud, a SaaS-based security solution that providers DNS based security. It can:
- Detect and block threats like ransomware, zero-day data exfiltration, Domain Generation Algorithms (DGA), Fast Flux and more.
- Provide deep visibility and rich context for incidents
- Help you investigate threats faster
- Protect devices wherever they are – on your enterprise network, roaming, or in remote/branch offices
Unlocking the Data and Business Context
ActiveTrust® Cloud now provides public APIs that allow security admins to pull DNS security event data (in CEF/JSON format) and contextual information into tools like SIEM. Security ecosystem tools can then take action on these hits. Admins can respond to threats faster armed with contextual information like who the infected device is assigned to, wherein the network it is, what type of device it is and more.
Other enhancements to ActiveTrust® Cloud include:
- Reporting enhancements with more relevant data on malicious activities made readily available
- Distribution of ActiveTrust® Endpoint through McAfee ePO simplifying deployment and management of the endpoint agent, and enabling mass deployment for mutual customers.
Why a hybrid model gives you best of both worlds
Infoblox provides the only truly hybrid DNS security solution with an on-prem and a SaaS-based delivery model and a single dashboard to manage global security policy. So whether your users and devices are in HQ, using public wifi in Starbucks or working in a remote office, they are protected with a single unified solution that unlocks and leverages the rich network and business data from your on-premises systems and integrates it with the security delivered via SaaS.
Learn more about ActiveTrust Cloud here.