1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2013 Infoblox Inc. All Rights Reserved.
Texas A&M Technology Summit Protecting Your Devices from Security Threats in Today’s University 2/17/16
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2013 Infoblox Inc. All Rights Reserved.
Why Should Universities Care?
Internet of Things (IoT) and BYOD is making your network even larger… 1. How do I ensure staff and students can connect to my network and be producEve? 2. How do I ensure Wi-‐Fi access across my enEre campus (including my stadium)? 3. How do I keep up with managing so many IP’s? 4. How do I manage a growing network with a small staff? 5. How do I secure a now larger potenEal aPack surface for hackers?
With DNS being the fastest growing aPack vector, and so many users… 1. How do I prevent malware on devices I do not own? 2. How do I remediate malware on devices and enable my kill chain procedures? 3. How do I ensure that student SS numbers and credit card informaEon is not leaving my network?
4. How do I prevent DDOS aPacks at my physical infrastructure over DNS since it is such a criEcal network service?
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2013 Infoblox Inc. All Rights Reserved.
Automate the most time-consuming network tasks
like discovery, change and configuration management
Infoblox Approach
Control
Automate
Secure
Address risk to critical infrastructure first. Protect against external attacks & malware call-backs
Deliver reliable, high performance network services for
data center, branch, cloud
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2013 Infoblox Inc. All Rights Reserved.
Without Infoblox IN
TER
NET
IN
TRA
NET
MICROSOFT DNS
MICROSOFT DHCP
AMSTERDAM
DM
Z A
PPS
&
END
-PO
INTS
APPS & END POINTS
FIREWALL
BIND DNS EUROPE
BIND DNS AMERICAS
INTERNET
BIND DNS APJ
Vulnerable Vulnerable Vulnerable
Vulnerable (Malware)
Vulnerable Vulnerable Vulnerable
Security Vulnerabilities • Hacks of DNS server • External attacks (DNS DDoS) • Malware inside network
Management Silos • Multiple points of management • Multiple data silos
MICROSOFT DNS
MICROSOFT DHCP
CHICAGO
MICROSOFT DNS
MICROSOFT DHCP
SINGAPORE
Single Points of Failure
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2013 Infoblox Inc. All Rights Reserved.
With Infoblox IN
TER
NET
IN
TRA
NET
MICROSOFT DNS
MICROSOFT DHCP
AMSTERDAM
DM
Z A
PPS
&
END
-PO
INTS
APPS & END POINTS
FIREWALL
BIND DNS EUROPE
BIND DNS AMERICAS
INTERNET
BIND DNS APJ
CHICAGO
MICROSOFT DNS
MICROSOFT DHCP
SINGAPORE
MICROSOFT DHCP
MICROSOFT DNS
Secure ü Secure Platform ü Protection from external attacks ü Block Malware call-backs ü Identify infected devices
Efficient ü ONE authoritative data source ü All managed as ONE system
Resilient ü HA = No single point of failure
V
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2013 Infoblox Inc. All Rights Reserved.
DNS is a rich target
DNS is the cornerstone
protocol of the Internet used by everyone
and everything
DNS as a Protocol is
easy to exploit
DNS Outage = Business Downtime
Traditional protection is ineffective
against evolving DNS threats
No one is really looking
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2013 Infoblox Inc. All Rights Reserved.
Security and Universities…
University based in Michigan • Top 100 Public UniversiEes in USA • Interconnected campuses covering 1200
acres and 143 buildings • 25,000 students in Graduate and
Undergraduate programs
Problem • Connect to/from anywhere, they have an
“open network policy” • Big challenge to miEgate 20k+ endpoints • Needed to evaluate their security posture • Installed Infoblox RPZ • Thousands of student laptops were infected • Immediate protecEon needed!
Current University Customers in the South Central
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2013 Infoblox Inc. All Rights Reserved.
Why is DNS a concern?
Firewall/NGFW
Why is DNS a threat?
Business Value • Avoid Outages/Downtime
• Reputation/Brand/IP Protection against breach
• Compliance – HIPPA, PCI, other
Reputational • Threat Feed (RPZ)
• Malware • Command &
Control • Geo
• Eco-System (Integrations) • Carbon Black • Fire Eye • Cisco ISE • Rapid 7 • STIX/TAXII
App Offerings Salesforce.com Office 365 Workday – HR SAP
IPS/IDS
Email/SPAM
Web Proxy
Your SIEM Solution (ex: Splunk) • Centralized logging and reporting
Biz IP/Data
DNS
DNS communications via port 53 and is not protected by most of these tools and the ones that can block are not focused nor
have the primary function to protect
DNS APT/Sandbox
Signature • “Known Threats” • DNS Tunneling • Protocol Vulnerabilities
• DNS • DHCP • NTP
• Infra Protection • DDoS • H/W Acceleration
Behavioral • “Unknown Threats” • Analytics
• Size • Sequence • Words • Machine vs. Human
• Data Exfiltration • “Zero day” threats
Summary
“Complete DNS Protection” • Reputational • Signature • Behavioral
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2013 Infoblox Inc. All Rights Reserved.
Analyst Report Highlights
Infoblox is the leader in DDI brand awareness and 45% of install base
Infoblox achieved 50% market share – 3X next competitor
Centrally managing IP services at this degree of scale requires robust DDI solutions
Ad hoc approaches likely will not be sufficient to meet the security, management, and control challenges facing IT
DDI — shorthand for DNS, DHCP, and IPAM — is a critical networking technology for every IT organization
“All Organizations Should Consider Infoblox” -- Gartner
Commercial DDI solutions can reduce OPEX by 50% or more”