10/02/2024 | News release | Distributed by Public on 10/02/2024 09:00
Who:
What:
Infoblox Capability:
Infoblox Impact:
Recommended Action: Click here to request a security workshop.
DNS is fundamental to internet communication, making it a common threat vector used by attackers. It only takes one DNS query to compromise a network. Monitoring threat actor infrastructure on the Internet and analyzing DNS traffic in an organization can reveal a wide range of malicious activities, providing early indicators of compromise, often before other signs become apparent.
DNS intel is proactive and can identify threat actor owned domains before those domains are weaponized, without having to rely on an event to determine that it is bad. The first DNS query to those high-risk domains can be immediately blocked proactively preventing a compromise or a malware download.
Unusual DNS requests can signal malware attempting to communicate with its command and control (C2) server. DNS Indicators of Compromise (IOCs) can also reveal behavioral patterns, such as domain generation algorithms (DGAs) used by malware to dynamically connect with new domains, making it easier to track and block malicious activities.
Infoblox DNS Threat Intel is HIGH VALUE, can be used with relatively LOW EFFORT and can SHRINK THE TIME TO VALUE and INCREASE THE RETURN ON INVESTMENT for your threat intelligence program.
Infoblox Threat Intel uses proprietary techniques to identify potentially malicious domains much earlier than other technologies. Infoblox flags these domains as high risk so your defenders can automatically block them, often weeks to months before OSINT designates them malicious.
By taking this proactive approach, defenders can stop attacks days, weeks, or even months before they appear in OSINT or threat intelligence feeds.
Threat actors continually adjust their techniques and often use malicious domains to quickly launch damaging and dangerous attacks. Once that link to a malicious domain is clicked, the Kill Chain can rapidly unfold to the detriment of the defenders. These malicious domains are often detected and shared too late by OSINT and threat intel feeds
Infoblox Threat Intel provides fast access to accurate, contextual threat alerts and reports from our real-time research teams. High-Risk Domains feeds were introduced as an Infoblox proprietary capability on November 10, 2022, and, since then, have successfully provided many thousands of customers with the advanced information to block domains that ultimately become malicious long before most other threat intelligence sources identify them as malicious. Infoblox allows your team to leverage the high value of DNS-based threat intelligence while ensuring a unified security policy across your entire security infrastructure. Infoblox threat data minimizes false positives, so you can be confident in what you are blocking.
To learn more about Infoblox Threat Intel and DNS early detection:
https://www.infoblox.com/threat-intel/
To learn more about Infoblox Threat Defense:
https://www.infoblox.com/products/threat-defense/
To learn more about the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) guidance on Protective DNS:
https://media.defense.gov/2021/Mar/03/2002593055/-1/-1/0/CSI_PROTECTIVE%20DNS_UOO117652-21.PDF