You are on page 1of 118

Secure and Control Your Network!

Giancarlo Palmieri | Pre-Sales Engineer | Infoblox Italy


17 February 2016

1 | 2013
2015 Infoblox Inc. All Rights Reserved.

Agenda
1

The Infoblox Solution

2 The Grid
3 Advanced DNS Protection

DNS Firewall

DNS Traffic Control

Cloud Automation

2 | 2013
2015 Infoblox Inc. All Rights Reserved.

Network Automation

Infoblox

Automate the Network and its Core Services


Real Time Visibility
and
Task Automation

Applications

Infoblox DDI,
Trinzic Enterprise
Automate IP Mgt, DNS & DHCP

Communicate /
Take Action

Closed Loop
Automation

Infoblox NetMRI
Track and automate change

3 | 2013
2015 Infoblox Inc. All Rights Reserved.

Core Services:
DNS / DHCP / IPAM

Network
Routing, Switching

IT Analyst Validation
Gartner: usage of a commercial
DDI solution can reduce (network)
OPEX by 50% or more.
IDC: Infoblox is the only major DDI vendor
to gain market share over the
past three years.
Gartner: Infoblox has the highest degree
of visibility in the market shows up on
nearly all client shortlists, and is commonly
perceived as the market leader.

4 | 2013
2015 Infoblox Inc. All Rights Reserved.

Worldwide DDI
Market Share 2013

Top CIO Concerns


Agility

Security

Efficiency

Are We Nimble
Enough?

Are We Protecting
the Business?

Can We Shift $$ to
Strategic Projects?

5 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox listen to Key IT Initiatives


Security

Malware & Advanced Persistent Threats (APT)


Infrastructure attacks (DDoS)
Data Exfiltration
Cloud

Ongoing evolution of the Data Center


Private, Public, Hybrid
Automation

Budget for IT headcount continues to decline


Skilled staff more difficult to find and retain

6 | 2013
2015 Infoblox Inc. All Rights Reserved.

Barriers to Success
Security

Attacks growing in volume and sophistication


Traditional approaches are helpful but insufficient
Cloud

Manual network orchestration


Takes hours or days to setup network elements
Different DDI constructs for on Prem & Public
Cloud

Automation

Manual network configuration, spreadsheet


management, and home-grown scripts

7 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Recommended Approach


Address risk to critical infrastructure
first. Protect against external
attacks & malware call-backs

Deliver reliable, high performance


network services for
data center, branch, cloud

1.
Secure

2.
Control

3.
Automate

8 | 2013
2015 Infoblox Inc. All Rights Reserved.

Automate the most


time-consuming network tasks
like discovery, change and
configuration management

Traditional Network Architecture

Security Vulnerabilities
Hacks of DNS server
External attacks (DNS DDoS)
Malware inside network

INTERNET

Management Silos
Multiple points of management
Multiple data silos
Single Points of Failure

FIREWALL

DMZ

BIND DNS
AMERICAS

INTRANET

Vulnerable

MICROSOFT
DNS

BIND DNS
APJ

BIND DNS
EUROPE

Vulnerable

MICROSOFT
DHCP

DENVER
APPS &
END-POINTS

Vulnerable

Vulnerable

Vulnerable

APPS &
END POINTS

9 | 2013
2015 Infoblox Inc. All Rights Reserved.

MICROSOFT
DNS

Vulnerable

MICROSOFT
DHCP

MICROSOFT
DNS

MICROSOFT
DHCP

TOKYO

LONDON

Vulnerable
(Malware)

VIRTUALIZATION &
PRIVATE CLOUDS

DMZ

INTERNET

Where Infoblox Helps


(1) Secure
! Secure Platform
! Protection from external attacks
! Block Malware call-backs
! Data Exfiltration protection

EXTERNAL
DNS

EXTERNAL
DNS

(2) Control
! Highly efficient, centralized control
! ONE authoritative IPAM data source

INTRANET

IPAM

APPS &
END-POINTS

INTERNAL
DNS & DHCP
DENVER

APPS &
END POINTS

10 | 2013
2015 Infoblox Inc. All Rights Reserved.

INTERNAL
DNS & DHCP
TOKYO
(3) Automate
! DDI + Automation for
Virtualization & Hybrid Clouds

VIRTUALIZATION &
PRIVATE CLOUDS

Infoblox Appliances Automate


Core Network Services
DNS (DNSSEC)
DHCP
IPAM
FTP/TFTP/HTTP
NTP

" Integrated Core Network Services on hardened appliances


" Centralized visibility & control of appliances, protocols and data

SIMPLE

11 | 2013
2015 Infoblox Inc. All Rights Reserved.

SECURE

RELIABLE

12 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Grid Robust, Reliable Technology


Grid Benefits
" Automated Failover &
Disaster Recovery
" Automated Maintenance

Grid
Master

All devices are


synchronized through
a shared
distributed database

Reporting
Member

Local
Member

Remote
Member
Virtual
Appliance
Member

Infoblox Grid
13 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized
visibility
& control

Infoblox Grid Technology


Simple, Secure and Reliable
Grid: a collection of secure member
appliances, all running the same
software, providing one or more
services (DNS, DHCP, Discovery, File
Delivery, NTP etc.)
Coordinated by the Grid Master

Member

Infoblox
Grid
External DNS

Grid
Master

Member

Sharing a Distributed Database

Communicating via an SSL VPN

Provides:
- Centralized visibility and control
- Real time IPAM & discovery
- Monitoring and reporting
- Failover and disaster recovery
for services, data & management
14 | 2013
2015 Infoblox Inc. All Rights Reserved.

DNS, DHCP, NTP

Grid Master
Candidate

IPAM, DNS
DHCP, NTP

(with Zero Maintenance)

Grid Manager GUI


DNS
NTP

DNS, DHCP, NTP

External DNS

Member

Member

Reporting
Member
Configuration Examples
14

Real-time and Automated DNS/DHCP & IPAM


Reduce Risk & Expense
" Real-time and historical insight
on connected IP endpoints and
networks
" Monitoring of IP and subnet
usage
" Delegation and automation of IP
provisioning tasks
" Secure DNS
" Auditing and reporting
" Enhances installed Microsoft
DNS/DHCP

15 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Physical and Virtual Appliance


Infoblox vNIOS
Virtual Appliance
Software

Virtual Grid
Member

Grid Master
Management
Interface

Virtual Grid
Member
VMWare
ESX / ESXi

Virtual Grid
Member

Riverbed Appliance with


Infoblox vNIOS

Infoblox
Grid

Virtual Grid
Member

Cisco 28/29xx & 38/39xx


ISR with Infoblox vNIOS
Grid Member

Virtual Grid
Member
Grid Master Candidate

Agent-less

Microsoft
DNS / DHCP

Microsoft
DNS / DHCP

Replacing Servers with Appliances in Branch Offices Improves Performance,


Provides Local Survivability and Drives Compelling ROI
16 | 2013
2015 Infoblox Inc. All Rights Reserved.

16

Virtual Appliances

Infoblox Appliances Family


Regional
Centers

Headquarters

Branch
Offices

PT-4000
PT-2200

Edge/Remote
Locations

ND-4000

Trinzic Reporting

PT-1400
ND-2200

Trinzic 4030

ND-1400
Trinzic 4010

Network
Automation
4000

Trinzic 2220

ND-800

Trinzic 100

!
!
!
!

Trinzic 2210

Trinzic 1420

Network
Automation
2200

Trinzic 1410
Trinzic 820
Trinzic 810

17 | 2013
2015 Infoblox Inc. All Rights Reserved.

Network
Automation
1400

The Infoblox Product Portfolio


Core Network
Services

IP Address
Management (IPAM)

Network
Automation

Infoblox DDI:
(DNS, DHCP, IPAM)

IPAM

NetMRI

Cloud Network Automation

Network Insight

Automation Change
Manager

DDI for Amazon Web Services


(AWS)

IPAM for Microsoft (Windows


Server)

Security

External DNS Security


DNS Firewall

Subscriptions

Internal DNS Security

DNS
Firewall-FireEye Adapter

DNS Traffic Control

Infoblox Advanced Reporting

Infoblox Grid
Real-time Network Database

Physical & Virtual Appliances

18 | 2013
2015 Infoblox Inc. All Rights Reserved.

The Infoblox Product Portfolio


Core Network
Services

IP Address
Management (IPAM)

Network
Automation

Infoblox DDI:
(DNS, DHCP, IPAM)

IPAM

NetMRI

Cloud Network Automation

Network Insight

Automation Change
Manager

DDI for Amazon Web Services


(AWS)

IPAM for Microsoft (Windows


Server)

Security

External DNS Security


DNS Firewall

Subscriptions

Internal DNS Security

DNS
Firewall-FireEye Adapter

DNS Traffic Control

Infoblox Advanced Reporting

Infoblox Grid
Real-time Network Database

Physical & Virtual Appliances

19 | 2013
2015 Infoblox Inc. All Rights Reserved.

20 | 2013
2015 Infoblox Inc. All Rights Reserved.

The Position

Protect Now or Wait until its Too Late?


21 | 2013
2015 Infoblox Inc. All Rights Reserved.

The Problem

DNS-based attacks
are on the rise

Traditional
protection is
ineffective against
evolving threats

DNS outage causes


network downtime,
loss of revenue,
and negative brand
impact

Unprotected DNS infrastructure introduces security risks


22 | 2013
2015 Infoblox Inc. All Rights Reserved.

Why is DNS an Ideal Attack Target?

DNS is the
cornerstone of the
Internet, used by
every business and
government

DNS protocol is
stateless and hence
vulnerable

DNS as a protocol
is easy to exploit

Maximum impact with minimum effort


23 | 2013
2015 Infoblox Inc. All Rights Reserved.

How DNS DDoS is Becoming Easier


Attack apps being built
DDoS attacks against major
U.S financial institutions
Launching (DDoS) taking
advantage of Server bandwidth
4 types of DDoS attacks:

DNS amplification,
Spoofed SYN,
Spoofed UDP
HTTP+ proxy support

Script offered for $800


24 | 2013
2015 Infoblox Inc. All Rights Reserved.

2013: The Threat is Significant

Source: Prolexic Quarterly Global DDoS Attack Report Q3 2013

DNS is #2

attack vector protocol

" Attacks that target DNS are growing


" DNS-specific attacks up 200%
from 2012
" ICMP, SYN, UDP flood attacks
growing significantly too
Source: Arbor Networks
25 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Advanced DNS Protection Solution


Unique Detection and Mitigation
" Intelligently distinguishes legitimate DNS traffic from
attack traffic like DDoS, DNS exploits, tunneling
" Mitigates attacks by dropping malicious traffic and
responding to legitimate DNS requests
Ongoing Protection Against Evolving Threats
" Regular automatic threat-rule updates based on
threat analysis and research
" Helps mitigate attacks sooner vs. waiting for patch
updates
Centralized Visibility
" Centralized view of all attacks happening across the
network through detailed reports
" Intelligence needed to take action
26 | 2013
2015 Infoblox Inc. All Rights Reserved.

Solution Components and Features


" Continuously monitor, detect,
and drop packets of DNS-based
attacks
" Respond to legitimate traffic even
when under attack
" Automatically update for protection
against new and evolving threats
Infoblox Advanced DNS
Protection Service

" Tune traffic thresholds for rules


" DNS only
" DNS appliance purpose built with
security in mind
" Enhanced processing and dedicated
compute for threat mitigation

Infoblox Advanced Appliance


PT-1400, PT-2200, PT-4000
27 | 2013
2015 Infoblox Inc. All Rights Reserved.

Legitimate Traffic

Fully Integrated into Infoblox Grid

Infoblox
Threat-rule Server

Automatic
Threat-rules
updates

Block DNS attacks

New
Infoblox Advanced
DNS Protection
(External DNS)

New
Grid-wide rule
distribution

GRID Master
Send reports

Infoblox Advanced
DNS Protection
(Internal DNS)

Management
Interface
Reporting
Server

Reports on attack types, severity


28 | 2013
2015 Infoblox Inc. All Rights Reserved.

What Attacks Do We Protect Against?


The Rising Tide of DNS Threats

TCP/UDP/ICMP floods:

DNS amplification:

DNS cache poisoning:

Protocol anomalies:

Flood victims network with large


amounts of traffic

Use amplification in DNS reply to


flood victim

Corruption of a DNS cache


database with a rogue address

DNS tunneling:

Tunneling of another protocol


through DNS for data ex-filtration

DNS based exploits:


Exploit vulnerabilities in
DNS software

Malformed DNS packets causing


server to crash

Top

DNS
attacks

DNS hijacking:

Subverting resolution of DNS queries


to point to rogue DNS server

Reconnaissance:

Probe to get information on network


environment before launching attack

DNS reflection/DrDos:

Fragmentation:

Phantom Domain:

NXDOMAIN:

Use third party DNS servers to


propagate DDoS attack

Force DNS server to resolve multiple


non-existent domains and wait for responses

29 | 2013
2015 Infoblox Inc. All Rights Reserved.

Traffic with lots of small out of


order fragments

Flood DNS server with requests


for non-existent domains

What Attacks Do We Protect Against?


The Rising Tide of DNS Threats

DNS reflection

DNS-based exploits

DNS amplification

DNS cache poisoning

TCP/UDP/ICMP floods

DNS tunneling

NXDOMAIN attack

Protocol anomalies

Phantom domain attack

Reconnaissance

Random subdomain attack

DNS hijacking

Domain lockup attack

Domain lockup attack

Volumetric/DDoS Attacks

DNS-specific Exploits

Secure DNS is Not Only About DDoS


30 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized Visibility: Reporting


Intelligence Needed to Take Action

Attack details by category, member, rule, severity, and time


Visibility into source of attacks for blocking, to understand scope and severity
Early identification and isolation of issues for corrective action
31 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized Visibility: Reporting


Event Count by Category

32 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized Visibility: Reporting


Event Count by Severity Trend

33 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized Visibility: Reporting


Event Count by Member Trend

34 | 2013
2015 Infoblox Inc. All Rights Reserved.

Centralized Visibility: Reporting


Event Count by Member Time

35 | 2013
2015 Infoblox Inc. All Rights Reserved.

36 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox ADP - External Authoritative


Protection against Internet-borne Attacks

INTERNET

Advanced DNS
Protection

Advanced DNS
Protection

DMZ
INTRANET
Grid Master
and Candidate (HA)
Data Center

Grid Reporting Member


- Campus office
- Regional office(s)
- Disaster recovery site(s)

Advanced DNS Protection when deployed as an external authoritative DNS server


can protect against cyberattacks
37 | 2013
2015 Infoblox Inc. All Rights Reserved.

Internal DNS
Protection against Internal Attacks on Recursive Servers
INTRANET
GRID Master
and Candidate (HA)

Reporting
Data Center

Advanced DNS
Protection

- Campus office
- Regional office(s)
- Disaster recovery site(s)

Advanced DNS
Protection

Endpoints

Advanced DNS Protection can secure internal DNS environments where internal
user traffic is hostile
38 | 2013
2015 Infoblox Inc. All Rights Reserved.

Advanced Appliances Come in Three


Physical Platforms

Note: Customers who have IB-4030 Rev2 just need to purchase the Advanced DNS Protection service

Advanced Appliances have next-generation programmable processors


that provide dedicated compute for threat mitigation.
The appliances offer both AC and DC power supply options.
39 | 2013
2015 Infoblox Inc. All Rights Reserved.

How Does IB-4030 & ADP Work?


BIND

DCA

4-BIND Cached
Response

Yes

3-DCA Cached
Response

ADP

Yes

BIND
Cached
?

No

DCA
Cached
?

No

No

Yes

Smart NIC

6-Recursion
No

1- DNS Query

Threat
Rule
Match
?

BLKLIST
Match?

Yes

2-Drop/Rate Limit

5-Synthesized Response (Pre-Recursion)

Internet
7-Response

ADP

Client
NXDR
Match?

Yes

9-Synthesized Response (Post-Recursion)

Yes

9-Synthesized Response (Post-Recursion)

No

8-Drop/Rate Limit
DFW

Match?
No

9-Recursive Response

Host Appliance

40 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox - Differentiation and Value


Infoblox
Standard
DNS server
General DDoS
DNS DDoS
DNS server OS and
application
vulnerabilities
Flood attacks
Semantic attacks
Cache poisoning
DNS Reflection
Tunneling
DNS Amplification

41 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox
Advanced

Load
Balancers

Pure
DDoS

NGFW

IPS

Cloud

The Basic ADP Technology Principles


Legitimate Traffic

DNS Traffic PreFiltering


Real-Time Automatic
Pattern Detection
Infoblox
Threat-rule Server

Automatic Rules
update

Automatic
updates

Advanced DNS Analysis Engine


Legitimate Traffic

DNS
BIND Engine

42 | 2013
2015 Infoblox Inc. All Rights Reserved.

BAD Traffic

43 | 2013
2015 Infoblox Inc. All Rights Reserved.

Legitimate Traffic

Infoblox Advanced DNS Protection


Infoblox
Threat-rule
Server

Grid
Master

Infoblox
Advanced DNS
Protection
(External DNS)
Grid-wide rule
distribution

Infoblox Advanced
DNS Protection
(Internal DNS)

Data for
Reports

Automatic Updates
(Threat Rules)

Management
Interface

Reporting
Server
Reports on attack types, severity
44 | 2013
2015 Infoblox Inc. All Rights Reserved.

How to Run an ADP PoC


In-Line
Deploy the ADP in-line to accept
and deal with your incoming traffic
(run in Monitor Mode)

Traffic Capture
Capture traffic in front of the DNS
(PCAP) to be analyzed in the
Infoblox Labs

Off-Line
Deploy ADP on a SPAN port with
live DNS traffic. ADP will configure
MAC Address of customers DNS,
resolve and generate reports on
attacks found
45 | 2013
2015 Infoblox Inc. All Rights Reserved.

In-Line PoC with ADP

Query

Response

Internet

Replace the standard DNS with an


Infoblox solution with ADP
protection (run in Monitor Mode)

LAN1

Switch

Grid
Advanced DNS
Protection

Reporting

Grid Master

DNS

Management
Interface
46 | 2013
2015 Infoblox Inc. All Rights Reserved.

46

Traffic Capture
Traffic Capture
Capture traffic (PCAP) in front of the
External DNS to be analyzed in the
Infoblox Labs
We will run the same PCAP traffic in
our Lab and return all valuable
results in a structured document

47 | 2013
2015 Infoblox Inc. All Rights Reserved.

Off-Line PoC with ADP (Enterprise)


Internet

Caching
DNS

LAN2
Span4Port

Switch

LAN1

Grid

Advanced DNS
Protection

Reporting

Query

Response

Grid Master

Clients

Internal Network
48 | 2013
2015 Infoblox Inc. All Rights Reserved.

Management
Interface
48

Off-Line PoC with ADP (Service Provider)

Response

Query

Internet

LAN1

Switch

SPAN4Port

LAN2

Grid

Advanced DNS
Protection

Reporting

Grid Master

Caching
DNS
Management
Interface
49 | 2013
2015 Infoblox Inc. All Rights Reserved.

49

See DNS Attacks with Reports

POC hardware shipped with temp license to enable threat protection


automatically (License expiration: 60 days)
POC includes virtual Reporting Server and virtual Grid Master
50 | 2013
2015 Infoblox Inc. All Rights Reserved.

ADP Grid Setup (with Live Traffic)


Internet
Infoblox
Threat-rule
Server

Incoming DNS Traffic


(with threats)
LAN1

Advanced DNS
Protection
(External DNS)

Automatic Updates
(Threat Rules)

LAN1

Grid-wide rule
distribution

Grid
Data for
Reports

Grid
Master

MGMT

LAN1

Management
Interface

Reporting
Server
Reports on attack types, severity
51 | 2013
2015 Infoblox Inc. All Rights Reserved.

Next Steps
Request the free POC
https://www.infoblox.com/downloads/
software/advanced-dns-protection-trial

Deploy with help of an Infoblox SE


See if your DNS is under attack
Block attacks and prevent downtime
with the full featured Advanced DNS
Protection

52 | 2013
2015 Infoblox Inc. All Rights Reserved.

53 | 2013
2015 Infoblox Inc. All Rights Reserved.

Overall Malware Threats Booming


New Malware

Startling statistics

10,000,000

8,000,000

Around 7.8 million new Malware


threats per quarter in 2012
Mobile threats grew about 10X
in 2012*

6,000,000

4,000,000

2,000,000

855 successful breaches / 174 million


records compromised
in 2012**
69% of successful breaches
utilized Malware**
54% took months to discover,
29% weeks**
92% discovered by external party**

Q1
Q2
Q3
Q4
Q1
Q2
Q3
Q4
Q1
Q2
Q3
2010 2010 2010 2010 2011 2011 2011 2011 2012 2012 2012

Total Mobile Malware Samples in the Database


25,000

20,000

15,000

10,000

5,000
* Source: McAfee Threats Report: Third Quarter 2012
** Source: Verizon Security Study 2012

54 | 2013
2015 Infoblox Inc. All Rights Reserved.

0
2004

2005

2006

2007

2008

2009

2010

2011

2012

54

Security Breaches 2013


Advance Persistent Threat is on the Rise.
July 25, 2013
Nasdaq, Visa, JCPenney among hacking victims:
prosecutors
NEWARK, New Jersey (Reuters) - The United States on Thursday
named major corporations including Nasdaq OMX Group Inc, New
York Times, J.C. Penney Co Inc and Visa Inc as among the victims
of what federal prosecutors said is the largest hacking and data
breach case prosecuted in the nation.

$300 Million
Stolen

55 | 2013
2015 Infoblox Inc. All Rights Reserved.

Security Breaches 2014


Malware from Yahoo.
December 31, 2013
Malware attack hits thousands of Yahoo users per
hour
(CNN) -- A malware attack hit Yahoo's advertising server over the
last few days, affecting thousands of users in various countries, an
Internet security company said.
In a blog post, Fox-IT said Yahoo's servers were releasing an
"exploit kit" that exploited vulnerabilities in Java and installed
malware.
"Clients visiting yahoo.com received advertisements served by
ads.yahoo.com," the Internet security company said. "Some of the
advertisements are malicious."
For a time during the attack, which started on Dec. 31, 2013, and
was discovered on Jan.3, 2014, the malware was creating an
estimated 27,000 infections per hour.
The Infoblox DNS Firewall Subscription service had identified
and blocked the malicious IP before Yahoo noticed the
malware.
56 | 2013
2015 Infoblox Inc. All Rights Reserved.

DNS Firewall quick overview


Many organizations on the Internet track malicious activity
They know which web sites are malicious
They know which domain names malware look up to rendezvous with
command-and-control servers

DNS Firewall relies on RPZ (Response Policy Zones)


Response Policy Zones are funny-looking zones that
embed rules instead of records
The rules say, If someone looks up a record for this [malicious]
domain name, or that points to this [malicious] IP address, do this.
This is generally return an error or return the address of this
walled garden instead

57 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox DNS Firewall


Blocking Malware

Infoblox Malware
Data Feed Service

An infected device brought into


the office. Malware spreads to
other devices on network.

4
2

Malicious
domains

IPs, Domains, etc.


of Bad Servers

Malware /
APT

Malware makes a DNS query


to find home. (botnet / C&C).
DNS Firewall detects & blocks
DNS query to malicious domain

Internet
Intranet

Infoblox DDI
with DNS
Firewall

Blocked attempt
sent to Syslog

1
2

Pinpoint. Infoblox Reporting lists

3 blocked attempts as well as the:

IP address
MAC address
Device type (DHCP fingerprint)
Host name
DHCP lease history

DNS Firewall is updated every 2

4 hours with blocking information


from Infoblox DNS Firewall
Subscription Servic

Malware / APT spreads


within network; Calls home
58 | 2013
2015 Infoblox Inc. All Rights Reserved.

DNS Firewall - FireEye Integration


Rogue
Portals

C & C / Proxy
Portal IPs

Reputational Feed
from Infoblox

5
Ips/Domains/etc.
of bad servers

Compromised
Web Server or
Domain
13.13.13.13
12.12.12.13.

INTERNET

DNS Server W/
DNS Firewall

FireEye
2
Play Malware
Attack

e&
nam ss
n
i
a
e
Dom IP addr
t
s
e
o
k d
H
bloc
e
b
to

INTRANET

59 | 2013
2015 Infoblox Inc. All Rights Reserved.

4
Infoblox Reporting
Server ID infected
device by IP, MAC
address & device type

Detects & detonates


advanced malware

Infected
Enterprise
End-point

Block / Re-direct
DNS Query

for remediation
Malware / apps
Initiate DNS requests
for web domains

Infoblox Malware Data Feed Service

Malware
Droppers

External Feed:
Legge Gentiloni

Botnet C&C /
DNS Servers

RPZ data
pushed thru
signed XFR
Infoblox
Malware Data
Feed Service

Inbound
Attacks

Geographic
Blocks

60 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox
DNS Firewall

24/7 service
Data from over 35 different public and
proprietary sources 7 feed types
Incremental threat data changes are
pushed every 2 hours
Significant threats cause immediate
updates (notify)

DNS Firewall & Reporting


List of Top Infected
Clients
What malicious domain
names were requested
and number of requests

Security Policy Violations Report

Mitigation performed
(e.g., Redirect, Block, or
Pass)
Lease history by MAC
address & OS Fingerprint
via drilldown option
61 | 2013
2015 Infoblox Inc. All Rights Reserved.

Click to view history


for this IP

Customizing DNS Firewall

62 | 2013
2015 Infoblox Inc. All Rights Reserved.

RPZ Feed Data Export example

zumbapolska.com
becomes NXDOMAIN

63 | 2013
2015 Infoblox Inc. All Rights Reserved.

DNS Firewall implementation


Real life example
Existing customer DNS caching infrastructure
(large research institute)
DNS firewall implemented on caching NS
Log only policy
We got the first high risk trojan within an hour

64 | 2013
2015 Infoblox Inc. All Rights Reserved.

From the reputation lookup tool

65 | 2013
2015 Infoblox Inc. All Rights Reserved.

Industrys First True DNS Security Solution


Infoblox DNS Firewall
Stops DNS-exploiting malware (APT & Botnets)

Solution Components
" Product License (cost based on appliance model)
" Malware Data Feed from Infoblox (optional annual subscription)
" Infoblox GridTM

PREVENTIVE

TIMELY

TUNABLE

Prevents
malware
infection and
execution

Leverages high
quality Malware
Data Feed
updated in near
real time

Maximizes
potency against
malware
worldwide

66 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox DNS Firewall Differentiators


The ONLY solution in the market that offers
these capabilities

Near real-time feed targeted to


DNS-exploiting malware
Proactively prevents infection
Ability to target infected device days
or even weeks later
Policy flexibility by action, by Geo,
and by type
Ranking of the malware that is
actually impacting your organization

67 | 2013
2015 Infoblox Inc. All Rights Reserved.

68 | 2013
2015 Infoblox Inc. All Rights Reserved.

How does the DNS Firewall work?


Redirect

Infected
Client

4
Landing Page /
Walled Garden

Link to malicious
www.badsite.com

Contact botnet
3

Infoblox DNS Firewall /


Recursive DNS Server

Dynamic Grid-Wide
Policy Distribution

Apply Policy

Block / Disallow
session

Infoblox DNS Firewall /


Recursive DNS Server

1 Dynamic Policy
Update

Malware Data Feed


from Infoblox

69 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox DNS Firewall /


Recursive DNS Server

Write to Syslog
and send to
Trinzic Reporting

How to Run a DNS Firewall PoC


In-Line
Deploy the DFW on existing
Infoblox appliances to accept and
deal with your internal DNS traffic

Traffic Capture
Capture traffic in front of the DNS
(PCAP) to be analyzed in the
Infoblox Labs

Off-Line
Deploy DFW on a SPAN port with
live DNS traffic. DFW will configure
MAC Address of customers DNS,
resolve and generate reports on
Malware/Botnet/APT found
70 | 2013
2015 Infoblox Inc. All Rights Reserved.

In-Line PoC with DFW

Internet

Replace the standard


internal DNS with an
Infoblox solution with
DNS Firewall protection
(run in Passthrou Mode)

Internal
DNS

LAN1

LAN2

Grid

DNS Firewall
Grid Master

Reporting

Query

Response

Switch

vAPP4on44
VMWare4vCenter

Clients

Management
Interface

Internal Network
71 | 2013
2015 Infoblox Inc. All Rights Reserved.

71

Traffic Capture
Traffic Capture
Capture traffic (PCAP) in front of the
Internal DNS to be analyzed in the
Infoblox Labs
We will run the same PCAP traffic in
our Lab and return all valuable
results in a structured document

72 | 2013
2015 Infoblox Inc. All Rights Reserved.

Off-Line PoC with DFW


Internet

Internal
DNS
vAPP4on44
VMWare4vCenter
LAN2
Span4Port

LAN1

DNS Firewall
Grid Master

Reporting

Query

Response

Switch

Grid

Clients

Management
Interface

Internal Network
73 | 2013
2015 Infoblox Inc. All Rights Reserved.

73

See DNS Attacks with Reports

Click to view history


for this IP

POC vAPP shipped with temp license and feed activation (Public IP
registration required). License expiration: 60 days
POC is a vAPP for vCenter including a virtual DNS Firewall, also Grid
Master, and a virtual Reporting Server
74 | 2013
2015 Infoblox Inc. All Rights Reserved.

Next Steps
Download the free POC
https://www.infoblox.com/catchmalware

Deploy with help of an Infoblox SE


See if your DNS carrying malicious
DNS requests
Block attacks and prevent downtime
with the full featured DNS Firewall
installation

75 | 2013
2015 Infoblox Inc. All Rights Reserved.

76 | 2013
2015 Infoblox Inc. All Rights Reserved.

What is Global Server Load Balancing? (GSLB)


Global Server Load Balancing (GSLB) uses DNS to direct users to an
appropriate instance of an application. GSLB can be used for distributing
workloads across multiple computing resources or data centers

4
3

DNS for
abc.com

Connect to DC1

gslb.myapp.abc.com

GSLB

DC1
Web/App Server
(myapp.abc.com)

DC2

Web/App Server
(myapp.abc.com)

77 | 2013
2015 Infoblox Inc. All Rights Reserved.

IT Networking Challenge
Availability

Service Optimization

Cost Efficiency & Ease


of Management

Provide 100%
availability of
internet facing
services

Optimize
performance by load
balancing
application requests

Cost and complexity


of traditional GSLB
solutions

78 | 2013
2015 Infoblox Inc. All Rights Reserved.

Introducing Infoblox DNS Traffic Control


Market Leading DNS & Integrated Global Load Balancing
Uses DNS to intelligently route traffic to the
appropriate data center based on server load, health
(availability), or pre-defined ratio.
Helps Internet facing apps (eg. Web sites) perform
better and ensure greater service availability.
Improves response time by directing web requests
based on geo-location
Integrated DNS + GSLB reduces your CAPEX (one
less box) and OPEX (management effort &
administrator overhead)
Fully integrated with Infoblox NIOS and Advanced
DNS Protection
79 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox DNS Traffic Control


Scalable DNS with Integrated Global Load Balancing
Uses DNS to Intelligently route traffic to the
appropriate global datacenter
Directs web requests across active or standby sites
based on servers health
Optimizes performance and ensures 100% availability
of internet facing services (e.g. web site)
Improves response time by directing web requests
based on Geo-Location

80 | 2013
2015 Infoblox Inc. All Rights Reserved.

Integrates a cost-effective GSLB within an


Authoritative DNS server to simplify web infrastructure
and reduce the cost of deploying, configuring and
managing multiple devices
Simplified management

DNS Traffic Control (DTC)


Integrated GSLB Functionality
Directs customer web traffic to most efficient
location based on server availability /
geography / health-check
Directs queries between load balanced
resources utilizing multiple load balancing
algorithms
Global Availability, Ratio, Round Robin,
Topology
Supports both paid and free Maxmind geolocation data bases

100%
100%

50%

Automated health-check
Performs health check against load balanced
resources

HTTP / HTTPS / TCP / SIP / ICMP / PDP


connections

Integration with NIOS, Grid and Advanced DNS


Protection
New Reports
81 | 2013
2015 Infoblox Inc. All Rights Reserved.

How Does DNS Traffic Control Work?


Client sends a DNS request to IB DNS
Server

IB DNS Server resolves the query


If the final query name belongs to a
zone for which the server is
authoritative and matches an
LBDN linked to that zone, then
DTC handles the response
Otherwise normal DNS processing
occurs

5
1

If the cache contains a previous

myapp.abc.com
(201.10.0.1)

myapp.abc.com
(101.10.0.1)
Health Check

2&3

Health Check

answer to the same request for the


same client and that server is still
available, it is selected.
Otherwise, based on the
availability and configured topology
rules, DTC selects first a pool and
then a specific server from that
pool

A DNS record is synthesized from the


address of the selected server and
returned to the client
Resource
Pool B

Each member performs


independent health monitoring to
ensure that pool members or
servers are able to receive traffic

82 | 2013
2015 Infoblox Inc. All Rights Reserved.

Resource
Pool A

The client contacts the server

Load Balancing Methods and Health Monitors


Load Balancing Methods

Global Availability

Clients are directed to the first resource in a list, i.e. a resource pool. Only if
the first resource becomes unavailable then DNS Traffic Control directs clients
to the next resource in the list.

Ratio

Clients are directed to servers in a pool or among pools (in a multiple pool
configuration) using weighted round robin.

Topology

DNS Traffic Control uses predefined geo mapping and other user-defined
source IP/subnet-based mapping to adjust the response to a query.
Health Monitors

HTTP/HTTPS

Validates the health of a HTTP/HTTPS service by first sending a specific


HTTP message to a server and then examining the returned code received
from the server.

TCP

Validates the health of a server by attempting a full TCP handshake.


Completing a handshake and establishing a connection constitutes success.

SIP

The SIP monitor determines the health of a SIP server by issuing SIP options
to the server and examining the returned code received from the server.
Supports the following transports: TCP, UDP, TLS, SIPS

PDP

Validates the health of a server by sending a fixed GTP ECHO. Receiving any
ECHO response constitutes success.

ICMP

Sends an ICMP/ICMPv6 Echo Request to the IP address of the target server


and expects an ICMP/ICMPv6 Echo Response.

83 | 2013
2015 Infoblox Inc. All Rights Reserved.

Use Cases
Infoblox DNS Traffic Control
DC Disaster Recovery
Load Balancing Requests
Geo Location
Internal server balancing and failover
DNS views for records

84 | 2013
2015 Infoblox Inc. All Rights Reserved.

Use Case 1: DC Disaster Recovery


Hong Kong

Policy:
Direct all requests originating from U.S to
SJ or SF using Round Robin
Direct all request originating from ROW to
Paris or London using Round Robin

Clients

Remote Site 3 (San Jose)


Remote Site 4 (Paris)

x.abc.com
101.10.0.1

x.abc.com

201.10.0.1

Site 1 (San Francisco)


Ib_sf.abc.com

Site 2 (London)
1

Local Load
Balancer
VIP =100.10.0.1
85 | 2013
2015 Infoblox Inc. All Rights Reserved.

Health Check

x.abc.com

Ib_ld_.abc.com
Local Load
Balancer
VIP =200.10.0.1

x.abc.com

Use Case 2: Load Balancing Requests


New York Boston

Policy:
Direct all requests originating from U.S
to SJ or SF using Round Robin,
Direct all request originating from ROW to
Paris or London using Round Robin

Client 2

Client 1

Remote Site 3 (San Jose)


Remote Site 4 (Paris)

x.abc.com
101.10.0.1

2
3

x.abc.com

201.10.0.1

Site 1 (San Francisco)

Site 2 (London)

Ib_sf.abc.com
Health Check
Local Load
Balancer
VIP =100.10.0.1
86 | 2013
2015 Infoblox Inc. All Rights Reserved.

x.abc.com

Ib_ld_.abc.com
Local Load
Balancer
VIP =200.10.0.1

x.abc.com

Use Case 3: Geo Location


Policy:
Direct all requests originating from U.S to
SJ or SF using Round Robin
Direct all request originating from
ROW to Paris or London using Round
Robin

Sydney, Au

Clients
2

Remote Site 3 (San Jose)


Remote Site 4 (Paris)

x.abc.com
101.10.0.1

x.abc.com

Site 1 (San Francisco)

201.10.0.1

Ib_sf.abc.com

Site 2 (London)
1

Local Load
Balancer
VIP =100.10.0.1
87 | 2013
2015 Infoblox Inc. All Rights Reserved.

Health Check

x.abc.com

Ib_ld_.abc.com
Local Load
Balancer
VIP =200.10.0.1

x.abc.com

Health Check Capabilities/Parameters

Descriptions: The health check monitors validates the health of a service by first
sending a specific message to a server and then examining the response received from
the server. The validation is successful if the received response matches the expected
message.

Heath Check Options: HTTP / HTTPS / TCP / SIP / ICMP / PDP

Common Configuration Parameters

Interval

Timeout

Retry up counts

Retry down count

Other configurable parameters

HTTP / HTTPs / SIP:

Http Request

Expected Return Code

Client Certificate

Ciphers

Port

Transport (SIP only)

TCP:

Port

88 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Advantages
Availability

Control

Performance

Security

High Integrity DNS Platform with a robust DNS control plane

Intelligent DNS query direction to ensure high application availability


Superior management via advanced DNS control plane
Centralized visibility into all DNS conditions
Server consolidation and lower TCO
Best-in-class protection against DNS threats

89 | 2013
2015 Infoblox Inc. All Rights Reserved.

Licensing Strategy
Requires NIOS 7.0 or higher
Enables:

Creation and management of LBDN records


Assignment of Global Pools of Load Balanced Resources
Perform Health Check against Load Balanced Resources
Direct queries between Load Balanced Resources using various Load Balancing
Algorithms
DNS Traffic Control Reports (Reporting appliance required)

New Licenses
(DTC)

Licensing
Packages

Platform
Supportability

90 | 2013
2015 Infoblox Inc. All Rights Reserved.

Licensed per Appliance


Available as add-on modules (for existing deployments)
Available as bundled SKUs (for new deployments)

91 | 2013
2015 Infoblox Inc. All Rights Reserved.

Market Dynamics:
Private Clouds Deployments on the Rise
IT Departments Increasingly Want Their Own
Amazon-like Cloud In-househere is why:
IT & Business
Agility

Faster App roll-out


Self-service

92 | 2013
2015 Infoblox Inc. All Rights Reserved.

Cost Savings

Commodity gear
Better utilization

LOB Productivity

Less time waiting


More time producing

Private Cloud Perception vs. Reality


How long does it take deploy a new virtual instance?
Perception
Snap of the fingers
Measured in seconds or
minutes

93 | 2013
2015 Infoblox Inc. All Rights Reserved.

Reality
Slow with manual processes
Measured in hours, days or
weeks

Hidden Achilles Heel for Cloud Deployments


Traditional Approach

Provision
Virtual
Instance

Request IP
or Use
Allotment

Forward IP
Data for
Tracking

1
Automated

Update
Database or
Spreadsheet

Request
DNS
Record

Allocate
and Manually
Enter DNS

Clean Up
When
De-provisioned

Manual

Multiple teams and handoffs


Shortcuts cause gaps and dangers
Lack of correlated view across the organization
Risk for compliance and auditing

94 | 2013
2015 Infoblox Inc. All Rights Reserved.

Cloud Network Pain Points


No visibility to IP address/DNS records for VM/network resources
No central reporting on lease history, DNS/IP associations

Lack of reliable DDI for Private Cloud


Stability and simplified upgrades of underlying network inhibits Cloud rollout

Network provisioning is too slow for application delivery


No Amazon-like capabilities i.e., on-demand, self-service, DevOps

Requires too much administrator overhead


Manual IP address/DNS provisioning is slow, error-prone

95 | 2013
2015 Infoblox Inc. All Rights Reserved.

Understanding Cloud Architecture


& Where Infoblox Fits
Cloud Consumer

OpenSource:
OpenStack

Commercial:
VMware vCAC, MS SC/VMM

Cloud Management Platform


Cloud Orchestration Layer

Cloud Network
Automation
Management UI
Infoblox Adapters
VMware/Microsoft/OpenStack

Hypervisors
VMware ESXi / MS Hyper-V
Network Functions:
Routing, switching,
firewalls, load-balancers

Compute

Storage

Network

Infoblox DNS/DHCP/IPAM
Core Network Services

Physical Infrastructure

Infoblox Cloud Network Automation helps you get more agility, scale and
reliability from your clouds with fewer human resources.
96 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox Cloud Network Automation


(Adapters Only)
Corporate Data Center
Reporting
id Master
Server

CMP 1 with IB Adapter


id Master
(E.g.
OpenStack)

Grid Master

Internal
DNS

Corporate
Wide DNS

CMP 2 with IB Adapter


idVMware
Master
(E.g.
vCAC)

Grid Member

Grid Member

DHCP
DHCP

Grid Member

VMs
Private Cloud
Data Center 1
97 | 2013
2015 Infoblox Inc. All Rights Reserved.

Internal
DNS

VMs
Private Cloud
Data Center 2

Infoblox Cloud Network Automation


(Cloud Platform)
Corporate Data Center

Reporting
Grid Master w/
id Server
Master Cloud Network Automation

CMP 1 with IB Adapter


id Master
(E.g.
OpenStack)
WAPI

Internal
DNS

New

New

Corporate
Wide DNS

CMP 2 with IB Adapter


idVMware
Master
(E.g.
vCAC)
WAPI

Cloud Platform
Appliance

Internal
DNS
Cloud Platform
Appliance

New

DHCP
DHCP

Cloud Platform
Appliance

VMs

Private Cloud
Data Center 1
98 | 2013
2015 Infoblox Inc. All Rights Reserved.

New
VMs

Private Cloud
Data Center 2

Infoblox Cloud Network Automation


3

Scalable cloud platform


deployment

Virtual appliances that supports communication with


Cloud Management Platforms through Infoblox
Adapters
Deployed per data center to support scale-out

Cloud-focused discovery
and visibility

Centralized, integrated management user interface


Cloud widgets for monitoring cloud network elements
Cloud-specific reports

Integrated adapters

99 | 2013
2015 Infoblox Inc. All Rights Reserved.

Free adapters to integrate with key cloud


management / orchestration platforms
Leveraging RESTful API

Cloud Network Automation New GUI

100 | 2013
2015 Infoblox Inc. All Rights Reserved.

Provisioning a VM using a Cloud Management Platform


with Infoblox Integration
1 - A cloud admin/user requests a VM to be created through
self service portal

2 - CMP/Orchestrator calls the


Infoblox Adapter

CMP/Orchestrator
Infoblox
Adapter
3 - Infoblox Adapter
contacts NIOS via WAPI
for Next Available IP and
creates DNS Records
for VM

Infoblox Grid Master

Hypervisor
6 - VM starts up
either with
injected static IP
or IP allocated via
DHCP Request to
Member (Fixed
Address)

5 CMP/Orchestrator
Spins up VM on
Hypervisor
Infoblox Grid Member
DNS/DHCP

7 - End User accesses VM


using DNS FQDN
End User

101 | 2013
2015 Infoblox Inc. All Rights Reserved.

4 - GM synchronizes
Host record or Fixed
Address + A/AAAA/PTR
with Grid Member

DDI Support for OpenStack


Description
Extend DDI to manage VM networks created by
OpenStack
Infoblox Grid

Infoblox Adapter
Reporting
Server

API

" Allocates/De-allocates IP addresses when


VMs are created or floating IPs are assigned

Grid Master

Grid
Member
Grid
Member

Grid
Member
DDI Service

IP

IP

Project 9

IP

DDI Service

IP

IP

" Creates/Deletes networks via OpenStack UI/


CLI/APIs

IP

Project 10

102 | 2013
2015 Infoblox Inc. All Rights Reserved.

DDI Service

IP

IP

Project 11

IP

" Creates/Deletes DNS host records or A/AAAA/


PTR/CNAME records for allocated IPs
" Provides DNS and DHCP Services to VMs
" Manages internal and external networks
Benefits
Centralized Cross Platform DDI Service
(OpenStack/VMware/Microsoft Compatible)
High Availability
Operational Efficiency
Lower cost of migration (Physical to Virtual to
Cloud)

Delivering the Cloud Promise with Infoblox

IPAM & DNS


Automation

Multi-vendor
Cloud
Integration

Enhanced
and
Extended
Visibility

Auditing and
Compliance

Centralized
and
Integrated
Management

Always On
Core
Network
Services

Speed Deployment Times with Infoblox Cloud Network Automation

103 | 2013
2015 Infoblox Inc. All Rights Reserved.

The Power of Cloud Network Automation


Traditional Approach

Provision
Virtual
Instance

Request IP
or Use
Allotment

Forward IP
Data for
Tracking

Update
Database or
Spreadsheet

Automated

Automated

4
Manual

Infoblox Cloud Network Automation

Provision
Virtual
Instance

Request
DNS
Record

Automated

104 | 2013
2015 Infoblox Inc. All Rights Reserved.

Allocate
and Manually
Enter DNS

Clean Up
When
De-provisioned

105 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox NetMRI
The way to active DDI
Infoblox NetMRI
Network discovery and inventory
Monitor and track changes
Switch Port Management
Proactive Check against best practices
Proactive Check against security policies
Automate change in lock step with DDI
Automatic VRF detection and handling

106 | 2013
2015 Infoblox Inc. All Rights Reserved.

Infoblox DDI
Automation

Interaction with network Via:


SNMP
CLI/configuration
Syslog
Fingerprinting

106

NetMRI: So, what is this thing?


Automated discovery and inventory of network elements
Inventory of network components including multivendor network devices, VLANs, routes, routing
tables, VRF, VRRP/HSRP pairs, subnets, OS, models and more

Intelligent analysis for Layer 2 and 3 network devices


Health and stability of multivendor routers, switches, firewalls, WAN optimization controllers
and more
Find poor and suboptimal configurations automatically

Automated network change


Set user controls/access, automate and track changes
Save and compare historical configurations across multivendor networks

Built-in internal/external compliancy/policy management

Built-in compliance & policy reports (PCI, ISO, SOX, HIPAA, DISA, NSA, STIG etc.
Powerful and easy-to-use design studio form internal, multi-vendor requirements
Hundreds of embedded, documented policy rules for easy re-use and customization
Quickly identifies network elements failing policies

Reports
Rich set of predefined reports for practical information extraction
Easy to create reports to obtain data in customized format
107 | 2013
2015 Infoblox Inc. All Rights Reserved.

Managing Issue Analysis with NetMRI


Proactively alerts of issues problems
and potential suboptimal settings
lurking within the devices

Easy ability to select individual issues


and drill down for more detailed
information

108 | 2013
2015 Infoblox Inc. All Rights Reserved.

108

Managing Issue Analysis with NetMRI


Proactively alerts of issues problems
and potential suboptimal settings
lurking within the devices

Once ability
Easy
the issue
to select
is identified,
individual
theissues
autoand drill down
remediation
options
for more
greatly
detailed
reduce time
information
to
resolve

109 | 2013
2015 Infoblox Inc. All Rights Reserved.

109

Understanding the Impact of Change


Cause & Effect
Help user identify
hard to find issues
See if a change had a
positive or negative
impact on health
Verify if change
impacts policy
compliance
View impact on
device neighbors
110 | 2013
2015 Infoblox Inc. All Rights Reserved.

110

Enforce Compliance and Standardization


Build Consistency
Over 200 prepackaged rules
Wizard encoding of
complex rule logic
Deploy easily
Proactive alerts for
policy violations
Built-in remediation
Live and historical
status, trends and
reports
111 | 2013
2015 Infoblox Inc. All Rights Reserved.

111

Improve Staff Efficiency and Productivity


Empower Staff
Automate data
collection & analysis
Reduce manual time
and effort
Become proactive
Improve remediation
options
Multi-user roles and
access
Views based on
individual needs
112 | 2013
2015 Infoblox Inc. All Rights Reserved.

112

Packaging
" Standalone
" ACM (Automated Change Management)
" NetMRI

113 | 2013
2015 Infoblox Inc. All Rights Reserved.

113

NetMRI Appliance and VM version


NetMRI can be provided in
Hardware (usual Infoblox Appliance, 3 different models)

In VMWare (ESX, ESXi)


Virtual Grid
Member

VMWare
ESX / ESXi

114 | 2013
2015 Infoblox Inc. All Rights Reserved.

114

115 | 2013
2015 Infoblox Inc. All Rights Reserved.

About Infoblox
Total Revenue

Founded in 1999
Headquartered in Santa Clara, CA
with global operations in 25 countries
Leader in securing and automating
mission-critical network services
Market leadership
DNS, DHCIP, IPAM (DDI) Market
Leader (Gartner)
50% DDI Market Share (IDC)

8300+ customers
89,000+ systems shipped to 100
countries
63 patents, 25 pending
IPO April 2012: NYSE BLOX
116 | 2013
2015 Infoblox Inc. All Rights Reserved.

(Fiscal Year Ending July 31)

($MM)
$350

306
$300

250
$250

225

$200

169
$150

133
102

$100

$50

56

62

FY08

FY09

35

$0
FY07

FY10

FY11

FY12

FY13

FY14

FY 15

117 | 2013
2015 Infoblox Inc. All Rights Reserved.

Giancarlo Palmieri
Infoblox Pre-Sales Engineer
Mob: +39 335 789 3463
Email: gpalmieri@infoblox.com

118 | 2013
2015 Infoblox Inc. All Rights Reserved.

You might also like