Placeholder for Infoblox Partner/ ResellerInfoblox Partner/ Reseller
Authorised Partner

Threat insight

Automatically detect and prevent DNS-based data exfiltration in real-time with unique behavioural analytics and infrastructure integration.

Talk to an expert
Placeholder for Roundabout road carsRoundabout road cars

Prevent DNS-based data exfiltration

Data theft is insidious and growing exponentially. A typical data breach can cost your organisation millions of dollars to remediate, and result in stolen intellectual property, lost customers, lost revenue, damage to your brand, and serious legal woes. Cybercriminals deliberately target DNS because all devices depend on it for connectivity and it’s one that conventional security measures are not designed to inspect and analyse for signs of data theft. The aggressive evolution of data exfiltration techniques only adds to the challenge.

With so much at stake, safeguarding your network from data exfiltration requires a specialised focus on DNS protection. Infoblox Threat Insight detects and automatically blocks attempts to steal data via DNS that evade traditional security controls and signature-based detection methods.

Detect data exfiltration with DNS-based analytics

Automatically and proactively spot data exfiltration attempts in your network that other security systems can’t see. Infoblox Threat Insight monitors your DNS traffic, examining DNS queries and responses in real-time. It applies advanced behavioural analytics and machine learning to detect exfiltration activity. All such exfiltration attempts are logged and you can generate reports based on historical data required for investigation and further analysis.

Placeholder for Infoblox detect data exfiltration with dns based analyticsInfoblox detect data exfiltration with dns based analytics

Block data exfiltration in real-time

Stop data theft in its tracks and in real-time. Infoblox Threat Insight works in conjunction with Infoblox DNS Firewall to block data exfiltration attempts as soon as they’re detected. Infoblox DNS Firewall automatically isolates infected devices to prevent them from connecting to domains intent on stealing data via DNS.

Placeholder for Infoblox block data exfiltration in real timeInfoblox block data exfiltration in real time

Remediate faster and more efficiently with integration and insight

Rapidly remediate infected devices through seamless integration with Infoblox IPAM and DHCP to attain device context and with third-party security systems. Rapidly stop detrimental processes from running on devices by automatically sharing exfiltration threat information in real-time with endpoint security, Network Access Control (NAC), and Security Incident and Event Management (SIEM) technologies. View incidents in context with your network assets and security policies, and use these insights to assess your current risks, carry out further investigations, and pre-empt future threats.

Placeholder for Infoblox remediate faster more efficientlyInfoblox remediate faster more efficiently

Key features

icon Real-time streaming analytics of DNS queries
Real-time streaming analytics of DNS queries
Examines host.subdomain and TXT records; analyses traffic using entropy, lexical, time series, and other methods to detect the presence of suspicious data in DNS queries
icon Active blocking of data exfiltration attempts
Active blocking of data exfiltration attempts
Updates Infoblox DNS Firewall blacklist with domains associated with data exfiltration attempts and ensures that devices are prevented from communication with them
icon Enhanced visibility
Enhanced visibility
Pinpoints infected devices trying to steal data by providing identifying information (user, IP address, MAC address, etc.)
icon Ecosystem integration
Ecosystem integration
Provides indicators of compromise to endpoint remediation solutions (e.g., Carbon Black) when an endpoint is attempting to exfiltrate data. Also exchanges valuable network and security event information (data exfiltration) with Cisco ISE through pxGrid and enriches SIEM with additional rich contextual data (e.g., username, MAC address, and IPAM record)
Get in touch with us today

Ready to talk?

Are you looking for pricing details, technical information, support or a custom quote? Our team of experts in Brussels is ready to assist you.

Placeholder for PcPc
Schedule demo
Placeholder for Portrait of nomios employee2Portrait of nomios employee2
Updates

More updates