ENTERPRISE TECHNOLOGY
Jesper Andersen, CEO Infoblox.
This is one of the areas where big data
really matters.”
Infoblox has created integrations
with leading end point solution vendors.
When end users log onto virtual desktops
it is important to know not only the IP
address and MAC address of the physical
server but the identity of the person that
was logged in as well. If it is known that a
certain IP address is making DNS queries
to a hostile URL to a known destination for
threat malware, this information should
be passed on to an endpoint protection
system. One positive aspect of the IT
security industry and especially in the
threat intelligence industry arena, is that
different vendors are generally good at
sharing information.
Infoblox is using trillions of records
of passive DNS query and is leveraging
analytic technologies like machine
learning to assess that data. Through these
efforts it is developing better and better
patterns of threat intelligence that is fed
into the Infoblox DNS Firewall to do the
best possible job of filtering DNS queries.
“That is where we have created
integrations with leading vendors and
integration matters a great deal. We call
that our security ecosystem strategy, and
that has been very important for us and
for our customers that they can leverage
the IP information and the DNS query
information to feed that into other parts
of their security ecosystem. We realised
that the information that we have is very
credible, and critical for other security
ecosystem players to do the best job. So,
there are lots of use cases.”
Integration between different vendors,
has therefore become a key pillar of
Infoblox’s cybersecurity strategy. “But I
do not know if there is a perfect type of
vendor,” says Andersen.
Generally speaking the global IT
industry is committed to building
open interfaces. But how you integrate
application data with other solutions, is
not always easy. There are point to point
integrations as well as business process
management integrations. One of the new
innovative areas is security orchestration,
which is a relatively new area. For receiving
and exchanging data with other vendors,
Infoblox is using its extensible attribute
framework. “I would not say there are any
leading security orchestration platforms.
But our job is to make our information
available,” explains Andersen.
End users have access to Infoblox
threat intelligence when they buy the
ActiveTrust platform. This is available as
ActiveTrust Standard, Plus and Advanced
platforms. End users can integrate
Infoblox threat intelligence with other
data sources. Explains Andersen, “In the
ActiveTrust Advanced Platform you have
the ability to take our threat intelligence
feed and use it elsewhere. That is how we
get paid, we charge a subscription license
fee for that service. You can use it in our
DNS Firewall or you can use it with other
systems that you might have.”
With DNS so much a part of the digital
transformation journey, what are the
expectations from such specialist channel
partners. Their ability to value-add is
an important criterion. Says Andersen,
“Traditional resellers who just resell
products from us or others are far less
valuable to the customer and therefore to
us, than someone who takes our platform
and integrates that into more of a solution.
I think the best ones are realising that
just reselling is not as valuable to an end
customer as providing a real solution.”
Another selection criteria for InfoBlox
channel partners is their high degree of
competency in cybersecurity.
Four key challenges
To gain essential infrastructure protection
capabilities their conventional cybersecurity
solutions inadequately provide, enterprises
must confront four key challenges: lack of
visibility, vulnerability detection, DNS-
based attack protection, and lack of security
ecosystem integration.
Challenge 1: Lack of Visibility
From an infrastructure protection
standpoint, having a clear view of
devices and network assets is crucial
to infrastructure protection. After all,
network teams can only protect what they
can see. However, network visualisation
remains elusive when enterprises rely
solely on traditional security solutions to
monitor and track network assets. These
systems provide incomplete, fragmented
views that make it hard to see all devices
and network assets across physical,
virtual, and cloud infrastructure. As a
consequence, insecure elements lurking
in hidden corners of a network can be
easily compromised.
Because of the unique role they
play in network interactions, core
services including DNS, Dynamic Host
Configuration Protocol DHCP and IP
Address Management IPAM, collectively
known as DDI, can provide a window
into every infrastructure asset, network
device, IP address, and user on a network.
IT organisations should augment their
infrastructure defenses with solutions
that leverage core network services,
enabling them to:
Centralise and automate network
discovery of new devices and VMs as
they join the network, wherever
they reside
Enhance visibility into infra-
structure devices
Easily spot suspicious end hosts,
attack points, patterns and anomalies
as they emerge
17