Infoblox tackles DNS security, eyes Malaysian market
By Gabey Goh April 4, 2013
- Launches three new products aimed at network security and resilience
- Eyes a bigger presence in Malaysian market
WHILE network control technology provider Infoblox does not compete in the security space, it believes it can do its part to help organizations address the challenges of keeping their networks secure.
“Truth is many of the challenging threat vectors are tied in with technology that is our core knowledge base, such as Domain Name System (DNS). So I feel we are best suited to address the challenge,” said Kevin Dickson (pic), global vice president for Product Management & Strategy at Infoblox.
With hacking attempts getting more creative and new classes of malware being discovered, Dickson said that sometimes, the DNS serves as the only line of defense.
In the recent spat between Spamhaus and illicit webhost Cyberbunker, the underlying issue raised by security experts was the involvement of open DNS resolvers being used to execute Distributed Denial of Service (DDoS) attacks.
In an interview with Threatpost, Jared Mauch of the Open DNS Resolver Project said that the botnet involved in the Spamhaus attacks used more than 30,000 unique DNS resolvers, and "in a larger attack scenario, the collective power of these resolvers could have been used to keep much larger segments of the global network offline."
Michael Mimoso of Threatpost explained that open resolvers do not authenticate a packet-sender’s IP (Internet Protocol) address before a DNS reply is sent back.
“Therefore, an attacker that is able to spoof a victim’s IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success,” he wrote.
To aid in the security efforts of corporations, Infoblox has released a new product called DNS Firewall, which is touted to protect against DNS-based malware by proactively preventing clients from becoming infected and by disrupting infected clients’ ability to communicate with the Botnet master controller.
“DNS Firewall is not a firewall but provides firewall-type functionality designed to specifically address threats based around at DNS. Regular firewalls won’t pick it up as they are set up to pass all DNS traffic because it’s fundamental to the network,” said Dickson.
Another product unveiled by the company is the Security Device Controller, which claims to improve access policy management and automates provisioning of access control lists (ACLs) and rules for network firewalls and security devices.
According to Infoblox, it ensures accuracy with automated network discovery and simplifies the rule change and the provisioning process so that IT administrators can shorten the time needed to deploy new services.
Dickson said that the product is centered on automation, to address how organizations manage infrastructure policies, especially within a heterogeneous environment.
“As many organizations apply the 'defense in depth' concept, using many different firewall vendors because each offers a particular level of protection, the ability to go in and manage across multiple layers becomes important. With Security Device Controller, companies can reduce the cost and effort associated with multi-vendor firewall control -- think of it like having a multi-lingual person in the team,” he added.
Defense in depth is an information assurance (IA) concept in which multiple layers of security controls are placed throughout an IT system.
Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
“It boils down to the cost of IT -- the ability to realistically open up a path to multiple devices and deploy a service in minutes, not days, can add up to several hundred thousand in cost savings for a corporation,” Dicksone said.a
The company also launched its Trinzic 100 Network Edge Services Appliance, which enables network control at the edge, provides local survivability, and doesn't require local IT staff because it’s managed from a central location.
“It is especially great for businesses with multiple locations such as retail or branches. With reliable network services at edge locations, things such as cash registers, phones and other IP enabled devices can still be operated and business can continue as usual,” Dickson added.
Focus on Malaysia
Steven Ho (pic), sales director for South-East Asia & SAARC (South Asian Association for Regional Cooperation), said that the company enjoys a 40% global market share in the IP Address Management (IPAM) segment.
The company recorded total net revenue of US$169.2 million for the 2012 fiscal year 2012, an increase of 27% compared with net revenue of US$132.8 million in 2011. Ho reported Infoblox is also enjoying 50% revenue growth year on year with sales in 25 countries, over 6,500 customers and 45,000 systems shipped to date.
The company’s successful public listing on the New York stock exchange in April last year, he added, also provided the funding for further innovation in developing network solutions. It currently holds 20 patents, with 27 patents pending.
When asked about competition in the market, Ho said that he doesn’t see any direct competition with the technology advances made with Infoblox’s product portfolio.
“We have moved far, far away from the rest of the pack. And we pride ourselves on the quality, availability and resilience of our offerings. I always like saying, if our products don’t work properly, planes don’t fly and cash machines don’t work,” he claimed.
“We are also the only company in the automated networks space with technical assistance centers in India, Japan, Europe and the United States offering 24-hour support services,” he added.
Ho said that this year, Infoblox is looking to aggressively expand into Malaysia, Indonesia, New Zealand and Australia, with a current headcount of over 40 fulltime employees in Asia Pacific.
“We’ve been operating here in Malaysia for the last six years, so it’s about high time to increase market awareness of Infoblox,” he said.
Since Infoblox's debut in Malaysia, he said that the company footprint has grown and now counts major telcos, banks, manufacturing companies and government agencies in its portfolio of clients.
“Malaysia is a growing market and we have seen healthy yearly growth and are very optimistic about the market,” he added.
In Asia, Infoblox works with regional distributor Transition Systems Asia, which is headquartered in Singapore, a relationship established in 2009
“As we move forward with our expansion plans, we’re looking for partners who can support us on a larger scale such as Transition Systems who are with us in seven countries across the region,” said Ho.