Network control company Infoblox Inc. has introduced Infoblox DNS Threat Analytics, a patent technology that applies behavioral analytics to DNS queries in real time to detect and block data exfiltration attempts using DNS as a communications pathway. With the solution, Infoblox now offers a DNS server with built-in behavioral analytics to address DNS-based threats.
Domain Name System (DNS) queries are typically small packets of data that make a simple request, translating a domain name such as www.infoblox.com into an Internet Protocol (IP) address such as 54.235.223.101 that computers and endpoints understand. However, cybercriminals have learned to exploit DNS to smuggle out an organization’s data. Infoblox DNS Threat Analytics examines outgoing DNS traffic for characteristics that are associated with data exfiltration attacks in real time. These characteristics include:
- Size – The query is larger than normal, or contains more information than normal.
- Encryption – The query contains encrypted data.
- Timing – The query is being repeated at precise intervals, unlike the intermittent DNS requests initiated by humans.
Additionally, Infoblox DNS Threat Analytics is designed to automatically block so-called zero-day threats—attacks that haven’t yet been discovered—after analyzing DNS queries and spotting suspicious behavior. Infoblox DNS Threat Analytics can scale to provide enforcement across the network and provide visibility into infected devices. It can also notify other security systems when threats are detected, accelerating remediation.
Expected to be available in January 2016, Infoblox DNS Threat Analytics is a paid feature upgrade for Infoblox Internal DNS Security and Infoblox DNS Firewall products running NIOS software version 7.3 or higher.