infoTECH Feature

December 10, 2015

Infoblox Prevents Data Exfiltration in Real Time

There are many reasons hackers break into the digital assets of an organization, and key amongst them is the theft of sensitive data and intellectual property. And one of the ways they access enterprise information is through the Domain Name System (DNS), because it is not scrutinized by regular security protocols such as firewalls, intrusion-detection systems (IDSs) and proxies. Infoblox has found a solution to that problem, and is introducing the first streaming DNS threat analytics tool that will prevent data exfiltration in real time.

DNS tunneling and current sophisticated data exfiltration techniques are used by elite and amateur hackers. According to a survey carried out by Cloudmark (News - Alert) in December of 2014, almost half, or 46 percent of large businesses, have experienced DNS-based data exfiltration, while 45 percent experienced DNS tunneling.

When a large enterprise falls victim to a data breach, the forensic efforts, resolution and the consequences of customer defection costs an average of $3.8 million. The Anthem data breach has been reported to cost in excess of $100 million, which goes to highlight the increase in losses companies are facing today if their networks are compromised.

As Shannon Provence, executive director of IT at Golden Nugget Hotel & Casino in Las Vegas, said, "In our recent evaluation, the analytics helped us identify threat patterns that were otherwise hard to detect using alternate solutions. Infoblox (News - Alert) DNS Threat Analytics gave us more visibility than we ever had before and allowed us to quickly identify, evaluate, and block suspicious DNS-based activity before it became an issue or caused data loss."

The ingenuity of the Infoblox solution is it protects the DNS infrastructure by leveraging it as a control point to defeat cybercrime. By focusing on this choke point, the company is able to address DNS-based threats with greater efficiency than other security solutions that focus on other components of the IT infrastructure.

It identifies traits that are linked with data exfiltration attacks in real time, including the size, encryption and timing of outgoing DNS traffic, the Infoblox solution is able to stop unauthorized data from leaving the organization.

"Most firewalls and other security solutions don't examine or understand the structure of DNS queries, a vulnerability that hasn't escaped the attention of cybercriminals," said Scott Fulton, executive vice president of products at Infoblox.

The Infoblox DNS Threat Analytics is a patented technology with an analytics engine that examines host.subdomain and TXT records in DNS queries and uses entropy, lexical analysis, time series, and other factors to determine if there is data in queries. This allows it to go beyond standard signatures, based on query behavior and patterns to detect any new techniques of exfiltration.

Infoblox DNS Threat Analytics is expected to be available in January 2016.




Edited by Kyle Piscioniere
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers