Infoblox: Networking And Security Teams Must Unite To Combat Cybercrime

By Patrick Moorhead - May 11, 2023
INFOBLOX

It was in January 2023 when I had my first chat with the new Infoblox president and CEO, Scott Harrell. Since then, Harrell and his team have been busy evolving the company’s business strategy and introducing a new brand identity with an increased focus on security.

Infoblox is an industry leading networking and security company that delivers a simplified, cloud-enabled platform that strives to provide both performance and protection. It has long been known as the leader in DDI—shorthand for the integration of DNS, DHCP and IPAM into a unified service.

And now, the company is making big efforts to change the perception that they are more than a networking company. This can be seen through its recent brand transformation, and bold point-of-view that companies everywhere need to “unite networking and security”– enabling these teams to join forces by sharing data, tools, insights and resources.

Infoblox connects an end user to any destination through a combination of different techniques, the Domain Name System (DNS) being the one that’s probably best known, as it is more or less the phone book of the Internet. It’s what allows Infoblox to show you who and what connects to your network. For readers who may not know this, DNS is one of the most critical areas for threat actors to attack an organizations’ network. Infoblox’s flagship product is a cloud-native, SaaS-based networking and security services platform called BloxOne.

It is a complex world out there

Bad actors are becoming more innovative and will eventually breach every vulnerability in a networked system. This is a sad reality. For security teams, several factors add to the complexity of systems and, in turn, create more attack vectors. I read in Infoblox’s 2023 Global State of Cybersecurity report that the top attack vectors continue to be focused email/phishing (81%), network 66%, applications 56%, cloud 56%, device/endpoint 55% with ransomware coming in at 53%. Easy examples include remote workers using personal devices, infrastructure connections to multiple clouds, links to vendors across the supply chain and the proliferation of IoT devices.

Infoblox develops products that provide value to both networking and security teams, and now it looks like a company that does that. It helps networking teams build more responsive networks, ones that respond to a vast set of requirements for—and demands on—the business as it grows and evolves; at the same time, they empower security teams to secure the network and block attacks earlier. Unfortunately, networking and security teams are often siloed into different departments, with all the inefficiencies that implies.

A more efficient option is to form a SecOps team that combines security and network operations staff working together within a security operations center (SOC). The joint team can resolve issues faster by combining network insight with responsiveness to security alerts. Indeed, combining networking and security has been the genesis for rebranding Infoblox.

Infoblox is already a leader in DNS and DDI automation and management, but also has a lesser-known DNS security business. The company aims to provide connectivity and protection across a continually evolving tech landscape, including multi-cloud, hybrid cloud and remote work. Additionally, it is not just about performance and protection but also efficiency. Today, Infoblox is simple to deploy, can work across a hybrid estate and can protect any OS and any type of device.

Is your DNS secure?

Probably not, if you run DNS or DHCP services via Microsoft Active Directory servers, for example. Foundational services like DNS are vulnerable to distributed denial-of-service (DDoS) attacks, but using Active Directory is an archaic approach that often requires a team to administer the technology and avoid errors that lead to outages. Managing DDI at remote sites is difficult using Microsoft, hampering cloud access, and visibility into network devices such as routers and switches is also a challenge.

By contrast, Infoblox BloxOne platform solutions offer scalable automation and visibility for remote sites and devices. A hardened solution for DDI is essential for business continuity and adding DNS-layer security is a cost-effective alternative to prevent employees from accessing malicious sites.

According to figures from Infoblox, only about 51% of organizations protect against DNS tunneling and domain generation, while only 49% leverage security measures to prevent users and devices from trying to connect to malicious domains. That leaves and lot of organizations vulnerable to DNS attacks! Just have a look at their recent DNS threat intelligence findings (Decoy Dog) for proof.

New security enhancements for lookalike domains

Infoblox’s new Lookalike Domain Monitoring capability further improves security by identifying lookalike sites attempting to impersonate company brands. A lookalike domain is an almost identical, slightly altered domain name that often leads to a site meant to mimic the original—at least well enough to trick site visitors into giving up sensitive information. Bad actors register lookalike domains intending to impersonate a legitimate brand to commit fraud.

Today, a lot of us are savvy enough to check links embedded in email, social media messages and texts before clicking on them. But bad actors are now using something called character substitution to pass a cursory examination. To understand the scope of the challenge, there are many character substitutions possible for "Infoblox.” Instead of “Infoblox” a bad actor might use as address like “Infob1ox” Looking at the real and fake URLs side by side, you often cannot tell the difference, especially if you are tired or on a mobile phone.

Wrapping up

Infoblox’s new brand focus of uniting networking security is a laudable objective. There is a real lack of awareness about DNS being one of the most foundational elements to improve security. Many companies grew their networks around the Microsoft Active Directory server with DNS and DHCP included, which worked for the longest time but now presents a new set of vulnerabilities.

No doubt, cultural barriers within many organizations will challenge the unification of networking and security teams. But learnings from the history of DevOps can be applied to SecOps. Before DevOps, IT personnel specializing in servers, storage, networking, applications and operations didn't want to work together—but they ultimately united out of a common purpose. Thought leadership and education at the CIO or CISO level will likewise eventually drive companies to combine networking and security into one group. Common sense dictates that when the two teams share data and implement policies using unified tools, they will increase the ability to respond to the business's needs and provide defense against increasingly more intelligent bad actors.

And Infoblox is there to enable them.

Patrick Moorhead

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.