It’s 10 a.m. on a Tuesday morning, and the company’s IT hero sits at her desk… “Firewall… check, anti-virus… check, network security… running, email systems…secured.” But she has no idea whether the domain name system (DNS) servers are being used as back doors for cyber criminals sending her employees to a malicious site where critical information such as log-in credentials and credit card information can be stolen. Luckily for her, a new partnership addresses this stubborn problem.
Data exfiltration via DNS is happening more often than you think. According to a recent DNS Threat Survey in 2017, of the 1,000 organizations surveyed, 76% have experienced a DNS attack in the last year, and 32% have suffered data loss. The report also estimated the average annual cost of DNS attacks to be more than $2 million*. There is a misconception that a firewall can stop DNS-based attacks. This is not true because DNS traffic is not inspected and controlled by most firewalls.
The good news is DNS-based attacks are not invincible. The solution? A unified approach that will help improve visibility to DNS and web traffic, deliver in-depth content filtering, and quickly respond to new threats. McAfee and Infoblox have partnered to integrate McAfee® Web Gateway Cloud Services with Infoblox ActiveTrust® Cloud. ActiveTrust Cloud blocks DNS-based data exfiltration and other threats using behavioral analytics, machine learning and up-to-date threat intelligence. Infoblox then redirects suspicious traffic to the McAfee® Web Gateway Cloud Services for deep levels of content inspection, including malware scanning and secure sockets layer (SSL) inspection. Here’s how it works:
- McAfee McAfee ePolicy Orchestrator (ePO) centrally deploys Infoblox ActiveTrust® Endpoint agent on endpoints.
- Infoblox ActiveTrust® Cloud detects and blocks DNS-based data exfiltration and requests to malicious domains.
- Based on pre-set policies, Infoblox ActiveTrust® Cloud redirects traffic to McAfee Web Gateway Cloud Services.
- McAfee Web Gateway Cloud Services starts to scan traffic accordingly for deeper inspection with URL filtering, SSL, malware scanning, and more.
The integration of Infoblox ActiveTrust Cloud and McAfee Web Gateway Cloud service unifies domain blocking and HTTP security to provide broader protection for mutual customers. The solution leverages DNS-based threat intelligence and helps close the security gap from DNS-based attacks such as data exfiltration, denial of service, and malware-related threats. Find out more about how McAfee and Infoblox work together here.
With that wrapped up, our IT hero has five minutes to grab a muffin before the next cybersecurity challenge hits.