04/29/2024 | News release | Distributed by Public on 04/29/2024 11:11
In today's interconnected world, cyber threats pose a significant risk to organizations of all sizes. From sophisticated spear phishing attacks to MFA attacks that use lookalike domains to Traffic Distribution Systems (TDS), the threat landscape continues to evolve at a faster pace than existing defenses, causing breaches and data theft. In many of the attacks, threat actors age their domains for a very long time, sometimes even 120 days after the domains are registered. In other cases, threat actors are very quick and use registered domains within a few hours, targeting specific organizations.
Current security tools use a malware-centric approach, which means there must be some evidence of compromise before they start blocking malicious domains, and it could already be too late. There is a need to take a different approach to security, one that can proactively protect enterprises from criminal actors as they build their infrastructure to launch attacks.
Threat actors create thousands of new domains every day and rely on DNS to run malicious campaigns. All it takes is one DNS query to compromise a network. But the good news is 92% of attacks can be blocked using DNS, if done correctly.
Infoblox takes a unique approach to threat detection and response. It uses AI and patented algorithms to identify dangerous domains before actors use them, often months ahead of other security tools.
Here's how Infoblox Threat Intel works:
Infoblox Threat Intel has researchers in 5 countries across 8 time zones and is the first and only team in the world with the combination of deep expertise in DNS, data science, ML/AI, intelligence analysis, S/W reverse engineering and malicious spam detection. It is headed by Dr. Renée Burton, a 22-year veteran of the NSA.
Infoblox Threat Intel:
The DNS centric threat intelligence is used in Infoblox's DNS Detection and Response solution, which includes the flagship product BloxOne Threat Defense, to proactively protect customers against emerging threats, while ensuring critical domains are not blocked.
Threat Actor Reports: Infoblox Threat Intel also frequently publishes reports on threat actors detected in customer networks and domains related to those threat actors, and these publications are now easily accessible from within the BloxOne Threat Defense user interface.
Zero Day DNSTM: Complementing the threat intelligence is another feature of BloxOne Threat Defense that addresses threats from domains that are registered and used immediately for attacks. This capability, called Zero Day DNS™, inspects customer network DNS traffic in near real time to detect and block threats from domains that are registered by threat actors just minutes to hours before being used in an attack. This protects customers against targeted attacks like spear phishing that leverage lookalike domains, providing the earliest defense against these attacks.
Sharing with the Ecosystem: BloxOne Threat Defense can also automatically share Infoblox Threat Intel with other existing security and observability ecosystem tools such as SIEMs, NGFWs and proxies to enhance protection against DNS threats across all control points and maximize security ROI.
In conclusion, Infoblox Threat Intel is more than just threat detection; it's a proactive defense strategy. By focusing on DNS, we disrupt threat actors' operations and enhance your existing security ecosystem. Cybersecurity is a collective effort. Stay informed, stay vigilant, and partner with Infoblox to secure your digital future.
Click here for more information on Infoblox Threat Intel.
Click here for more information on BloxOne Threat Defense.