Infoblox has updated its ActiveTrust Cloud DNS security service. Available as a SaaS offering, ActiveTrust Cloud aims to protect organizations from DNS-related attacks and can enforce company policies on Web use.
The update adds machine learning techniques to help detect new threats and identify malicious behavior. The company says it can also stop exfiltration by spotting and blocking DNS traffic that might carry company data.
The service works for users on the corporate network as well as branch and remote users. ActiveTrust Cloud can integrate with Infoblox’s other DNS, DHCP and IPAM products, but it’s also available as a standalone service.
In its initial launch last year, ActiveTrust Cloud required agent software to be installed on PCs and laptops to use the service. Agent software is still an option, but customers can instead configure DNS settings on end user devices to connect to a proxy that will redirect their traffic to the cloud service.
Agents are not yet available for Android or iOS, but if those devices are on a corporate network, the proxy can send their queries to ActiveTrust Cloud.
Once in the cloud, the service examines DNS queries and responses. The service maintains a list of known malicious domains and will block connections to those domains.
One new feature includes the ability to also block access to sites that violate corporate policy, including pornography, gambling, and other usual suspects.
Infoblox also says it has added machine learning capabilities to the cloud service. Its ML algorithms monitor the behavior of DNS transactions to look for suspicious activity, such as rapidly changing domains, or multiple, repeated queries from a sender that go unanswered yet keep being sent. The company says command-and-control servers might use this technique to exfiltrate data packaged within DNS queries.
Playing Nicely With Others
The service also offers a set of open APIs to integrate with other security and management systems.
For example, by tying together ISE, Infoblox, and Qualys, a company could set a policy to conduct a vulnerability scan on any new device that requests an IP address on the corporate network.
Infoblox didn’t offer specific pricing details, but the service is licensed per protected device.