Authorised Partner

DNS Firewall

Detect and mitigate malware that uses DNS to communicate with Command and Control servers (C&C) and botnets.

Proactively detect and automatically contain malware that targets DNS

These days, BYOD is the norm. Mobile devices from inside and outside your network are continuously crossing mixed physical and cloud infrastructure whose security may not always be under your control. As a result, your network is being constantly exposed to malware threats. And DNS is their main pathway. More than 90 percent of malware uses DNS to communicate with command and control servers, steal data, or redirect traffic to malicious sites. Existing security controls and perimeter defences are not designed to prevent, isolate, and remediate DNS-based malware threats.

With Infoblox DNS Firewall you gain proactive network protection against fast-evolving, elusive malware threats that exploit DNS to communicate with Command and Control (C&C) servers and botnets.

Detect malware before it causes damage

With Infoblox DNS Firewall, you can continuously monitor malware threats in real-time based on machine-readable threat intelligence. Working in conjunction with Infoblox DHCP fingerprinting, IPAM, and Identity Mapping, it helps you rapidly pinpoint compromised devices, isolating them and preventing DNS communications with malicious C&C servers and botnets.

Automate malware containment

Automatically disrupt device communications with detrimental Internet destinations by using Infoblox Threat Intelligence Feed of regularly updated malicious destinations (hostnames, domains, IPs). Stop data exfiltration through DNS by using Infoblox Threat Insight, a unique streaming analytics-based solution, to identify devices communicating with domains associated with data exfiltration and use a DNS Firewall Response Policy Zone (RPZ) blacklist to block any communication to them. Remediate devices rapidly by having DNS Firewall seamlessly share early indicators of compromise in real-time with advanced threat detection, threat intelligence platforms, endpoint security, NAC, and SIEM technologies.

Automatically adapt to evolving threats

Stay safe from malware, even as it continues to evolve. Infoblox DNS Firewall draws on the regularly updated and actionable Infoblox Threat Intelligence Feed to accurately detect the latest malevolent Internet destinations such as hostnames.

Placeholder for Infoblox compliance requirements audits

Key features

DNS Response Policy Zones (RPZs): Enable you to execute administrator-defined policy action to help disrupt malware communications and reduce exposure to data exfiltration
Threat intelligence feed: Updates RPZ policy with observed and verified malicious hostnames and keeps data up-to-date for timely protection
Infoblox threat insight: Updates DNS Firewall RPZ policy with domains associated with DNS-based data exfiltration attempts
Infoblox security portal: Cloud-based threat lookup tool provides clear and actionable data: threat severity level, confidence level, active/inactive threat, etc.
Infoblox reporting and analytics: Provides reporting and analytics on top RPZ hits, attempted device communications to malicious destinations, device details, and user, to help accelerate remediation efforts.