Nearly Half of Enterprise Networks Show Evidence of DNS Tunneling, According to Infoblox Security Assessments
August 31 2016 - 2:01AM
Infoblox Inc. (NYSE:BLOX), the network control company, today
announced results of the Infoblox Security Assessment Report for
the second quarter of 2016, which finds that 40 percent—nearly
half—of files tested by Infoblox show evidence of DNS tunneling, a
significant security threat that can indicate active malware or
ongoing data exfiltration within an organization’s network.
A photo accompanying this announcement is available at
http://www.globenewswire.com/NewsRoom/AttachmentNg/9e9ce690-99ff-42b5-84d3-00556e4a524d
Infoblox, an industry leader in securing Domain
Name System (DNS) infrastructure, offers free security assessments
to customers and prospective customers, identifying outbound DNS
queries inside an organization’s network that are attempting to
reach known malicious or suspicious Internet locations (hostname).
External threat data from these evaluations is anonymized and
aggregated to produce the Infoblox Security Assessment Report.
In the second quarter of 2016, 559 files capturing
DNS traffic were uploaded to Infoblox for assessment, coming from
248 customers across a wide range of industries and geographies.
Infoblox found 66 percent of the files showed evidence of
suspicious DNS activity.
One indicator that stands out in the second quarter
report is the prevalence of DNS tunneling. Cybercriminals know that
DNS is a well-established and trusted protocol, and have figured
out that many organizations do not examine their DNS traffic for
malicious activity.
DNS tunneling enables these cybercriminals to
insert malware or pass stolen information into DNS queries,
creating a covert communication channel that bypasses most
firewalls. While there are quasi-legitimate uses of DNS tunneling,
many instances of tunneling are malicious. There are also several
off-the-shelf tunneling toolkits readily available on the Internet,
so hackers don’t always need technical sophistication to mount DNS
tunneling attacks. At the same time, DNS tunneling is often part of
very sophisticated attacks, including those sponsored or directly
managed by nation states. For example, the recently uncovered
Project Sauron—a particularly advanced threat that is considered
likely to have been sponsored by a government—uses DNS tunneling
for data exfiltration.
“In the physical world, burglars will go to the
back door when you’ve reinforced and locked the front door. When
you then secure the back door, they’ll climb in through a window,”
said Rod Rasmussen, vice president of cybersecurity at Infoblox.
“Cybersecurity is much the same. The widespread evidence of DNS
tunneling uncovered by the Infoblox Security Assessment Report for
the second quarter of 2016 shows cybercriminals at all levels are
fully aware of the opportunity. Organizations can’t be fully secure
unless they have tools in place to discover and prevent DNS
tunneling.”
Among the specific security threats uncovered by
Infoblox during the second quarter, ranked by percentage, are:
- Protocol anomalies – 48%
- DNS tunneling – 40%
- Botnets – 35%
- Amplification and reflection traffic –
17%
- Distributed denial of service (DDoS) traffic –
14%
- Ransomware – 13%
“While these threats are serious, DNS can also be a
powerful security enforcement point within the network," said
Rasmussen. “When suspicious DNS activity is detected, network
administrators and security teams can use this information to
quickly identify and remediate infected devices—and can use DNS
firewalling as well to prevent malware inside the network from
communicating with command-and-control servers.”
Infoblox delivers Actionable Network Intelligence
through advanced technologies that analyze DNS traffic to help
prevent data exfiltration; disrupt advanced persistent threat (APT)
and malware communications; and provide context around attacks and
infections on the network. More information on Infoblox security
solutions is available at www.infoblox.com/security.
The full Infoblox Security Assessment Report for
the second quarter of 2016 is available at
https://www.infoblox.com/resources/report/infoblox-security-assessment-report-2016-q2.
Organizations seeking a free Infoblox security assessment should
visit www.infoblox.com/free-malware-report.
About InfobloxInfoblox (NYSE:BLOX)
delivers Actionable Network Intelligence to enterprise, government,
and service provider customers around the world. As the industry
leader in DNS, DHCP, and IP address management, the category known
as DDI, Infoblox (www.infoblox.com) provides control and security
from the core—empowering thousands of organizations to increase
efficiency and visibility, reduce risk, and improve customer
experience.
Forward-looking and Cautionary
Statements—Infoblox Certain statements in this release are
forward-looking statements, which involve a number of risks and
uncertainties that could cause actual results to differ materially
from those in such forward-looking statements. As such, this
release is subject to the safe harbors created by U.S. Federal
Securities Laws. The risks and uncertainties relating to these
statements include, but are not limited to, risks that there may be
design flaws in the company’s products, shifts in customer demand
and the IT services market in general, shifts in strategic
relationships, delays in the ability to deliver products, or
announcements by competitors. These and other risks may be detailed
from time to time in Infoblox’s periodic reports filed with the
Securities and Exchange Commission, copies of which may be obtained
from www.sec.gov. Infoblox is under no obligation to (and expressly
disclaims any such obligation to) update or alter its
forward-looking statements whether as a result of new information,
future events, or otherwise.
Media Contact:
Mike Langberg, Infoblox
408.986.5697
mlangberg@infoblox.com
Investor Contact:
Renee Lyall, Infoblox
408.986.4748
rlyall@infoblox.com
Infoblox Inc. (NYSE:BLOX)
Historical Stock Chart
From Jun 2024 to Jul 2024
Infoblox Inc. (NYSE:BLOX)
Historical Stock Chart
From Jul 2023 to Jul 2024