Askari Bank Modernizes and Enhances Cyber Security Posture with Infoblox Threat Defense Advanced
“As we ran the PoC through various scenarios, there was not a single instance of a successful data infiltration or exfiltration event. Seeing BloxOne Threat Defense in action blocking malicious activity in our own environment gave us a lot of confidence in the Infoblox solution.”
- Jawad Khalid Mirza, CISO at Askari Bank
Askari Bank opened for business in April 1992 and has grown to become one of Pakistan’s leading financial institutions. Askari offers a full range of personal and business banking services, ATM and mobile banking and credit and debit cards, and it maintains 537 branches across Pakistan. Since its inception, the bank has concentrated on growth through improving service quality, investing in technology and people and using its extensive branch network, which includes Islamic and agricultural banking. Askari’s vision is to passionately support its customers’ success and delight them with the quality of its service. A key element of this dedication to service is to maintain the absolute highest levels of privacy and security for the bank’s customers.
The Challenge – Strengthening Security Posture to Counteract Emerging Threats
As with all financial institutions globally, Pakistan’s Askari Bank is a popular target for malicious cyber attacks. Maintaining a strong security posture has long been a top priority of the Askari IT team, and the bank has deployed multiple cyber security solutions over the years, including a security orchestration, automation and response (SOAR) solution and a Cisco DNS security product it relied on for years. In working with the consultants at Secure Networks, the Askari team came to understand that DNS-layer threats had evolved over time and that exploring other options in DNS technology could help to strengthen the bank’s overall security.
Customer: Askari Bank
Industry: Financial Services
Initiatives: Prevent data infiltration and exfiltration techniques with analytics and machine learning, including DNS-based data exfiltration, DGA, DNS Messenger and fast-flux attacks, Detect and block exploits, phishing, ransomware and other modern malwares, Identify malware propagation and lateral movement through east-west traffic monitoring, Restrict user access to certain web content categories and track activity, Protect brand with Lookalike Domain Monitoring for the most valuable Internet properties, Control the risks of rising DoH use: block DoH (DNS over HTTPS) domain access and gracefully revert DoH requests to existing, trusted DNS
“As we know, DNS is not designed with respect to security perspective,” explained Jawad Khalid Mirza, the chief information security officer at Askari Bank. “The open architecture of DNS has led to it becoming a prime target for adversaries. In the financial sector, these threats most often manifest in attempts to exfiltrate/infiltrate data from enterprise.”
“Legacy security solutions are designed to counteract threats by blocking DNS queries,” explained Asad Effendi – CEO, Secure Networks, who helped carry out the PoC. “But with the malware attack scenarios we’re seeing today, simply blocking suspicious traffic isn’t always the best approach.”
The Solution – Advanced DNS Security with BloxOne Threat Defense
With a test version of BloxOne Threat Defense installed in the Askari Bank data center, the team ran a series of networking traffic scenarios using the most recent data infiltration and exfiltration techniques characteristic of DNS Messenger and fast-flux attacks. “As we ran the PoC through various scenarios, there was not a single instance of a successful data infiltration or exfiltration event,” said Khalid Mirza. “Seeing BloxOne Threat Defense in action blocking malicious activity in our own environment gave us a lot of confidence in the Infoblox solution.”
BloxOne Threat Defense operates at the DNS level to see and uncover threats that other solutions do not, and it stops attacks earlier in the threat lifecycle. Through pervasive automation and ecosystem integration, it also drives efficiencies in SecOps to uplift the effectiveness of the existing security stack. These capabilities constituted a strong secondary consideration for the Askari team, which relies on its SOAR solution to manage its overall security operations. With the full scope of capabilities and benefits of BloxOne Threat Defense now clear to the Askari team,
the decision was made to move forward with a full production deployment.
The Results – Faster Threat Detection, Reduced Incident Response Times
“BloxOne Threat Defense makes our entire security stack more effective,” explained Umair Shakil, the head of Askari Bank’s Security Operations Center Unit. “With the Infoblox solution integrated with our existing SOAR platform, all of the tools in our security stack now have access to real-time network and threat intelligence. Everything now works in unison to better identify and remediate threats through extensive automation.”
The unique hybrid security design of BloxOne Threat Defense uses the power of the cloud to detect a broad range of threats while tightly integrating with the on-premises ecosystem. It also provides resiliency and redundancy not available in cloud-only solutions. Through a common console, the Askari team can now centrally and automatically secure IoT and other devices, apps, virtual machines and switch ports wherever they reside. BloxOne Threat Defense has enabled the Askari team to decrease the burden on strained perimeter security devices, such as firewalls, IPS and web proxies, because it converts powerful and already available DNS servers into the first line of defense. The team expects to get more value out of its security stack through sharing of threat and attacker information, as well as boost the productivity of its threat analysts and security administrators.