Network control vendor Infoblox expanded into network security this week with a new DNS firewall and a firewall management tool.
Infoblox DNS Firewall protects insecure protocol
The concept of an on-premises domain name system (DNS) firewall is relatively new, according to Scott Crawford, research director at Enterprise Management Associates (EMA). Although many service providers offer DNS security as part of their DNS services, many enterprises maintain open source DNS servers that are relatively insecure.
But DNS has become a vulnerability in recent years, whether as a target of denial-of-service attacks or as a conduit for malware payloads, according to Arya Barirani, vice president of marketing at Infoblox. And very few network security products protect a network at the control plane layer like DNS. Instead, they focus on the data stream, inspecting things such as IP traffic, malware signatures, application signatures, URL filtering and HTTP communications.
"DNS has become an attack vector because, first of all, the protocol is implicitly trusted in a lot of environments," Crawford said. "There is a more secure implementation of DNS [called DNSsec], but legacy DNS is so entrenched and has been for many years that it is one of those fundamental services on which enterprises rely on. And attackers recognize this."
The Infoblox DNS Firewall populates a company's recursive DNS server with a reputational feed from a third-party provider to identify bad IP addresses, destinations and domain names, as well as botnet controllers, in real time.
"If a user goes to a bad site or a blacklisted site, that connection is blocked from a DNS perspective. The user is directed to a landing page or walled garden," Barirani said. "If you have an infected client, it will try to call home. If we see that infected client try to connect to its botnet controller, we block it. All this information is captured and written to a log so the security administrator can act on it."
The expansion of Infoblox into security generally makes sense, Crawford said. Many of the network services that Infoblox traditionally has managed for customers -- including Dynamic Host Configuration Protocol (DHCP), DNS and IP address management -- are critical services -- they're referred to collectively with the acronym "DDI" (DNS, DHCP and IP address management) -- that can cause major service disruptions if they're targeted by hackers.
Infoblox expands network device management to security infrastructure
Infoblox entered the network device management space a couple years ago when it added the NetMRI network configuration management product after its acquisition of Netcordia. Now, it's expanding to manage network security devices.
Infoblox Security Device Controller is designed to manage and control any device that maintains access control lists (ACLs), including firewalls and switches or routers. An administrator can write or change an ACL rule in the Infoblox graphical user interface, and the controller validates the rule change, checks it against policy, and applies the changes in the syntax and language of the firewalls deployed in the infrastructure. The product is supporting Juniper Networks and Cisco products initially, and Infoblox will add support for other vendors in subsequent releases.
"There is a little bit of functional overlap" with firewall management vendors like Algosec and Athena Security, Barirani said. Those vendors "have the ability to pull in policies in a read-only basis and compare them to compliance policies, but they're mostly for monitoring and auditing. There are no vendors that we know of that are actually writing the syntax and doing the writing of the changes in the language of those firewalls."
Firewall management is becoming more of an issue for enterprises, EMA's Crawford said. Firewall management technology has heated up in the last year as enterprise networks become more complex. Making policy changes in individual network security devices can have far-reaching and unintended effects on the network, he said. Many vendors are specializing in tracking and analyzing the effects of firewall policies. Infoblox's product actually streamlines the process of writing and changing those policies, he added.
New branch Trinzic appliance
Infoblox also introduced the Trinzic 100 Edge Services Appliance, a smaller, more affordable DDI appliance for branch offices and other enterprise faculties with a light IT footprint. The Trinzic 100 can integrate with an enterprise's larger Infoblox Grid DDI infrastructure, but it also functions as an independent device that can maintain local network services if the remote location loses WAN connectivity with the rest of the enterprise's infrastructure.
All three products are available now. Infoblox did not disclose prices.
Let us know what you think about the story; email Shamus McGillicuddy, news director .