The enhancements include protection against DNS hijacking and rapidly evolving NXDOMAIN-based attacks. These are in addition to the solution’s existing integrated defence against DNS-based DDoS attacks, cache poisoning, malformed queries, tunnelling, and other DNS security threats.
DNS is the address book for every destination on the Internet, translating domain names such as “infoblox.com” into IP addresses such as 54.235.223.101. Without fast and accurate DNS, networks can’t function, yet DNS is difficult to protect because—in order for the system to function—DNS servers must be open to everyone on the Internet. Cybercriminals have become aware of this vulnerability, and are exploiting DNS to launch distributed denial of service (DDoS) attacks and other malicious threats that aim to either bring down targeted networks or inject malware.
Infoblox Advanced DNS Protection, introduced in December 2013, is the first DNS appliance with integrated security—delivering protection that is stronger, more intelligent, and more comprehensive than separate external security solutions. The key new features expanding this protection are:
· DNS hijacking. Cybercriminals and hacktivists often redirect Internet traffic from legitimate web sites to spoofed destinations, aiming to steal customer data or spread controversial political views. A new DNS integrity feature in Infoblox Advanced DNS Protection ensures DNS queries are going to legitimate domains rather than malicious ones, by checking DNS parent/registrar records for name server changes. This feature is also available in all standard Infoblox DNS appliances running NIOS version 6.11 or above.
· NXDOMAIN attacks. NXDOMAIN-based attacks are a newly emerging threat in which hackers flood a targeted network with numerous requests to resolve non-existent domains. Because it takes longer to confirm that a domain doesn’t exist and send a response than to provide the IP address for an existing domain, NXDOMAIN attacks can significantly slow down and even crash DNS servers. Infoblox Advanced DNS Protection now has multi-layer rules to detect NXDOMAIN attacks and block requests from sites that send out a large number of requests for non-existent domains.
· Infoblox Threat Adapt technology. This unique capability, only available from Infoblox, enables the DNS appliance to automatically morph its protection profiles as DNS configurations change, eliminating error-prone manual processes. Administrators will then know that, as they turn on various services, protection for those services will be automatically invoked. Infoblox customers can also report DNS attacks and, after analysis, Infoblox will give protection for any previously unidentified threats to other authorised Infoblox users.
· Resiliency and high availability. Infoblox Advanced DNS Protection appliances can now be deployed in highly available pairs without the need for any additional software. In the unlikely event one appliance fails, the second appliance automatically takes over and continues to deliver DNS services.
“Infoblox Advanced DNS Protection has been a big hit with our customers,” said Arya Barirani, vice president of product marketing at Infoblox. “We’ve had several organizations call us while under a DNS attack, and thanks to our easy setup and configuration, we were able to implement Infoblox Advanced DNS Protection to quickly restore normal operations.
“The Infoblox approach of intelligently detecting and mitigating DNS threats is unique, and becomes even more powerful with the enhancements we’re announcing today,” Barirani continued. “DNS solutions that indiscriminately respond to every query and rely only on computing horsepower to withstand attacks fall short in protecting against today’s more complex threats.”