momius - Fotolia
Infoblox Inc. this week introduced a cloud-based version of its on-premises DNS security and monitoring platform. ActiveTrust Cloud, available now, is aimed at solving DNS security issues facing endpoints at small branch offices through a combination of behavioral analytics, continually updated threat databases and signature recognition. To guard against zero-day attacks, the software analyzes DNS traffic from employees to create risk profiles.
"Today's offering is more about employees getting out to the internet," said Scott Fulton, Infoblox's executive vice president of products, contrasting ActiveTrust Cloud to other DNS security products in the market.
According to Fulton, many companies are not monitoring DNS security issues in spite of the risks it can pose. Because the standard is so fundamental, hackers find it a compelling target, using tactics that range from cache poisoning and distributed denial of service (DDoS) attacks to rogue DNS servers.
Criminals can infiltrate a laptop or mobile phone to introduce malware and then employ DNS for command and control as they reach out to the malware or botnet -- this can lead to data exfiltration, particularly at low-security branch offices. "It used to be the thing if you wanted to work from home you had to VPN. Now you can do email without VPN -- [but this means] more security risk for organizations," Fulton added.
DNS security issues were underscored last fall when a DDoS attack against Dyn hobbled many parts of the internet across the United States and Europe for hours.
"What's announced ... has more to do with how DNS is being used in the kill chain for malware. Something like 90% of malware at some point in the process involves DNS," said Fulton, noting that ActiveTrust Cloud could be used to disrupt efforts by hackers to penetrate DNS communication and by extension mitigate malware. "Small remote offices and branch offices are not going to put in an expensive firewall -- but they need basic protection for workers in that office. Restaurant chains want to have point-of-sale devices and a few other apps protected without putting in expensive infrastructure," he added. By placing DNS protection in the cloud, smaller organizations and groups with BYOD policies can benefit from Infoblox's approach, Fulton said.
DNS security best practices
DNS co-founder discusses need for greater security