{"id":3392,"date":"2014-06-20T17:55:30","date_gmt":"2014-06-20T17:55:30","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=3392"},"modified":"2020-05-06T10:31:34","modified_gmt":"2020-05-06T17:31:34","slug":"dns-firewalls-hat-trick","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewalls-hat-trick\/","title":{"rendered":"DNS Firewall’s Hat Trick!"},"content":{"rendered":"

I had a great conversation with Logan Kleier at the GigaOM Structure conference a couple of days ago. Logan is the Chief Information and Privacy Security Officer for the city of Portland. On the topic of advanced persistent threats (APTs), Logan mentioned how hollow the FUD that different vendors kept pitching to him sounded, and how each pitch pointed out yet another exposure that others did not cover.<\/p>\n

All they really did, he said, was give the impression that there is no way to fully protect against APTs because the list of what-ifs never ends, even after emulation, sandboxing, and applying layers of security at the host and network. And at what cost?<\/p>\n

I think one of the things security purists miss is that eventually this boils down to risk benefit analysis.\u00a0It begs the question of how much pain and money enterprises are willing to bear to address the insurmountable targeted-threat attack vectors. Is it feasible to have all the traffic routed through deep inspection, analytics, and encryption? What about usability, performance and latency aspects of the business needs?<\/p>\n

Or is there a smarter way to protect against APTs?<\/strong><\/p>\n

As it turns out, working smarter instead of harder helps solve the problem to a large degree. And the key is in looking for the footprints or the trail that malware leaves behind. One promising evidence trail to follow is the use of DNS to reach out to bad destinations and command-and-control sites. DNS Firewall is a lightweight but very effective way to address that.<\/p>\n

DNS Firewall has recently demonstrated its ability to do that effectively, pulling off what I call the \u201chat trick\u201d\u2014scoring wins against three types of much-talked-about malware in only a few weeks.<\/p>\n

1. Dyreza<\/p>\n

Dennis Fisher, writing in\u00a0ThreatPost<\/em><\/a>, describes a new piece of banking malware called \u201cDyreza,\u201d which he points out is targeting many major online banking services, including:<\/p>\n