© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll

© 2011 Infoblox Inc. All Rights Reserved. Telecom Retail Manufacturing Media and Internet Transportation Government Life Sciences Financial Services Education Energy Infoblox Alliance Partners Market Leaders Choose Infoblox Global Customers, 300+ Fortune 500

© 2011 Infoblox Inc. All Rights Reserved. Networks Without Infoblox – Siloes of Data, Multiple Management Points APPS & END-POINTS END POINTSVIRTUAL MACHINESPUBLIC CLOUDAPPLICATIONS 3 NETWORK INFRASTRUCTURE FIREWALLSSWITCHESROUTERSWEB PROXYLOAD BALANCERS Complexity Risk & Cost Agility Flexibility CONTROL PLANE SCRIPTS COMMAND LINE MICROSOFT DHCPMICROSOFT DNSVMWARE DNS EXTERNAL DNS BIND / MICROSOFT MALWARE X X X X X X IPAM (IP ADDRESS MANAGEMENT)

© 2011 Infoblox Inc. All Rights Reserved. Infrastructure Security With Infoblox NETWORK INFRASTRUCTURE FIREWALLSSWITCHESROUTERSWEB PROXYLOAD BALANCERS Historical / Real-time Reporting & Control Historical / Real-time Reporting & Control APPS & END-POINTS END POINTSVIRTUAL MACHINESPRIVATE CLOUDAPPLICATIONS CONTROL PLANE Infoblox Grid TM w/ Real-time Network Database

© 2011 Infoblox Inc. All Rights Reserved. Infoblox DDI and Grid Agentless Management of Microsoft DNS/DHCP & Full AD Integration Cloud Orchestration Integration (VMware, BMC) Virtualization VMware Integration Microsoft DNS, DHCP Branch Office Reporting Server Integrated Advanced Reporting Integrated Advanced Reporting Edge Network/ Remote Offices Branch Office DNS/DHCP Branch Office DNS/DHCP Branch Office Grid Master Grid Master Site Patented Grid Technology: Central Management, Authoritative DB Virtualization & Cloud Integration HA pr. Grid Member

© 2011 Infoblox Inc. All Rights Reserved. Simplified Workflow Design Drag and drop GUI Create highly effective workflows within minutes

© 2011 Infoblox Inc. All Rights Reserved. Orchestration Highlights Automate IP/DNS and network configurations for VMs provisioned by MS System Center Pre-defined workflows that can be customized. E.g. Reserve an IP for VMs Create VM in an existing virtual network Remove VM and related DNS records Create network Delete network Batch processing support

© 2011 Infoblox Inc. All Rights Reserved. Infoblox Provides Complete Network Awareness 8 Authoritative Network Database, 360 Degree View of IP Data

© 2011 Infoblox Inc. All Rights Reserved. Secure DNS 9

© 2011 Infoblox Inc. All Rights Reserved. DNS Attacks In the last year alone there has been an increase of 200% DNS attacks 1 58% DDoS attacks 1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks 2 33M Number of open recursive DNS servers 2 With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant 2M2M 1. Quarterly Global DDoS Attack Report, Prolexic, 4 th Quarter, Financial services Technology company Government Financial impact is huge Avg estimated loss per DDoS event in $7.7M -$13.6M -$17M The average loss for a 24-hour outage from a DDoS attack 3 42% Enterprise 29% Commerce Miscellaneous5% Automotive1%1% Healthcare2%2% Business Services 21% Financial Services 13% Public Sector 5%5% Media & Entertainment 17% High Tech 7% Consumer Goods 2% Hotels 5% Retail 22% Top Industries Targeted 4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, State of the Internet, Akamai, 2nd Quarter, 2013

© 2011 Infoblox Inc. All Rights Reserved. DNS Protection Is Not Just About DDoS DNS reflection/DrDoS attacks Using third-party DNS servers(open resolvers) to propagate a DOS or DDOS attack DNS amplification Using a specially crafted query to create an amplified response to flood the victim with traffic DNS-based exploits Attacks that exploit vulnerabilities in the DNS software TCP/UDP/ICMP floods Denial of service on layer 3 by bringing a network or service down by flooding it with large amounts of traffic DNS cache poisoning Corruption of the DNS cache data with a rogue address Protocol anomalies Causing the server to crash by sending malformed packets and queries Reconnaissance Attempts by hackers to get information on the network environment before launching a DDoS or other type of attack DNS tunneling Tunneling of another protocol through DNS for data exfiltration

© 2011 Infoblox Inc. All Rights Reserved. Advanced DNS Protection Work? Reporting Server Automatic updates Infoblox Threat-rule Server Advanced DNS Protection (External DNS) Reports on attack types, severity Amplification Cache Poisoning Legitimate Traffic Reconnaissance DNS Exploits Advanced DNS Protection (Internal DNS) Grid-wide rule distribution Data for Reports  ADP appliance reaches out to Threat-rule server periodically for updates

© 2011 Infoblox Inc. All Rights Reserved. Advanced DNS Protection Programmable Technology (PT series) For SP who have IB 4030-Rev2 just need the protection service <50,000 QPS <143,000 QPS <200,000 QPS Sizing recommendation:

© 2011 Infoblox Inc. All Rights Reserved. Malware Threats Booming! 14  Average over 7 million new Malware threats per quarter in 2014*  Mobile threats grew about 10X in 2014*  855 successful breaches / 174 million records compromised in 2014**  69% of successful breaches utilized Malware**  54% took months to discover, 29% weeks**  92% discovered by external party** Startling statistics

© 2011 Infoblox Inc. All Rights Reserved. DNS Firewall: Block Malware/APT An infected device brought into the office. Malware spreads to other devices on network. 123 Malware makes a DNS query to find “home.” (botnet / C&C) DNS Firewall blocks DNS query (by Domain name / IP Address ) Malicious domains Infoblox DDI with DNS Firewall Blocked attempt sent to Syslog 34 Malware / APT 12 Malware / APT spreads within network; Calls home 4 Pinpoint any infected device: IP address MAC address Device type (DHCP fingerprint) Host name DHCP lease history Reputation data comes from: DNS Firewall Subscription Svc FireEye Adapter (NX Series) DNS FW – Security Net that can catch 80% of Malware comm.

© 2011 Infoblox Inc. All Rights Reserved. Introducing: DNS Firewall + FireEye Adapter C & C / Botnet Portal IP’s C & C / Botnet Portal IP’s Detects & detonates advanced malware C&C Proxies C&C Portals Malware DNS Query to ‘find & phone home’ DNS Server with DNS Firewall …. Infoblox Firewall Subscription service INTRANET INTERNET Infected Enterprise End-point Block / Re-direct DNS Query Ips/Domains/etc. of ‘bad servers’ 123B Infoblox Reporting Server – ID infected device by IP/MAC address & device type A FireEye Play Malware Attack Domain-name & Host IP address to be blocked DNS Firewall Subscription Svc DNS Firewall - FireEye Adapter AB

© 2011 Infoblox Inc. All Rights Reserved. DNS FW & FEYE Use Case Infoblox account team helped Mobile Device Company extend their current investment in Infoblox and FireEye. 35 to 40 thousand DNS suspicious queries/day FireEye alerts and Dynamically Updates the Infoblox DNS Firewall w/ the Bad Domains, IP Addresses that the malware is querying. GameOver Zeus & ThreatStop! Key Takeaway: Infoblox and FireEye prevent infected (present and future)clients from exploiting DNS services

© 2011 Infoblox Inc. All Rights Reserved. IB DNS FW Use Case Healthcare Cryptolocker discovered and stopped We blocked DNS query's to the HealthCare's webpage Banner infected determined to be hosting cryptolocker to trusted and guest network. Key Takeaway: DNS FW and Feed is automatically updated. Manually blacklisting is not a viable solution.

© 2011 Infoblox Inc. All Rights Reserved. In Review Defense In Depth DNS is critical infrastructure Unprotected DNS infrastructure introduces serious security risks Infoblox Secure DNS Solution protects critical DNS services Infoblox Advanced DNS Protection Defend Against DNS Attacks Infoblox Advanced DNS Protection Defend Against DNS Attacks Infoblox DNS Firewall Prevents Malware/APT from Using DNS Infoblox DNS Firewall Prevents Malware/APT from Using DNS Hardened Appliance & OS Secure the DNS Platform