Infoblox leverages our market-leading DNS technologies into the industry’s first true DNS-based network security solution. Infoblox DNS Firewall prevents advanced persistent threats (APTs) and malware from exfiltrating data, by disrupting the ability of infected devices to communicate with command-and-control (C&C) sites and botnets. DNS Firewall works by employing DNS response policy zones (RPZs), timely threat intelligence, and optional Infoblox DNS Threat Analytics to prevent data exfiltration-- for effective protection.
Furthermore, Infoblox is the industry’s first and only DDI vendor to seamlessly integrate DNS Firewall with leading security solutions from FireEye, Cisco, and Bit9 + Carbon Black. These integrated solutions enable contextual sharing of threat intelligence and automation of response workflows allowing mutual customers to better protect against evolving threats. Infoblox support for REST API and Structured Threat Integration Expression (STIX) simplifies integration with third-party products.
“If you’re responsible for safeguarding your network and you’re not using Infoblox DNS Firewall, you’re not doing your job.”
—Matthew Frederickson, Director of IT, Council Rock School District
DNS Firewall is a purpose-built software application based on response policy zone (RPZ) for use on Infoblox DNS servers. It interprets DNS responses, using an automated threat intelligence feed and DNS Threat Analytics for input on bad domains and IP addresses and destinations associated with data exfiltration, and instantly takes action based on RPZ policy, effectively preventing devices from becoming infected due to APTs and malware.
Through the power of Infoblox Grid™, DNS Firewall continually shares information with an Infoblox Reporting Server on DNS attempts to communicate with malicious destinations. Reports on infected devices (type, user, IP address, MAC address, and other data), top threats, top bad domain connection attempts, and more can help your IT security team quickly take action.
DNS Firewall helps make sure that threat intelligence stays current with the evolving threat landscape through an automated threat intelligence feed, whose data is refreshed at least every two hours, and real-time streaming analytics of live DNS queries, which detects domain destinations associated with data exfiltration and automatically updates the blacklist. Both methods help reflect newly discovered malicious domains and IP addresses in the RPZ security policy.