Enhancing Your Network Security Rainer Singer SE Manager Central Europe October 2013
Infoblox Overview & Business Update Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries $250 ($MM) Total Revenue (Fiscal Year Ending July 31) $225.0 Leader in technology for network control Market leadership Gartner Strong Positive rating $200 $150 $132,8 $169,2 40%+ Market Share (DDI) 6,700+ customers, 55,000+ systems shipped $100 $56,0 $61,7 $102,2 35 patents, 29 pending $50 $35,0 IPO April 2012: NYSE BLOX $0 FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013
NETWORK INFRASTRUCTURE CONTROL PLANE APPS & END-POINTS Infoblox : Technology for Network Control END POINTS VIRTUAL MACHINES PRIVATE CLOUD APPLICATIONS Infrastructure Security Infoblox Grid TM w/ Real-time Network Database Historical / Real-time Reporting & Control FIREWALLS SWITCHES ROUTERS WEB PROXY LOAD BALANCERS
New threat vectors Global impact Company level Partial network Individual computer 1 st Gen Boot viruses 2 nd Gen Worms Trojans, Flood attacks Limited target hacking DOS 3 rd Gen DOS, DDOS blended attacks (Worm + Trojan) Advanced persistent threat Botnets 4 th Gen Infrastructure hacking Organized DDOS Designer malware & APTs Botnets for rent 1980s 1990s 2000s Today 4
Infoblox s role in 4 th generation security Challenges Trends 1 Unprotected DNS infrastructure introduces security risks DDOS protection Purpose-built secure hardware Common criteria certified Rate limiting Best practices 2 Identification and response to malware takes too long APT mitigation DDI DHCP Fingerprinting DNS Firewall Reporting Server 3 Risk & Inefficiency due to Firewall and ACL change IT agility Security Device Controller
Protect DNS Infoblox DNS Firewall 6
Anatomy of an Attack
Infoblox DNS Firewall Protects Against SEA Redirection Attack 1 1 Timeline of Attack and Infoblox Response 3:00 PM EST Syrian Electronic Army hacks registrar Melbourne IT, replaces NY Times and Twitter name servers with their own. Attempted connections now redirect users to SEA servers Infoblox DDI with DNS Firewall 3 2 6:00 6:30 PM EST Upon confirmation of attack, Infoblox Malware Data Feed is updated with malicious name server IP addresses all Infoblox DNS Firewall customers now have malicious SEA IP addresses in their RPZ 3 6:30 PM EST All access attempts to malicious IP s are now automatically blocked by DNS Firewall. Customers protected. Infoblox Malware Data Feed Updated 2 4 Syslog 4 DNS Firewall logs all attempted connections with malicious destinations complete with device IP and MAC and device fingerprint for future remediation
Getting Around Traditional Defenses Fast Flux Rapid Change of IP Addresses Requires DNS Query Security researchers discovered Fast Flux usage in November 2006 Multiple nodes within network registering / de-registering IP addresses as part of the DNS A (address) record list for a single DNS name. TTL = 5 minutes (300 sec) DNS Queries used to find C&C or BotNet Server(s).
DHCP Fingerprint provides identification of.. Mobile iphone / ipad / ipod Android (ex. Samsung, HTC, Sony) Desktop Server Windows (95, ME, 98, XP, Vista, 7, 8) Mac (8,9, X) OS/2 WARP Windows (NT, 2000, 2003, 2008, 2012) Linux (Red Hat, Ubuntu, Debian, SuSE) Solaris BSD Gaming Consoles Xbox Playstation Wii Routers/Switches / Access Points Aerohive Aruba Apple Cisco HP / 3Com Netgear Ruckus Printers VOIP Canon Dell HP Ricoh Alcatel Cisco Nortel Polycom ShoreTel Siemens 10
ACL & Firewall Policy Management Infoblox Security Device Controller 11
Is this the reaction when Firewall is mentioned?!
Networks change often Change is the challenge Risky error prone & disrupts existing services 74% rule changes resulted in an outage or decreased network performance 2013 State of Network security May 2013 62% firewall-rule change management processes put them at risk to be breached - Dark Reading Feb 2013 Expensive time consuming, inefficient, requires expert resources Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws. Gartner Firewall Report Nov. 2012 95% of engineers have trouble with firewall audits because the manual processes are time consuming. - TechTarget Networking July 2012
Network Security Management: Today 14
The Pain of Legacy Processes Legacy Approach Firewall Change Needed Search For Devices Figure Out Impacted Devices Determine Correct Config Compare Change to Standards/ Compliance Request Change/ Implement Manually Reconfirm Correctness and Compliance Hours/ Days 1 2 3 Manual 4 5 6 Network Provisioning Time Hours/Days Manual processes cannot keep up SLA are lengthening to weeks or a even a month Require dedicated, senior network architects Routine, repetitive, error-prone Multiple vendor expertise needed 15
Security Device Controller IT TICKETING SYSTEM APPROVED CHANGE Security Device Controller 2 Sr. Security Analyst 3 CHANGE REQUEST 4 1 Routers, Switches, & Firewalls 1. Request for access to Business application review/approved 2. Helpdesk reviews request, models access change, creates & submits for review 3. Security Analysts reviews proposed change. Change accepted/implemented 4. Router, switches & firewalls are configured to allow users access to application 16
Five Pillars of Security Device Controller Automated Discovery Multi-vendor Provisioning Embedded Expertise Customized Alerting Powerful Search
Security Device Controller Enabling Admins to keep up with dynamic IT without compromise Legacy Approach Firewall Change Needed Search For Devices Figure Out Impacted Devices Determine Correct Config Compare Change to Standards/ Compliance Request Change/ Implement Manually Reconfirm Correctness and Compliance Days/ Weeks Infoblox Approach 1 2 3 Manual 4 5 6 Firewall Change Needed 1 2 3 4 5 6 Hours/ Days Automated 18
Summary DNS is the hole in your network infrastructure that being exploited by Malware. Has been exploited since November 2006 Infoblox DNS Firewall blocks Malware from exploiting DNS. DNS Firewall with DHCP fingerprinting & IP Address management help pinpoint devices for remediation quickly. ACL & Firewall policy management is error prone and not keeping up with Business needs for constant change. Costs (Risk, business agility) are becoming greater each day. Infoblox Security Device Controller reduces risk via visibility, modeling, auto-writing/provisioning of changes with roll-back to un-do mistakes Security Device Controller enables agility by enabling HelpDesk personnel to verify change need, modeling of change and approval of change by Sr. Security personnel before implementation.
20 2013 Infoblox Inc. All Rights Reserved. Thank You!