By Chris Richardson,\u00a0Sr. Security Solutions Advisor<\/span><\/p>\n Infoblox Federal & CI Sectors<\/span><\/p>\n Several years ago, people started complaining to me about how difficult it was to apply external threat data (later called threat intelligence) at the right place at the right time within their security systems. Back then, I assumed this defined need would spark the growth of a boutique industry around technical data integration where trained specialists would come on site to map and tailor the various streams of data in various formats.\u00a0 They would then execute and fine-tune the use case to the security component, while vendors would work to make their offerings more malleable. Perhaps an academic field would spring up to create a large talent pool in response to this demand. To a certain extent this happened with Cybersecurity Engineering Ops curricula being developed at some universities and with the advent of the Threat Intelligence Platform business. More generally, the information security industry has responded by geometrically growing the venture capital investment in recent years\u2013 some 1,400 security vendors now all have \u201cthe answer\u201d you need to invest in, and there are more in development or being launched every month. Yet what do we see and hear out there today?<\/p>\n All the above complaints (or variants thereof) focus on one thing:\u00a0You need more time in getting to the what, where, and how<\/strong>. You need to get greater returns out of what you currently have deployed. You need to break the logjam of \u201conly our data works only on our technologies.\u201d Even organizations that have hired dozens of analysts and incident responders encounter these issues and those that have deep benches also face the capacity, overhead management, and cost justification problems that come with teams that sprawl. In all cases, positioning a professional at a console as the very front line of defense leads to a hard ceiling on achieving the effectiveness you desire.<\/p>\n What if we look at the network control plane itself and see what happens when there is a threat event? In most cases, a connected device first makes a communication attempt out to other devices and other networks. The protocol it uses for this is DNS. So, whether you utilize it as such, your DNS resolver is a first responder on malicious communication attempts. It sits on the frontline as a threat tries to reach across or out from a device that you are responsible for securing. Is it worthy of activating as a frontline defender? It would be need to perform on some key criteria:<\/p>\n As a leader in providing core network services, Infoblox has innovated enterprise-grade DNS for almost 20 years, and Infoblox ActiveTrust provides a first line of defense on all of these fronts for over 1,000 customers every day. In addition, Infoblox continues to drive toward certification and compliance on a host of standards and regulatory requirements. This effort illustrates our long-term commitment to being there for our customers in the public sector. We are a DNS Security leader. By maximizing your DNS Resolver as a smart gatekeeper for port 53 traffic now and in the future, you not only address how threat actors use your infrastructure but also how they mutate it via tunneling and surreptitious communications that traditional defenses simply don\u2019t detect.<\/p>\n Let\u2019s face it. DNS used to be a very dark art in the security world. It was something owned and operated in another building by another department. It can be a very arcane protocol with plenty of gotchas and idiosyncrasies. As long as DNS was up and answering queries, it was generally not something to be messed with due to concern over prolonged network disruptions. But what if it was easy? What if it was easy to engage, easy to collaborate with peers about, and easy to get valuable data out of? What if you could manage it the way you might manage the rules in your local email client, for an entire network? That\u2019s exactly what Paul Vixie envisioned when he created response policy zones several years ago. In the accompanying announcement, he envisioned a vibrant marketplace of RPZ data suppliers and consumers. As an industry we are on our way toward achieving that vision \u2013 this is all far less exotic than it used to be. However, we must think big in terms of what data we can get from the DNS Resolver beyond merely applying blacklists:<\/p>\n\n
Next-Level DNS as a First Responder<\/h2>\n
\n
Your Network Control Plane as a Data Service<\/h2>\n