1. Logicalis Breakfast Briefing
Ceire McQuaid and Gary Cox – Network Discovery and DNS Security
10th July 2014

2. Infoblox Introduction – Ceire McQuaid

3. Infoblox: Market Leader in Network Control
Founded in 1999
Total Revenue
(Fiscal Year Ending July 31)
Headquartered in Santa Clara, CA with global operations in 25 countries
($MM)
Leader in technology for network control
37% CAGR
Market leadership
Gartner Strong Positive Rating
40%+ Market Share
Infoblox is not a start-up. The company was started more than a dozen years ago – our technology is mature and field proven
The company HQ is in the heart of Silicon Valley with global operations in all major geographies –
We do business in 3 regions (Americas, EMEA, APJ) – and 25 countries
Infoblox makes essential technology to control networks – we’ll dig into that a bit later in the
We are a market leader in the space that we serve – with Strong Positive ratings from Gartner (3 years in a row) and 40% market share
(Note: Gartner Market Scope and market share stat is specific to DDI)
Infoblox has a massive customer base – our latest count is 6,200 different companies- we have shipped 45,000 systems
We are innovative, with a formal patent program for our employees. As of right now we own 20 patents and 27 more pending
Last but not least – the company did a successful IPO in April We now share our financial results publicly – which can be seen on the right.
7,000+ Customers, 45,000+ systems shipped
20 patents, 27 pending
IPO April 2012: NYSE BLOX

4. Broad Community of Engaged Partners
Strategic Alliance Partners
We also have a very broad number partners in several categories:
Strategic Alliance Partners are those partners with whom we have technology relationships with. Companies like VMware, F5 and Cisco with whom we have technology integrations
Or companies like CA who are actually OEM’ing some of our products (NetMRI in this case)
Our Channel Partners are “go-to-market” partners who resell our products as part of their solutions – there are hundreds of them worldwide
We have a very successful channel program called Infoblox Channel IP (stands for “Invest & Profit). This program has been supremely successful in helping us train several tiers of partners and create opportunity for both companies.
Lastly, we have System Integrator partners who deliver our products as part of their services offerings

5. Triggers that are Redefining the Network
consolidation
Mobile device explosion
Cloud / virtualization
Software defined Networks
Threat landscape
Ipv6 transition
At Infoblox , we are tracking six significant trends that are reshaping the network.
1. Consolidation
IT organizations are continuing consolidation projects, to reduce overhead, deliver greater value (through better apps)
This is massively changing the fabric of the network – as companies modernize and restructure for better performance for the dollar
Mobile Device Explosion
2012 was the inflection point, more tablets & smartphones sold than PC’s
2.6B personal devices by the users are increasingly mobile and social
These devices are consuming rich media – heavy video, web and rich content
These devices are walking into the work-place and consuming business network services (BYOD)
New compute paradigms
Virtualization is certainly not new, but the massive virtualization of servers continues without slowing down – new virtual machines are being created at the rate of one every 6-8 seconds! All these virtual machines need IP addresses
Cloud computing adoption is growing both in public and private cloud use cases.
52% of organizations we surveyed in 2012 said they had deployed a private cloud, 11% said they would deploy in the next 6 months
Of those that had private clouds, 36% said they were running tier 1 applications on them
Software Defined Networks
While this is not something that most of our customers are dealing with today -- this is a trend that we at Infoblox is participating in
As it matures, it will impact how we do networking in the next 3-5 years
This trend is about the changing the economics of networking, in a very similar way server virtualization changed the game for physical servers.
We will keep you informed as this evolves
The threat landscape
The big change here is that the bad guys are getting more sophisticated and more targeted
Its no longer a just about infecting a bunch of PC’s with malware
The threat landscape is shifting – and the big dangers that are lurking are about Advanced Persistent Threats (APT’s)
Very sophisticated attackers, new attack vectors, targeting very specific elements of the network, iteratively looking for vulnerabilities over time – with the target never knowing they are there
DNS infrastructure, VM’s, mobile devices are all significant attack surfaces
It’s literally cyber warfare out there and networks are vulnerable
IPv6
This has been a trend that has been brewing for a long time, but it’s finally impacting mainstream IT departments now
The IPv4 address allowed for only 4.2 billion unique addresses – which is actually less than the human population in 2012
The global IANA IP registry exhausted their supply of IPv4 addresses in February of 2011 – they handed out their last blocks to the major regional registries
The Asian regional registry was first to exhaust their supply of IPv4 addresses in April of 2011
EMEA exhausted theirs in October of 2012
North America / Latin America are likely to run out in the next months
Companies that are doing business globally are dealing with the need to transition now because their European and Asian counterparts have moved to IPv6
Many are running “dual stack” configurations – which means they’re running both standards
This trend is significant because traditional manual IP Address Management won’t cut it in the IPv6 mode.
IPv6 is 128 Bit addresses converted to HEX are not human readable at all (IPv6 address is made up of 32 HEX characters represented in blocks of 4, separated by colons.
This is what a typical IPv6 address looks like: 2001:0db8:85a3:0042:0000:8a2e:0370:7334

6. The Alternative Without Infoblox
APPS & END-POINTS
End points
VIRTUAL MACHINES
Private cloud
applications
UNIX bind
CONTROL PLANE
Vmware dns
Microsoft DNS
Microsoft DHCP
QIP
Complexity
Risk & Cost
Agility
Flexibility
Scripts
Command Line
So what does that picture look like without Infoblox?
Click: the Infrastructure layer is the same
Click: the Apps and End-points layer is the same
Click: but the middle layer – the control plane is VERY different
Most organizations have a mixed bag of management products in the middle.
Everything from Microsoft DNS servers (which you have to put MS Clustering on to make it highly available)
Separate DHCP servers
We often see DNS on VMware virtual machines
Or Unix Bind servers with administrators using Excel spreadsheets to do IP Address Management
And sometimes other dedicated vendors like QIP from Alcatel-Lucent
For the network automation – we often see a mixed back of Perl Scripts, Command line interfaces and other 3rd party tools.
And note, each of these systems requires significant human intervention and management, so you have a lot of administrator effort
Each of these systems keeps it’s own repository for data, so the questions you have to ask are:
How do you maintain this environment?
How do you update this environment?
How do you handle disaster recovery in this environment?
How do you get visibility and reporting when the data is all over the place?
How efficient is your staff in this type of environment?
Last but not least – how secure is this environment?
Click: We see this all the time. This type of arrangement increases complexity, risk and cost and drives down agility and flexibility.
NETWORK INFRASTRUCTURE
firewalls
switches
routers
Web proxy
Load balancers

7. What We Do: Innovative Technology for Network Control
APPS & END-POINTS
End points
VIRTUAL MACHINES
Private cloud
applications
Essential Network Control Functions: DNS, DHCP, IPAM (DDI)
CONTROL PLANE
Infoblox GridTM w/ Real-time Network Database
Historical /Real-time Reporting & Control
Discovery, Real-time Configuration & Change, Compliance
Infoblox can help organizations deal with the risks and expenses associated with these trends.
Let’s take a look at how:
Click: The modern network is made up of the infrastructure layer, which is all the devices you’re very familiar with (switches, routers, firewalls, load balancers, web proxy’s etc.)
Click: These devices exist to support this layer – your Apps and Endpoints. Ranging from Voice Over IP Phones to tablets and smart phones, to all the VM’s and private clouds, all servicing the applications that drive the business.
Click: Infoblox plays in the middle. In the control plane. We put our technology on high performance, highly available and secure platform (we call this the Grid). The grid has a very powerful, distributed network database that keeps all the information in one place
So what does Infoblox do?
Click: We deliver Discovery, Real-time Configuration & Change management, and compliance for this layer
Click: And we deliver Essential Network Control functions like DNS, DHCP and IPAM (known as DDI) for this layer
And since we touch all these devices and capture real-time data in a single place…
Click: we can do some amazing real-time and historical reporting as well as advanced control
NETWORK INFRASTRUCTURE
firewalls
switches
routers
Web proxy
Load balancers

8. Network and Device Discovery

9. Connected, Dynamic DDI Integrated Database, 360 Degree View of IP Data
Advanced Reporting
Infoblox DNS/DHCP
Network Task Automation
Microsoft DNS/DHCP
Infoblox is uniquely positioned to address the challenges in the last slide.
Our solution is designed to take you from that disconnected, manual environment to a completely connected, dynamic DDI system. We accomplish this in a number of different ways. First, we provide an integrated database with a single point of management and 360 degree view of all of your IP data. We then connect IP Management to 4 critical parts of your active network:
Our own DNS and DHCP services, integrated into one central database
Microsoft DNS and DHCP using a true agentless connector. This not only allows you replicate Microsoft DNS and DHCP data right into our IPAM database but also delivers central management for Microsoft DNS and DHCP right from our next gen GUI.
The physical network using Layer 2 and Layer 3 discovery. Infoblox will talk with your routers and switches, read ARP caches and CAM tables, so you can see all the subnets defined on your network and where IP devices are connecting on what switches, switch ports, VLANs…even at what duplex setting. All of this valuable information is replicated to the IPAM database and updated as information changes over time.
In VMware virtual environments you have visibility into virtual servers, virtual IP’s and virtual host information. This allows you to see new VM’s as they are spun up on the network and reclaim IP’s when VM’s are decommissioned.
Since all of your IP data is now stored in a central repository you can significantly improve your reporting capabilities and get visibility into DNS query response times, top talkers, network utilization, IPAM utilization, DHCP statistics, network compliance and more. This includes recent trends as well as historical information.
Finally, now that you have a completely connected IPAM system you have a launching platform for network automation. The ability to define a static IP address, configure the downstream router, turn up switch ports, reconfigure the VLAN…..all from a single management GUI.
VMware Virtual Discovery
Layer 2 and Layer 3 Discovery
Network
IP Endpoints
Switch/Routers

10. Detection
69% of users say they are accessing corporate networks with personal devices!
34% of CIOs think employees are accessing their network with personal devices…
Infoblox Device Fingerprinting lets you detect ALL the dynamic devices on your network

11. Historical Lease Information with Fingerprint
Filter
Smart Folder
Sort
Sort by device type
Filter to manage specific devices quickly
Build unique Smart Folders

12. Find & Remediate Potential Security Breachesv1
Find & Remediate Potential Security Breaches
Physically Locate a MAC or IP Address
Uncover Rogue Devices
Find and Remediate Security Breaches: There are many ways security can be breached, Augusta’s discovery can help find those devices / connections that are not within policy.
VLAN creation in slave of a switch stack: The VLAN may look ok on its own however Augusta data shows that it has been configured at the slave level as opposed to being propagated from the master switch. This is a non-standard practice. With the use of a tool like CiscoWorks the network administrator can determine who configured the VLAN on that port and then the real question can be asked… WHY?
Rouge DHCP Servers: Network teams have reported branch location outages because of a rogue DHCP server with in the office. Standard wireless routers like those from Linksys and Netgear are combination devices with the ability to act as a DHCP server handing out IP addresses. Detection of the rouge devices is easily accomplished with Augusta and the Smart Folders feature. Having a smart folder for unmanaged networks a Linksys router can be detected and probed to determine if the port for DHCP services is open on the device. This is an indication that if it is not already it is capable of and configured to issue IP addresses on an unmanaged network.
Physically Track MAC address: In some instances the security team only has a MAC address that has been flagged as a potential risk. The MAC address is provided to the network team in order for them to physically locate the device with that MAC address. Utilizing the combined grid data of DHCP and Augusta discovery data the current physical location can be quickly ascertained and provided to security for further investigation.
Find & Investigate Suspicious or unknown VLANs

13. A closer look with ‘Network Insight’
GATHER
ANALYZE
TAKE ACTION
Network Insight’s intelligent IPAM integrates near real-time infrastructure device data with IP address management
The collection and correlation of the data provides unprecedented visibility, the better the data the better the decision
Validate designs, effectively provision, troubleshoot, remediate rogue devices, errors, and unmanaged devices and networks
Substantiate newly installed network equipment against original plans
Trim process steps for trouble shooting - reducing mean- time-to-repair (MTTR)
Quickly eliminate the network as a root cause, refocus trouble shooting teams
Identify and respond to security risks in the network
Improve "cleanliness" of network data to:
Build trust in automated processes with the ability to track and confirm automated results
Improve operational efficiencies / create a manageable automated environment
Collaborate with cross-functional groups with confidence
See the use of IP ranges allocated to other work groups
Implement role-based administration of IP ranges for those groups

14. Infoblox Grid with Network Insight
Cloud Orchestration Integration (VMware, BMC)
Virtualization
VMware Integration
Patented Grid Technology: Central Management, Authoritative DB
Virtualization & Cloud Integration
Grid Master at Recovery Site
Edge Network/ Remote Offices
Branch Office
DNS/DHCP
HQ Grid Master
ND Consolidator
New
Network Insight ND Appliance
Reporting Server
Integrated
Advanced Reporting Engine
All Centrally Managed as ONE System
The foundation of Infoblox DNS, DHCP and IP address mgmt. is patented technology we call the Grid. This technology links a unified, centrally managed system of appliances that share a common, real-time distributed database, rather than individual nodes with siloed data common with general purpose servers.
It synchronizes the data across the systems in real time in response to changes as devices are added, deleted or data changes. A new or replacement Infoblox appliance need only be plugged into the Grid and it is automatically loaded with the right level of the operating system and its data is synchronized. By design, it is a more reliable and secure than software solutions on general purpose servers.
On the Slide bottom notice there is Microsoft management
Moving counter clock-wise there is the Grid Master recovery site or the Grid Master candidate to ensure the systems is available in case of a disaster.
At the top of the screen is virtual support for a variety of platforms and technologies
And there is reporting that Ed will talk about in a bit.
It is designed so all management functions are available through the GUI… so we eliminate the need for using Command Line or writing custom scripts.
And note in red “ It is All centrally Managed as ONE System”
Microsoft DNS, DHCP
Branch Office
ND Probe
New
Network Insight ND Appliance
Agentless Management of Microsoft DNS/DHCP & Full AD Integration

15. Network Insight in the Grid
New Device Tab
Network device data now integrated into IPAM
Know what your infrastructure devices are by vendor, model, OS version, etc.

16. Visibility into all configured networks
IPAM view automatically indicates managed and unmanaged networks (highlighted in yellow)
From the IPAM view select a network and view the infrastructure devices located on that network

17. You can’t fix what you don’t see
Unknown devices identified in the network that are not in IPAM are flagged as Unmanaged enabling easy identification and fast action. (highlighted in yellow)
Select an IP address to view more information about the switch port the device is connected too.
A complete view of all interfaces, port speed, port type and VLANS on the port, admin status, and operation status

18. DNS Security Protect, Contain, Report

19. The Rising Tide of DNS Threats
Are You Prepared?
In the last year alone there has been an increase of
200%
58%
With possible amplification up to
100x
DNS attacks1
DDoS attacks1
on a DNS attack, the amount of traffic delivered to a victim can be huge
28M 2M
Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2
With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant
33M
Number of open recursive DNS servers2
1. Quarterly Global DDoS Attack Report, Prolexic, 1st Quarter,

20. The Rising Tide of DNS Threats
Are You Prepared?
DNS attacks are rising for 3 reasons:
Countries of origin for the most DDoS attacks in the last year
China 1
Easy to spoof US
Brazil
Russia
France
India 2
Asymmetric amplification
Germany
Korea
Egypt
Taiwan 3
High-value target

21. The Rising Tide of DNS Threats
Are You Prepared?
Financial impact is huge
Top Industries Targeted4
Public Sector 5%
$27
Media & Entertainment
17%
Financial Services
13%
million
42%
Enterprise
High Tech 7%
Business Services
21%
The average loss for a 24-hour outage from a DDoS attack3
29%
Commerce
Consumer Goods 2%
Avg estimated loss per DDoS event in 20123
Healthcare 2%
Hotels 5%
Automotive 1%
Government
-$7.7M
Technology company
Financial services
Retail
22%
Miscellaneous 5%
-$13.6M
-$17M
3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, State of the Internet, Akamai, 2nd Quarter, 2013

22. The Rising Tide of DNS Threats
Are You Prepared?
TCP/UDP/ICMP floods:
Flood victim’s network with large amounts of traffic
DNS amplification:
Use amplification in DNS reply to flood victim
DNS cache poisoning:
Corruption of a DNS cache database with a rogue address
Protocol anomalies:
Malformed DNS packets causing server to crash
Top 10
DNS tunneling:
Tunneling of another protocol through DNS for data ex-filtration
DNS hijacking:
Subverting resolution of DNS queries to point to rogue DNS server
DNS attacks
DNS based exploits:
Exploit vulnerabilities in DNS software
Reconnaissance:
Probe to get information on network environment before launching attack
DNS reflection/DrDos:
Use third party DNS servers to propagate DDoS attack
Fragmentation:
Traffic with lots of small out of order fragments

23. The Rising Tide of DNS Threats
Are You Prepared?
The bottom line is
“Organizations should invest in protecting their DNS infrastructure.”
– Gartner5
Infoblox helps protect against the rising tide of DNS threats
5. Leverage Your Network Design to Mitigate DDoS Attacks, Report ID G , Gartner, July 2013

24. Infoblox Advanced DNS Protection Solution
Unique Detection and Mitigation
Intelligently detects DNS-based attacks
Mitigates attacks while responding to legitimate DNS requests
Centralized Visibility
Centralized view of all attacks happening across the network through detailed reports
Intelligence needed to take action
Ongoing Protection against evolving threats
Automatic threat rule updates based on threat analysis and research
Ongoing protection against evolving DNS threats
© 2013 Infoblox Inc. All Rights Reserved.

25. How Does Advanced DNS Protection Work?
Amplification
DNS DDoS
Legitimate Traffic
Reflection
Exploits
Automatic
Updates
Block DNS attacks
Infoblox Threat Rule Server
New
Grid-wide rule distribution
Infoblox Adv. DNS Protection
New
Infoblox Adv. DNS Protection
GRID Master
Send Reports
DNS attacks come interspersed with legitimate DNS traffic
Advanced DNS Protection pre-processes the requests to filter out attacks
It responds to legitimate DNS requests
The attack types and patterns are sent to Infoblox Reporting server
When Infoblox detects new threats, it creates rules and updates the Advanced DNS
Reporting
Server
Reports on attack types, severity

26. What Attacks does Infoblox ADP protect against?
DOS/DDoS Category
Amplification and reflection
Using the DNS server to propagate a DOS/DDOS attack. We rate limit root and Any query
Flood Based Attacks
Floods
UDP,TCP, ICMP
Unexpected header values
Land attack
IGMP flood
Invalid input Moyari13,
OS and BIND server vulnerabilities
Linux and Bind based exploits
Example A Specially crafted query can cause BIND to terminate abnormally. We analyze packets on network processor before they reach the DNS server.
Protocol Anomaly Based Attacks
Impersonation attacks
Smack
Large packets
Ping of death
Invalid fragments
Nestea, TearDrop, Jolt
DNS Specific
Cache poisoning
Poison DNS server cache (Birthday Paradox attack)
DNS Tunneling
Iodine
DNS Message type
Block specific queries by record type
FQDN, IP
Template rule
Reconnaissance
Command to find version and other information
Multi-pronged Security
Dedicated compute capacity with additional network processor card so DNS server can continue to service under attack
Signature based attack detection for known vulnerabilities and exploits
Dynamic throttling to mitigate flood based, DDOS reflection and amplification DNS attacks
Fine-grain filters to allow/block specific DNS record types offers automated threat mitigation
Reports provide greater visibility into the DNS traffic for early detection of attack symptoms with reconnaissance type of activities
Some of this is subject to Cavium issues.
IGMP flood blocked by not allowing ICMP timestamp packets
Land attack, Eyenetdee – land covered by blocking sameip, eyenetdee not used to attack dns, and we block ports it does attack

27. Reporting Intelligence needed to take action
Attack details by category, member, rule, severity and time
Visibility into the origin and scope of the attacks
Early detection and mitigation

28. DON’T LET THEM CALL HOME
In 2012…
~7.8 million new malware threats per quarter
Mobile threats grew ~10X
855 successful breaches w/ 174 million records compromised
DON’T LET THEM CALL HOME
Stop malware before it causes trouble
Infoblox DNS Firewall cuts off malware communications

29. Threat: Malware Uses DNS
Malware infects clients when they visit malicious web sites, whose names are resolved using DNS
Malware rendezvous with command-and-control channels using hardwired domain names and rapidly changing IP addresses
Malware can also tunnel new malicious code or commands through DNS itself

30. DNS Firewall Protects Against Malware
Reputational Feed
from Infoblox 5 3
IPs/Oomains/etc.
of ‘bad servers’ ….
INTERNET
DNS Firewall/
DNS Server with
Response Policy Zone (RPZ)
INTRANET
DNS Firewall Protects Against Malware
So how do you effectively take a way DNS from the Malware so it can’t find the botnets or Command & Control servers?! Infoblox DNS Firewall removes DNS as a hole in your network by disrupting resolution of DNS queries to malicious domains. To understand how DNS Firewall does it job lets work through how it works starting from the left side of the page and moving to the right.
An infected mobile device is brought into the office. Upon connection, the malware starts to spread to other devices on the network.
Malware begins to spread and gather up information to exfiltrate.
Malware makes a DNS query (Domain) via an application such as VoIP, IM, RPC, CHAT, in order to find ‘home’
DNS Firewall has the ‘bad’ domain in its table of domains to block. It does not allow the DNS server to resolve the query and in the case of HTTP/URL requests redirects the user to a landing page or ‘Walled Garden’
5. DNS Firewall is continually updated by the Infoblox Security Cloud with bad domains/IP addresses to block.
Block / Re-direct
DNS Query 4 1 2
User clicks on link to Malware site
Infoblox Reporting Server – ID infected device by
IP/MAC address & device type
Uninfected End-point
Brought into office

31. DNS Firewall Contains Malware
C&C Portals
Reputational Feed
from Infoblox 5
C&C Proxies
IPs/Oomains/etc.
of ‘bad servers’ 1
C & C / Botnet
Portal IP’s ….
Mobile End-point
INTERNET
DNS Firewall/
DNS Server with
Response Policy Zone (RPZ)
INTRANET 3
DNS Firewall Protects Against Malware
So how do you effectively take a way DNS from the Malware so it can’t find the botnets or Command & Control servers?! Infoblox DNS Firewall removes DNS as a hole in your network by disrupting resolution of DNS queries to malicious domains. To understand how DNS Firewall does it job lets work through how it works starting from the left side of the page and moving to the right.
An infected mobile device is brought into the office. Upon connection, the malware starts to spread to other devices on the network.
Malware begins to spread and gather up information to exfiltrate.
Malware makes a DNS query (Domain) via an application such as VoIP, IM, RPC, CHAT, in order to find ‘home’
DNS Firewall has the ‘bad’ domain in its table of domains to block. It does not allow the DNS server to resolve the query and in the case of HTTP/URL requests redirects the user to a landing page or ‘Walled Garden’
5. DNS Firewall is continually updated by the Infoblox Security Cloud with bad domains/IP addresses to block.
Block / Re-direct
DNS Query 4 2
Malware
searches & spreads within network
Infoblox Reporting Server – ID infected device by
IP/MAC address & device type
Mobile End-point
Brought into office
Malware
DNS Query to
‘find & phone home’

32. DNS Firewall - FireEye Adapter
Rogue
Portals 1
C & C / Proxy
Portal IP’s
Compromised
Web Server or Domain ….
INTERNET
DNS Server W/
DNS Firewall
INTRANET
FireEye 2
Block / Re-direct
DNS Query 3 4
Domain-name &
Host IP address
to be blocked
DNS Firewall - FireEye Adapter
2 Scenarios - Rouge organization infects a domain/web server frequented by employees of targeted entity. A callback to a command & control server (that could be separate from the compromised domain)
FireEye captures & detonates traffic from suspicious files, web objects, and attachments within instrumented virtual machine environments. It determines that the data/file is malicious & therefore should be blocked.
FireEye sends an XML alert to DNS Firewall has the ‘bad’ domain and Host IP address. Infoblox DNS Firewall Server adds the Domain and Host IP address to in its table of locations to be blocked. It does not allow the DNS server to resolve the query and in the case of HTTP/URL requests redirects the user to a landing page or ‘Walled Garden’. Malware makes a DNS query (Domain) via an application (e.g. VoIP, IM, RPC, CHAT, SIP) in order to find ‘home’
DNS Firewall sends information on those devices that made DNS queries to ‘bad’ domains or IP addresses to Infoblox Reporting which cross correlates the IP address, DHCP lease and DHCP Device type to create a report that helps Security ID devices for clean-up.
Play Malware Attack
Infoblox Reporting Server – ID infected device by IP, MAC address & device type for remediation
Detects & detonates
advanced malware
Infected
Enterprise
End-point
Malware / apps
Initiate DNS requests
for web domains

33. Questions?

34. Break time!