In a move to help businesses protect themselves from advanced persistent threats (APTs), Infoblox and FireEye have debuted the Infoblox DNS Firewall - FireEye Adapter.
The solution is a combination of Infoblox's DNS Firewall and malware protection from FireEye that provides a platform to combat APTs and zero-day attacks.
According to Infoblox, APTs are escalating and use obfuscation techniques to lurk on a company's network for a long period of time - weeks or even months.
"Because APTs are typically custom-designed and narrowly targeted, traditional signature-based detection methods rarely, if ever, find them," says Infoblox, an automated network control vendor.
The solution is a blend of FireEye's NX Series, which uses a unique automated approach to test suspicious executable files in a sandbox environment, and Infoblox's DNS Firewall, which employs a threat information subscription service to remain updated on malware other than APTs, leveraging domain name system (DNS) to block communication to known malicious destinations.
DNS, according to Infoblox, acts as a 'phone book' for the Internet. Should identified malware attempt to 'call home', the firewall blocks the connection by denying the DNS communication request. It works regardless of device, and prevents the malware from reaching its host. Most APTs cannot work unless they communicate through DNS.
The solution detects the APT through FireEye's technology, disrupts the call-back via the DNS firewall, and quickly identifies infected devices, to speed up remediation efforts.
"As the cyber threat landscape continues to evolve, morph daily and the offensive elements have become more innovative in their strategies and mechanisms, hence so to must the defence capabilities in order to maintain information and organisational integrity," says Deon La Grange, country manager, southern and West African regions at FireEye.
He says FireEye understands that, in order for enterprises to deliver a depth-in-defence strategy, collaboration is key. "Mature organisations typically adopt a multi-vendor, multi-layered security architecture. Here, the FireEye platform adds significant value in that the clear indicators of compromise we discover boosts the efficacy of existing security tools and technologies already deployed or considered by companies today, providing a measurable increase in their security risk posture."
Share