noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Technology

Infoblox Inc.

04/29/2024 | News release | Distributed by Public on 04/29/2024 11:11

Catching Threat Actors in DNS Using Infoblox Threat Intel

In today's interconnected world, cyber threats pose a significant risk to organizations of all sizes. From sophisticated spear phishing attacks to MFA attacks that use lookalike domains to Traffic Distribution Systems (TDS), the threat landscape continues to evolve at a faster pace than existing defenses, causing breaches and data theft. In many of the attacks, threat actors age their domains for a very long time, sometimes even 120 days after the domains are registered. In other cases, threat actors are very quick and use registered domains within a few hours, targeting specific organizations.

Current security tools use a malware-centric approach, which means there must be some evidence of compromise before they start blocking malicious domains, and it could already be too late. There is a need to take a different approach to security, one that can proactively protect enterprises from criminal actors as they build their infrastructure to launch attacks.

Threat actors create thousands of new domains every day and rely on DNS to run malicious campaigns. All it takes is one DNS query to compromise a network. But the good news is 92% of attacks can be blocked using DNS, if done correctly.

Infoblox Threat Intel: Hunts Threats in DNS to Disrupt Cybercrime at its Core

Infoblox takes a unique approach to threat detection and response. It uses AI and patented algorithms to identify dangerous domains before actors use them, often months ahead of other security tools.

Here's how Infoblox Threat Intel works:

DNS Expertise: Infoblox specializes in DNS. Our team of experts have a deep understanding of and unique visibility into DNS, allowing us to identify attacker infrastructure as it gets created to preempt and block emerging threats.
Data Science and Correlation: We combine DNS expertise with cutting-edge data science techniques. Tens of algorithms identify suspicious domains among the 200,000+ newly registered every day. Machine learning identifies groups of domains that are registered or used together for malicious purposes. These detections are correlated and connected to threat actor infrastructure to allow a holistic view of the threat landscape.
Threat Actor Tracking: Infoblox connects the dots between threat actors and their infrastructure. A patent pending architecture allows Infoblox Threat Intel to identify emerging threats and watch threat actors as they set up their domains for attack. Actor algorithms monitor infrastructure for changes and harvest new threats.

Infoblox Threat Intel has researchers in 5 countries across 8 time zones and is the first and only team in the world with the combination of deep expertise in DNS, data science, ML/AI, intelligence analysis, S/W reverse engineering and malicious spam detection. It is headed by Dr. Renée Burton, a 22-year veteran of the NSA.

By the Numbers

Infoblox Threat Intel:

Detects 60% of threats before the first DNS query and 82% within 24 hours of the first query
Blocks attacks on an average of 63 days earlier
Has 0.0002% false positive rate
Adds close to 4M new malicious and suspicious domains monthly
Analyzes 70 billion DNS events daily

Powering BloxOne Threat Defense for Proactive Protection

The DNS centric threat intelligence is used in Infoblox's DNS Detection and Response solution, which includes the flagship product BloxOne Threat Defense, to proactively protect customers against emerging threats, while ensuring critical domains are not blocked.

Threat Actor Reports: Infoblox Threat Intel also frequently publishes reports on threat actors detected in customer networks and domains related to those threat actors, and these publications are now easily accessible from within the BloxOne Threat Defense user interface.

Zero Day DNS^TM: Complementing the threat intelligence is another feature of BloxOne Threat Defense that addresses threats from domains that are registered and used immediately for attacks. This capability, called Zero Day DNS™, inspects customer network DNS traffic in near real time to detect and block threats from domains that are registered by threat actors just minutes to hours before being used in an attack. This protects customers against targeted attacks like spear phishing that leverage lookalike domains, providing the earliest defense against these attacks.

Sharing with the Ecosystem: BloxOne Threat Defense can also automatically share Infoblox Threat Intel with other existing security and observability ecosystem tools such as SIEMs, NGFWs and proxies to enhance protection against DNS threats across all control points and maximize security ROI.

In conclusion, Infoblox Threat Intel is more than just threat detection; it's a proactive defense strategy. By focusing on DNS, we disrupt threat actors' operations and enhance your existing security ecosystem. Cybersecurity is a collective effort. Stay informed, stay vigilant, and partner with Infoblox to secure your digital future.

Click here for more information on Infoblox Threat Intel.

Click here for more information on BloxOne Threat Defense.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format