Secure DNS for service providers

Malicious software is a real threat. Every year, millions of smartphone users experience undesired behaviour on their phones such as the sending of unauthorised text messages or accounts accessed without their permission - symptoms indicating the presence of malicious software.

Security has risen to the top of subscriber and enterprise criteria for choosing service providers, with most consumers listing security as more important to them than access to the latest devices. Yet according to consumer reports, almost 40% of consumers surveyed don't take even minimal security measures, such as using a screen lock, backing up data, or installing an application to locate a missing phone and remotely erase data from it. Subscribers are surprisingly lax in applying security solutions to their own devices, yet quick to place blame on service providers.

Significant business risks for service providers

Unprotected subscribers create high cost and reputation risks for operators. Unwanted activities from applications, even those freely downloaded and accessed by the subscribers themselves, will negatively impact the brand reputation of the operator, increasing churn and reducing upsell revenue opportunities. These risks include:

* Customer dissatisfaction: Unhappy subscribers with infected devices increase expensive trouble calls to customer care and cause subscribers to leave altogether.
* Service disruption: Malicious hackers can control infected devices and send traffic floods into the network. Hackers can even exfiltrate data from subscriber devices using a variety of techniques.
* Unauthorised premium services: Once discovered, the charges must often be credited back to the subscriber, adding costs for processing.
* Negative revenue impact: Use of imposter services replaces use of legitimate, revenue-generating services. Potential upsell opportunities are lost as victimised subscribers might now be eager to purchase a premium service from another provider to prevent such breaches.

Infoblox Secure DNS protects brand reputation

Infoblox Secure DNS for service providers protects subscribers through global threat intelligence and automated protection packages. The solution maintains critical DNS service availability in rapidly evolving networks with growing traffic, and even keeps traffic moving during a distributed denial of service (DDOS) attack. When combined with patented Infoblox Grid technology, the solution further ensures optimal operator visibility and control across all DNS infrastructure, including automated kill chain during security incidents. This enables quick detection of any service-threatening attacks while easing operational costs and increasing manageability.

DNS Firewall keeps subscribers safe and reinforces brand integrity

Infoblox DNS Firewall protects against advanced persistent threats and malware by identifying infected devices and preventing them from accessing known malicious domains. Infoblox DNS Firewall leverages multiple monitoring feeds for timely updates on the global threat landscape, providing fast and comprehensive protection for subscribers.

If subscribers, applications, or devices attempt to access a known malicious domain, they are blocked and presented with an operator-designed notification screen or redirected to an alternative site. This maintains subscriber confidence and reinforces the operator reputation for high protection. Operators retain maximum flexibility and can include local, operator-specific threat feeds and customised whitelists and blacklists as desired to prevent erroneous blocking of non-malicious sites.

Advanced DNS Protection for Service Providers maintains service availability

Service degradations and outages are a significant cause of subscriber churn. Denial of service (DOS) attacks and volumetric floods or DDOS attacks targeting DNS infrastructure can cause service degradation, slow down DNS response, or impede subscriber ability to access favourite domains. Infoblox Advanced DNS Protection for Service Providers maintains service availability, critical DNS functionality, and performance during an attack or unexpected traffic spikes generated by rapidly evolving networks, misconfigured devices or applications, emergency situations, and network outages.

Rapid detection reduces subscriber complaints

The growing sophistication of DNS attacks makes it easier for them to remain undetected by large organisations, and many operators still report limited visibility into attacks. Without a DNS-specific protection plan that includes monitoring, central visibility, and continuous threat updates, service providers might remain unaware of DDOS attacks until subscribers complain. Infoblox Secure DNS with Grid management provides full visibility of DNS elements across the network, allowing operators to reduce detection time to minutes. This centralised management and control provides timely updates of threat heuristics to all DNS elements simultaneously and allows any needed configuration changes to be quickly administered.

Automated kill chain enables protection to keep pace against new threats

Automated threat mitigation removes limitations of manual updates, significantly improving protection levels. The sheer volume of attacks has exceeded the ability of administrators to manually keep up with the changing landscape. Petabytes of data need to be combed through in order to identify infected or rogue devices and mitigate individual security incidents. The Infoblox global security ecosystem provides early detection and automatic updates. The unique automated update of both reputational and identified threats enables an automated kill chain, effectively blocking zero-day threats and often mitigating attacks before they can cause any damage to subscribers or service availability.

Why Infoblox?

Advanced DNS Protection for Service Providers

Infoblox Advanced DNS Protection for Service Providers provides intelligent detection and mitigation of malicious attacks that can impair service quality and availability to subscribers. Advanced capabilities include the following:

* Built-in intelligent attack protection keeps track of source IP addresses of DNS requests, as well as the DNS records requested.
* Intelligent dropping of excessive DNS requests from the same IP address conserves resources needed to respond to legitimate requests.
* Dedicated network packet inspection hardware and automated threat intelligence rules stop protocol-based attacks such as DNS amplification, reflection, and cache poisoning.
* Active monitoring of the latest DNS-based vulnerabilities ensures that the solution provides protection against attacks out of the box.
* Automatic rule set updates provide protection against new and evolving attacks without the need for downtime or patching.

Infoblox DNS Firewall

With the Infoblox DNS Firewall, service providers can now provide broad protection against DNS-based malware. DNS Firewall protects subscriber devices from becoming infected by accessing malicious domains and identifies infected clients for cleanup. DNS Firewall takes a live reputation feed service from the Infoblox global threat ecosystem to create a dynamically updated list of known malicious URLs and IP addresses. When a DNS query reaches an Infoblox DNS server appliance, any match to the reputation feed list results in redirection or blocking according to the service provider's policy rules configured on the appliance. All actions are logged, and reports can be generated showing all malicious activity.

Specific features provide:

* Flexible threat feeds: Optimal customisation for local operator environments via a combination of local and subscription-based threat feeds
* Notification: A mechanism for in-browser notification or redirect for a walled-garden implementation
* Analytics: Insightful reporting on malicious DNS queries, including threat severity and impact, and pinpointing of infected devices

Infoblox Carrier-grade DNS Appliances

Infoblox builds hardware-based DNS attack detection and protection into the Infoblox 4030 and PT-series appliances. This specialised hardware drops attack traffic and passes legitimate traffic, offloading the DNS server engine from DDOS protection and from processing malicious DNS traffic-and preserving a low-latency Web experience for subscribers. The IB-4030 is one of several classes of appliances for service providers. For a full listing of Infoblox appliances Infoblox Appliance Guide.

Protect the subscriber - protect your brand

The Infoblox Secure DNS solution for service providers delivers the intelligence, performance, and proactive protection that service providers need to safeguard their networks, subscribers, and brand.

This carrier-grade solution can detect and mitigate attacks, block malware communications, and keep services running - even while under attack. Subscribers and enterprise customers stay up and running and the operator brand stays intact.

In addition, Infoblox automated network control solutions can free key network operations staff from labour-intensive, costly, and error-prone administrative tasks. Patented Infoblox Grid technology automates routine tasks such as updates, patches, and configuration changes and provides a single centralised view of the entire network, with advanced reporting visibility for planners and operations teams.

Contact us today to find out more about Secure DNS for service providers.