Prevent DNS-based data exfiltration
Data theft is insidious and growing exponentially. A typical data breach can cost your organisation millions of dollars to remediate, and result in stolen intellectual property, lost customers, lost revenue, damage to your brand, and serious legal woes. Cybercriminals deliberately target DNS because all devices depend on it for connectivity and it’s one that conventional security measures are not designed to inspect and analyse for signs of data theft. The aggressive evolution of data exfiltration techniques only adds to the challenge.
With so much at stake, safeguarding your network from data exfiltration requires a specialised focus on DNS protection. Infoblox Threat Insight detects and automatically blocks attempts to steal data via DNS that evade traditional security controls and signature-based detection methods.
Detect data exfiltration with DNS-based analytics
Automatically and proactively spot data exfiltration attempts in your network that other security systems can’t see. Infoblox Threat Insight monitors your DNS traffic, examining DNS queries and responses in real-time. It applies advanced behavioural analytics and machine learning to detect exfiltration activity. All such exfiltration attempts are logged and you can generate reports based on historical data required for investigation and further analysis.
Block data exfiltration in real-time
Stop data theft in its tracks and in real-time. Infoblox Threat Insight works in conjunction with Infoblox DNS Firewall to block data exfiltration attempts as soon as they’re detected. Infoblox DNS Firewall automatically isolates infected devices to prevent them from connecting to domains intent on stealing data via DNS.
Remediate faster and more efficiently with integration and insight
Rapidly remediate infected devices through seamless integration with Infoblox IPAM and DHCP to attain device context and with third-party security systems. Rapidly stop detrimental processes from running on devices by automatically sharing exfiltration threat information in real-time with endpoint security, Network Access Control (NAC), and Security Incident and Event Management (SIEM) technologies. View incidents in context with your network assets and security policies, and use these insights to assess your current risks, carry out further investigations, and pre-empt future threats.
Key features
- Real-time streaming analytics of DNS queries
- Examines host.subdomain and TXT records; analyses traffic using entropy, lexical, time series, and other methods to detect the presence of suspicious data in DNS queries
- Active blocking of data exfiltration attempts
- Updates Infoblox DNS Firewall blacklist with domains associated with data exfiltration attempts and ensures that devices are prevented from communication with them
- Enhanced visibility
- Pinpoints infected devices trying to steal data by providing identifying information (user, IP address, MAC address, etc.)
- Ecosystem integration
- Provides indicators of compromise to endpoint remediation solutions (e.g., Carbon Black) when an endpoint is attempting to exfiltrate data. Also exchanges valuable network and security event information (data exfiltration) with Cisco ISE through pxGrid and enriches SIEM with additional rich contextual data (e.g., username, MAC address, and IPAM record)
Ready to talk?
Are you looking for pricing details, technical information, support or a custom quote? Our team of experts in Brussels is ready to assist you.