How do I select a remote workforce protection solution for my business?

Recent research shows almost three quarters of large businesses believe remote working policies introduced to help stop the spread of COVID-19 are making their companies more vulnerable to cyberattacks. New attack vectors for opportunistic cyber attackers – and new challenges for network administrators have been introduced.

To select a suitable remote workforce protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Vince Berk, VP, Chief Architect Security, Riverbed

select remote workforce protectionA business needs to meet three main realizations or criteria for a remote workforce protection solution to be effective:

Use of SaaS, where access to the traffic in traditional ways becomes challenging: understanding where data lives, and who accesses it, and controlling this access, is the minimum bar to pass in an environment where packets are not available or the connection cannot be intercepted.

Recognition that users use a multitude of devices, from laptops, iPads, phones—many of which are not owned or controlled by the enterprise: can identity be established definitively, can data access be controlled effecitvely, and forensically accurately monitored for compromise at the cloud/datacenter end?

When security becomes ‘too invasive’, workers create out-of-band business processes and “shadow IT,” which are a major blind spot as well as a potential risk surface as company private information ends up outside of the control of the organization: does the solution provide a way to discover and potentially control use of this modern shadow IT.

A comprehensive security solution for remote work must acknowledge the novel problems these new trends bring and succeed on resolving these issues for all three criteria.

Kate Bolseth, CEO, HelpSystems

select remote workforce protectionOne thing must be clear: your entire management team needs to assist in establishing the right infrastructure in order to facilitate a successful remote workforce environment.

Before looking at any solutions, answer the following questions:

  • How are my employees accessing data?
  • How are they working?
  • How can we minimize the risk of data breaches or inadvertent exposure of sensitive data?
  • How do we discern what data is sensitive and needs to be protected?

The answers will inform organizational planning and facilitate employee engagement while removing potential security roadblocks that might thwart workforce productivity. These guidelines must be as fluid as the extraordinary circumstances we are facing without creating unforeseen exposure to risk.

When examining solutions, any option worth considering must be able to identify and classify sensitive personal data and critical corporate information assets. The deployment of enterprise-grade security is essential to protecting the virtual workforce from security breaches via personal computers as well as at-home Wi-Fi networks and routers.

Ultimately, it’s the flow of email that remains the biggest vulnerability for most organizations, so make sure your solution examines emails and files at the point of creation to identify personal data and apply proper protection while providing the link to broader data classification.

Carolyn Crandall, Chief Deception Officer, Attivo Networks

select remote workforce protectionWhen selecting a remote workforce protection solution, CISOs need to consider three key areas: exposed endpoints, security for Active Directory (AD) and preventing malware from spreading.

Exposed endpoints: standard anti-virus software and VPNs are no match for advanced signature-less or file-less attack techniques. EDR tools enhance detection but still leave gaps. Therefore pick an endpoint solution capable of quickly detecting endpoint lateral movement, discovery and privilege escalation.

Security for Active Directory (AD): cloud services and identity access management need protection against credential theft, privilege escalation and AD takeover. In a remote workforce context AD is often over provisioned or misconfigured. A good answer is denial technology which detects discovery behaviors and attempts at privilege escalation.

Preventing spread of malware: it is almost impossible to prevent malware passing from workforce machines reconnecting to the network. It is vital therefore to choose a resolution that uncovers lateral movement, APTs, ransomware and insider threats. Popular options include EPP/EDR, Intrusion Detection/Prevention Systems (IDS/IPS) and deception technology. When selecting, take account of native integrations and automation as well as how well the tools combine to share data and automate incident response.

In short, the answer to remote workforce protection lies in a robust, layered defence. If attackers get through one, there must be additional controls to stop them from progressing.

Daniel Döring, Technical Director Security and Strategic Alliances, Matrix42

select remote workforce protectionEndpoint security requires a bundle of measures, and only companies that take all aspects into account can ensure a high level of security.

Automated malware protection: automated detection in case of anomalies and deviations is a fundamental driver for IT to be able to react quickly in case of an incident. In this way, it is often possible to fend off attacks before they even cause damage.

Device control: all devices that have access to corporate IT must be registered and secured in advance. This includes both corporate devices and private employee devices such as smartphones, tablets, or laptops. If, for example, a smartphone is lost, access to the system can be withdrawn at the click of a mouse.

App control: if, in addition to devices, all applications are centrally controlled by IT, IT risks can be further minimized. The IT department can thus control access at any time.

Encryption: the encryption of all existing data protects against the consequences of data loss.

Data protection at the technological and manual levels: automated and manual measures are combined for greater data protection. Employees must continue to be trained so that they are aware of risks. However, the secure management of data stocks can be simplified with the help of technology in such a way that error tolerance is significantly increased.

Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black

select remote workforce protectionThe most important aspect for any security solution is how this product is going to complement your current environment and compensate for gaps within your existing controls.

Whether you’re looking to upgrade your endpoint protections or add always-on VPN capability for the now predominately remote workforce, there are a few key considerations when it comes to deploying security software for protecting distributed assets:

  • Will the solution require infrastructure to deploy, or will this be a remote cloud hosted solution? Both options come with their unique benefits and drawbacks, with cloud being optimal for disparate systems and offloading the burden of securing internet-facing services to the vendor.
  • What is the footprint of the agent and are multiple agents required for the solution to be effective? Compute is expensive, agents should be as non-impactful to the system as possible.
  • How will this solution improve your security team’s visibility and ability to either prevent or respond to a breach? What key gaps in coverage will this tool help rectify as cost effectively as possible.
  • Will this meet the organization’s future needs, as things begin to shift back to the office?
  • Lastly, ensure that you allow for the team to operationalize and integrate the platform. This takes time. Don’t bring on too many tools at once.

Matt Lock, Technical Director, Varonis

select remote workforce protectionWith more remote working, comes more cyberattacks. When selecting a remote workforce solution, CISO’s must ask the following questions:

Am I able to provide comprehensive visibility of cloud apps? Microsoft Teams usage exploded by 500% during the pandemic, however given its immediate enforcement, deployments were rushed with misconfigured permissions. It’s paramount to pick a solution that allows security teams to see where sensitive data is overexposed and provide visibility into how each user can access Office 365 data.

Can I confidently monitor insider threat activity? The shift to remote working has seen a spike in insider threat activity and highlighted the importance of understanding where sensitive data is, who has access to it, whose leveraging that access, and any unusual access patterns. Best practices such as implementing the principle of least privilege to confine user access to the data should also be considered.

Do I have real-time insight into anomalous behavior? Having real-time awareness of unusual VPN, DNS and web activity mustn’t be overlooked. Gaining visibility of this web activity assists security teams track and trend progress as they mitigate critical security gaps.

Selecting the right workforce protection solution will vary for different organizations depending on their priorities but the top priority of any solution must be to provide clear visibility of data across all cloud and remote environments.

Druce MacFarlane, Head of Products – Security, Threat Intelligence and Analytics, Infoblox

select remote workforce protectionEnterprises investing in remote workforce security tools should consider shoring up their foundational security in a way that:

Secures corporate assets wherever they are located: backhauling traffic to a data center—for example with a VPN—can introduce latency and connectivity issues, especially when accessing cloud-based applications and services that are now essential for business operations. Look for solutions that extend the reach of your existing security stack, and leverage infrastructure you already rely on for connectivity to extend security, visibility, and control to the edge.

Optimizes your existing security stack: find a solution that works with your entire security ecosystem to cross-share threat intelligence, spot and flag suspicious activities, and automate threat response.

Offers flexible deployment: to get the most value for your spend, make sure the solution you choose can be deployed on-premises and in the cloud to offer security that cuts across your hybrid infrastructure, protecting your on-premises assets as well as your remote workforce, while allowing IT to manage the solution from anywhere.

The right solution to secure remote work should ideally enable you to scale quickly to optimize remote connections and secure corporate assets wherever they are located.

Faiz Shuja, CEO, SIRP Labs

select remote workforce protectionIn all the discussion around making remote working safer for employees, relatively little has been said about mechanisms governing distributed security monitoring and incident response teams working from home.

Normally, security analysts work within a SOC complete with advanced defences and tools. New special measures are needed to protect them while monitoring threats and responding to attacks from home.

Such measures include hardened machines with secure connectivity through VPNs, 2FA and jump machines. SOC teams also need to update security monitoring plans remotely.

Our advice to CISOs is to optimize security operations and monitoring platforms so that all essential cybersecurity information needed for accurate decision-making is contextualized and visible at-a-glance to a remote security analyst.

Practical measures include:

  • Unify the view for distributed security analysts to monitor and respond to threats
  • Ensure proper communication and escalation between security teams and across the organization through defined workflows
  • Use security orchestration and automation playbooks for repetitive investigation and incident response tasks for consistency across all distributed security analysts
  • Align risk matrix with evolving threat landscape
  • Enhance security monitoring use cases for remote access services and remotely connected devices

One notable essential is the capacity to constantly tweak risk-levels to quickly realign priorities to optimise the detection and response effectiveness of individual security team members.

Todd Weber, CTO, Americas, Optiv Security

select remote workforce protectionSelecting a remote workforce protection solution is more about scale these days than technology. Companies have been providing work-from-home solutions for several years, but not necessarily for all applications.

How granular can you get on access to applications based on certain conditions?

Simply the credentials themselves (even with multi-factor authentication) aren’t enough any longer to judge on trusted access to critical applications. Things like what device am I on, how trusted is this device, where in the world is this device, and other factors play a role, and remote access solutions need to accommodate granular access to applications based on this criteria.

Can I provide enhanced transport and access to applications with the solution?

The concept of SD-WAN is not new, but it has become more important as SaaS applications and distributed workforce have become more prevalent. Providing optimal network transport as well as a visibility point for user and data controls has become vitally important.

Does the solution provide protections for cloud SaaS applications?

Many applications are no longer hosted by companies and aren’t in the direct path of many controls. Can you deploy very granular controls within the solution that provides both visibility and access restrictions to IaaS and SaaS applications?

COVID-19 impact on digital transformation, cloud and security strategies

Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience, according to Infoblox.

COVID-19 impact

Survey findings are based on 1,077 responses from the US, the UK, Germany, the Netherlands, Spain, China, Japan, Australia, and Singapore.

The borderless enterprise is here to stay

More than 90% of decision-makers consider digital transformation and cloud-managed services a priority. The percentage of companies with a majority of employees working remotely more than tripled from 21% before the shutdown to 70% after. 40% of companies, twice the pre-COVID-19 rate, are permanently keeping a majority of workers remote.

Optimizing remote work

Organizations are still building out their IT infrastructure and security controls to optimize remote work. Organizations say distributing sanctioned devices (35%), building network infrastructure (35%), and securing the network (29%) are top IT challenges when transitioning to remote work.

The top security concerns

Threat mitigation and network visibility remain the top security concerns for the remote work environment. 68% say better threat detection and or mitigation technologies would enable more remote work for their organizations.

Specifically, respondents are looking for better visibility into devices on the corporate network (65%), cloud applications workers are using (61%), and compromised devices (46%).

Security incidents are rising

Half of the surveyed businesses are seeing more cyber-attacks—with the biggest jumps in China and Australia—while just a quarter are seeing fewer.

COVID-19 impact: Fostering collaboration

Companies are reversing policies to allow the use of personal applications to foster collaboration. 63% of companies are allowing workers to connect with each other using applications like WhatsApp, Zoom, and Houseparty.

Companies are using cloud security tools, particularly from the DDI family (DNS, DHCP, IP Address Management), to secure the borderless enterprise. 59% of companies plan on making additional investments in DNS to secure their expanded networks.

“When the COVID-19 shutdown started, organizations rushed to enable remote work overnight,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox. “Their top priority was making sure workers could connect to enterprise applications from their homes—sometimes through unsecured personal devices.”

The effectiveness of using DNS as a foundational element in future network security best practices

As cyberattacks escalate, Infoblox and Forrester Consulting investigated how security and risk (S&R) teams are using their DNS investments. The 203 respondents to the study reveal they most often use DNS to detect and block threats early in the kill chain, identify compromised devices, and investigate and respond to malware.

DNS investments

DNS is effective but under-utilized

The top findings underscore DNS is an effective but under-utilized tool for threat hunting and resolution even as alert fatigue challenges security teams to scale:

  • 94% of S&R leaders either use or consider DNS as a starting point for threat investigations but only 43% of security and risk leaders rely on DNS as a data source to complete their investigations.
  • 66% of respondents use DNS to catch threats — from DNS tunneling/data exfiltration, domain generation algorithms (DGAs), and lookalike domain attacks — that other security tools miss but only 34% anticipate using internal DNS to stop malicious attacks at scale.
  • 52% of leaders cite alert fatigue among teams and 51% report challenges dealing with threat triage; but only 58% of teams incorporate some automated processes for incident response.

DNS investments can help save the day

“It’s good to see the vast majority of security and risk teams recognize DNS as a powerful threat hunting tool,” said Anthony James, Vice President of Product Marketing at Infoblox.

“At the same time, most companies are leaving money on the table by under-using their DNS investments. With 56% of leaders looking to improve security ROI, DNS can help save the day by providing a single pane of visibility into threats across the network and the edges.”

DNS investments

“DNS can also help automate some of the more repetitive tasks in threat hunting, freeing up security teams who spend an average of 4 hours per incident investigation to address more complex problems,” continued James.

“DNS is one of the most effective ways that companies can fortify their security and risk frameworks and maximize their existing security investments.”

Is DNS a vital component of your security strategy?

Security and risk (S&R) teams often use DNS to detect and block threats early in the kill chain, identify compromised devices, and investigate and respond to malware, an Infoblox survey reveals.

security teams use DNS

The top findings underscore DNS is an effective but underutilized tool for threat hunting and resolution even as alert fatigue challenges security teams to scale:

  • 94% of S&R leaders either use or consider DNS as a starting point for threat investigations but only 43% of security and risk leaders rely on DNS as a data source to complete their investigations.
  • 66% of respondents use DNS to catch threats — from DNS tunneling/data exfiltration, domain generation algorithms (DGAs),and lookalike domain attacks — that other security tools miss but only 34% anticipate using internal DNS to stop malicious attacks at scale.
  • 52% of leaders cite alert fatigue among teams and 51% report challenges dealing with threat triage; but only 58% of teams incorporate some automated processes for incident response.

DNS can fortify security

“It’s good to see the vast majority of security and risk teams recognize DNS as a powerful threat hunting tool,” said Anthony James, Vice President of Product Marketing at Infoblox.

“At the same time, most companies are leaving money on the table by underusing their DNS investments. With 56% of leaders looking to improve security ROI, DNS can help save the day by providing a single pane of visibility into threats across the network and the edges.”

“DNS can also help automate some of the more repetitive tasks in threat hunting, freeing up security teams who spend an average of 4 hours per incident investigation to address more complex problems,” continued James.

“DNS is one of the most cost-effective ways that companies can fortify their security and risk frameworks and maximize their existing security investments.”

In an increasingly 5G and edge world, DNS matters

Infoblox identified the challenges Communication Service Providers (CSPs) face in transitioning to distributed cloud models, as well as the use cases for multi-access edge computing (MEC), 5G New Radio (NR), and 5G Next Generation Core (NGC) networks.

distributed dns

“Distributed cloud models such as 5G and multi-access edge computing networks have the potential to drastically change the CSP industry, delivering high-bandwidth, low latency services to network customers,” said Dilip Pillaipakam, Vice President and GM of Service Provider Business at Infoblox.

“Yet to fully take advantage of the benefits of these new technologies, DNS will have to evolve to address the challenges that come from delivering these high-value services at the network edge.”

DNS will need to be increasingly automated

DNS is a critical element to these new network architectures and technologies, enabling devices to access the network securely and reliably. And as 5G NR, NGC, and MEC technologies enable faster, more distributed networks with significantly more connected devices, DNS will need to be increasingly automated and operate at greater scale and with greater flexibility.

Yet, despite the importance of DNS to the reliable functioning of these networks, the survey found that few CSPs believe that their DNS is currently capable of supporting MEC or 5G NEC.

To meet this need, networks will need to leverage the benefits of distributed DNS technology that can enable network managers to meet users where they are—at the network edge.

Other key findings

  • CSPs consider DNS to be critical to the adoption of next-generation network technologies like 5G (71%), cloud-based managed security services (66%) and MEC (63%).
  • More than one third of CSPs surveyed plan to implement MEC (36%), 5G (35%), and NEC (35%) in the next 12-18 months.
  • Despite this, the lack of a mature vendor solution ranks as the largest obstacle these providers face in MEC (36%), 5G NR (46%) and 5G NEC (39%) deployments.

The CSPs surveyed included companies that represent all aspects of the industry; the largest groups were converged operators (46% of respondents), mobile operators (26%), and fixed-line and cable operators (10% each). The survey asked about their plans for implementing MEC, 5G NGC, and 5G NR technologies, business use cases, as well as concerns and obstacles to implementation.

distributed dns

The survey’s findings indicate that the future of DNS will hinge on the delivery of a fully distributed and fully capable edge-based DNS.

“CSPs seeking to advantage of the benefits of cloud-based and distributed technologies like MEC, 5G NR, and 5G NGC, will need DNS services that can keep up with the challenge of edge-centric network models,” continued Pillaipakam.

“DNS providers will need to adapt and evolve to ensure that customers in this industry are provided with the features, flexibility, and security that these new architectures demand.”

Infoblox DDI Platform brings benefits to dynamic NFV environments on Ciena uCPE platforms

Infoblox, the leader in Secure Cloud-Native and Cloud-Managed Network and Security Services, announced expanded market opportunities through a collaboration with Ciena, combining the benefits of the Infoblox DDI Platform to dynamic NFV environments with Ciena’s universal customer premise equipment (uCPE).

In this initial release, Infoblox DNS, DHCP, and IP Address Management (“DDI”) and Secure DNS capabilities are available for the Enterprise branch office edge, improving service agility with highly-available and dynamic DNS, DHCP and IP address assignment through a validated NFV software instance that runs on the Ciena 3906 and 3926 Platforms.

In a hybrid cloud architecture, enterprises continue to become more decentralized and operate across multiple platforms. While technologies such as SD-WAN can be a simple and cost-effective way to provide enterprises with reliable and optimized connectivity to cloud-based applications such as Office 365, without upgrades to their underlying DDI infrastructure, users can experience poor application performance due to inadvertent connections to geographically distant service endpoints in the cloud.

“Enterprises are moving towards SaaS and cloud-based applications, requiring branch office networks to evolve their DDI infrastructure to provide an optimal end-user experience,” said Dilip Pillaipakam, vice president of service provider products at Infoblox.

“Service providers are driving uCPE deployment discussions with medium and large enterprise clients focusing on SD-WAN managed services to help these highly distributed organizations evolve their network architecture to address the visibility, reliability, and management challenges of their remote locations.”

The Infoblox DDI NFV solution, leveraging Ciena’s 3906 and 3926 Platforms, enables service providers to offer enterprise customers the ability to simplify management of highly distributed remote networks and to optimize the network performance of cloud-based applications.

Through additional third-party virtualized network functions (VNFs), enterprises can replace traditional hardware-based appliances with SD-WAN connectivity, advanced firewall/UTM capabilities, secure DNS, and WAN optimization features, all hosted on a single, reliable, and secure Ciena host platform.

Further, Ciena’s 3906 and 3926 Platforms delivers MEF 2.0-compliant and MEF 3.0-compliant Ethernet connectivity, respectively, alongside VNF hosting. Ciena’s 3906 and 3926 Platforms are compact, carrier-grade CPEs optimized for 1 gigabit and 10 gigabit Ethernet connectivity applications, respectively.

“With an ongoing surge in demand for network connectivity and services, driven by high-bandwidth content and business-critical applications, the industry is witnessing firsthand how digital transformation impacts the network,” said Brian Lavallée, senior director of portfolio marketing at Ciena.

“CSPs and enterprises are actively modernizing their network assets to be increasingly intelligent, agile, and adaptive. With Infoblox, we make this journey possible.”

“There is significant and increasing demand for mission-critical functionality that reduces business and operational, and service providers continue to look to Infoblox to support them with their network virtualization efforts,” added Pillaipakam.

“Our validated NFV solution on Ciena uCPE platforms enables us to support service providers with operational simplicity, making it easier to deliver a secure and reliable connection to their subscribers, while reducing network operating expenses.”

DNS over HTTPS misuse or abuse: How to stay secure

Firefox and Chrome have recently begun supporting external DNS resolvers in the cloud. The use of these DNS services bypasses controls that enterprise IT organizations put in place to prevent end users from visiting unauthorized Internet destinations.

Compounding the issue is that certain operating systems and browsers use new encryption technologies – DNS over TLS (DoT) and DNS over HTTPS (DoH) – in the query response handshake with these unauthorized DNS services that make them harder to block.

DNS over HTTP abuse

In this podcast recorded at RSA Conference 2020, Srikrupa Srivatsan, Director of Product Marketing at Infoblox, talks about these trends and what you can do to safeguard your enterprise environment.

Here’s a transcript of the podcast for your convenience.

Hello, I’m Srikrupa Srivatsan, Director of Product Marketing at Infoblox. Today I’m going to talk about DNS over HTTPS misuse or abuse. You might’ve heard or it’s been in the news recently about the use of DNS over HTTPS, or DNS over TLS to improve privacy of DNS communications.

DNS, if you look back when it was first invented, it was not created or built with security or privacy in mind. It’s an open protocol, it’s a very trusting protocol, and it’s fundamental to the internet. We use it to access websites, we use it for email, you name it, anything that happens online uses DNS. But because it wasn’t built with security or privacy, what happens is the actual communication between your device, let’s say a laptop or an iPad or whatever it is, to the DNS server is open. If anybody is snooping, they’ll know exactly which websites you’re accessing.

What that means is there’s a little bit of user privacy issue when somebody does that. To counter that, what’s happened is there are two new developments in the market, DNS over HTTPS and DNS over TLS. These are meant to encrypt communication between the endpoint and your recursive DNS server. While the intention is good and it’s a perfect use case for consumers – at home, accessing websites from Starbucks, you don’t want random guys knowing where you’re going to, things like that. It could be attackers, things like that.

DNS over HTTP abuse

But in an enterprise setting, when you use DNS over TLS or DNS over HTTPS, it causes security issues. When I say security, what I mean is, because in DNS over HTTPS or DoH, as it’s called, the DNS queries are encrypted and sent over the HTTPS protocol, which means the enterprise DNS server does not see that request at all. It’s completely bypassed.

When your enterprise DNS server is completely bypassed, your IT admin has an issue. He no longer controls your access to the outside world, to the internet. He no longer knows whether you are in compliance with the company’s security policies, whether your device is secure enough.

Let’s say your security admin has put in some controls on the DNS server to detect things like data exfiltration or malware, C&C communications. Now, when the internal DNS server is bypassed, that security is lost for the user. It’s fine to use though in a kind of consumer setting, but when you think about an enterprise, you want to make sure that you are in control of where the users are going, you have visibility into where users are going, and you’re able to secure where your users are going, those connections.

For that, what we suggest or what we recommend as a best practice, is to make sure that, number one, is avoid using DoH resolvers, because these resolvers are sitting somewhere in the internet. They are not authorized by your company or the enterprise’s security admin or the IT admin. So, you’re kind of connecting to things that they are not approving or they’re not authorizing.

DNS over HTTP abuse

It’s becoming an issue these days because browser companies like Mozilla, just today, they announced a press release saying that they are by default making sure that all Firefox browsers have DoH enabled. If you use Firefox, automatically DoH is enabled. That’s the default setting. Your device, your laptop can send its DNS queries to a DoH resolver somewhere on the internet.

We see this trend by certain companies to default to DoH. It is a little bit dangerous because you’re bypassing your internal DNS and you’re bypassing security controls. What we suggest is to make sure that you’re using an internal DNS solution that can detect DoH and prevent these browsers from using DoH.

And you guys may already know, Infoblox is in the DNS security space. We have a solution called BloxOne Threat Defense that provides foundational security for things like detecting malware, C&C communications, from your laptops or any devices. It detects data exfiltration over DNS. DNS is constantly used to send out data because your DLP solutions or next-gen firewalls do not inspect DNS. It’s a great backdoor to exfiltrate data. We can detect and block that.

DNS over HTTP abuse

BloxOne Threat Defense Business On-Premises integrates with the entire cybersecurity ecosystem

And then we also have now added capability to prevent use of DoH in an enterprise setting, and make these browsers fall back gracefully to your internal DNS, so that the IT admins and security admins are retaining control. Even if you bring in a device within your enterprise network and you are using Firefox, it’ll fall back to the internal DNS. It will not connect to the DoH because we have certain feeds in our solution that enables that. We have DoH feeds that enable that.

Definitely that’s the best practice that we recommend to all our customers, and in general enterprise companies. It could be education, financial services, government, retail. It doesn’t matter what type of company you are. If you are an enterprise that has a lot of users and you want to make sure that you retain control and retain visibility of where they’re going, and you want to make sure your company’s policies are enforced, we highly recommend blocking these type of DNS implementations.

With that, I hope I gave you a little bit of an idea of the downsides or downfall of using things like DoH, and making sure that you are enabling your DNS server to be as secure as it can be, with solutions like BloxOne Threat Defense from Infoblox.

If you need more information on our DNS security solutions, you can visit We do have a solution, like I mentioned, called BloxOne Threat Defense that provides robust foundational security at the DNS layer. Thank you.

Infoblox NIOS 8.5: Providing a bridge to BloxOne cloud-based network services

Infoblox, the leader in Secure Cloud-Managed Network Services, announced new updates to its Network Identity Operating System (NIOS) platform, adding the ability to monitor NIOS via the cloud-based BloxOne platform, as well as improving performance and simplifying network monitoring for NIOS users.

This latest update enables organizations to deploy robust, manageable and cost-effective DNS, DHCP and IP address management (DDI) services to networks of any size, while providing a bridge to innovative, cloud-based networking services and IT management solutions.

New cloud-based technologies are transforming the environment in which businesses operate. The proliferation of private clouds and hybrid-clouds is making network administration more complex and network security more difficult.

NIOS 8.5 answers this challenge by helping customers bridge to cloud-based network services and by delivering enterprise-grade DDI services to evolving cloud and hybrid environments.

NIOS 8.5 now includes NIOS Grid Connector, which provides visibility of NIOS/Infoblox Grid data on the BloxOne Cloud Service portal, allowing network administrators to monitor both BloxOne DDI—the industry’s first cloud managed DDI solution for branch offices and remote locations—and NIOS from a single pane of glass.

NIOS 8.5 also adds support for Nutanix Acropolis Hypervisor (AHV), complementing existing support for VMware, Hyper-V and OpenStack Platform, as well as Google Cloud Platform, Amazon Web Services and Microsoft Azure.

And by leveraging Infoblox Network Insight, NIOS 8.5 discovers Meraki SD-WAN devices on a network, unifies IPAM visibility and facilitates the adoption of SD-WAN architectures for remote and branch office connectivity.

“Network and IT management is moving to the cloud in the same way that storage and computing has done in recent years,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox.

“NIOS 8.5 provides our customers with a bridge to the cloud, empowering IT managers to leverage the cloud to monitor their NIOS appliances through Infoblox’s BloxOne Cloud Service portal.”

“Furthermore, with NIOS 8.5, Infoblox provides the most comprehensive solution for hybrid and multi-cloud businesses,” he continued. “This gives our customers IPAM visibility and automation of IP address and DNS record management workflows for more cloud platforms than anyone else.”

Infoblox announces enterprise best practices for DoT/DoH

Infoblox, the leader in Secure Cloud-Managed Network Services, announced Enterprise best practices on DNS over TLS (also known as DoT) and DNS over HTTPS (DoH).

best practices DoT DoH

These DoT/DoH guidelines are based on Infoblox’s longtime commitment to providing customers with DDI services that enable them to easily and effectively secure their own DNS communications.

The DNS traffic problem

“DNS was not originally designed with security in mind and for this reason has traditionally suffered from what is known as the ‘last mile’ problem,” said Cricket Liu, Chief DNS Architect at Infoblox. “Communications between a DNS client and server are not usually encrypted, leaving users vulnerable to spoofing, interception and other types of attack.”

DoT and DoH were developed to help network users overcome this last mile problem and provide security for DNS traffic. Both standards allow users to secure DNS traffic by routing it through ports which can carry encrypted packets. However, in doing so, they both can be used to bypass internal DNS controls and direct DNS traffic to external resolvers. This is especially true for DoH, since it uses HTTPS.

“The last mile challenge has been an issue with DNS for a long time,” added Liu. “Developments like DoT and DoH are valuable efforts to address this problem, but when they are used to bypass a company’s internal DNS infrastructure or evade their security controls, a host of new challenges emerge for IT managers.”

DoT and DoH risks

These protocols can be used to access DNS services outside of corporate control, and can expose the entire organization to security risks, slow browser performance and adversely affect the user’s experience. In some cases, browser and application vendors even choose to opt users into these services without corporate consent. More than 90% of malware incidents and more than half of all ransomware and data theft attacks use DNS infrastructure. When internal DNS is bypassed, these threats go undetected.

DoH in particular can be problematic since it uses the same TCP port (443) as all HTTPS traffic, making it indistinguishable from regular HTTPS requests (for example, when surfing the web). As a result, it can be difficult to troubleshoot DoH-related DNS issues or maintain levels of network performance, security, scale and reliability that organizations need from DNS. It also introduces a covert channel for malware.

For example, recent versions of PsiXBot malware use DoH to encrypt malicious communications allowing it to hide in normal HTTPS traffic, and install malware that can steal data or add a victim to a botnet.

“While these new DNS privacy initiatives are necessary and valuable, network administrators and security teams must be aware of the risks that the DoT and DoH approaches raise,” said Liu.

To combat this, Infoblox recommends that companies block DoH traffic between internal IP addresses and external DNS servers, forcing employees to use their company’s IT-managed DNS infrastructure and ensuring that security policies are enforced.

BloxOne Threat Defense, a hybrid foundational security solution from Infoblox that uses DNS as the first line of defense, blocks resolution to DoH domains and facilitates a graceful fallback to existing internal DNS. This helps prevent DoH misuse and mitigates risk.

BloxOne Threat Defense includes the following features to help manage DoH:

  • Policy threat intelligence feeds for DoH, which provide the ability to control the DNS access method used to detect and mitigate threats by disabling DoH-based security policies. A threat intelligence feed containing canary domains is available to achieve this. Browsers will gracefully fallback to the organization’s managed DNS without interrupting user activity.
  • DoH-Policy feed for known DoH IPs and DoH domains added to Threat Intelligence Data Exchange, Infoblox’s threat intelligence aggregation and distribution platform, which can then be used by other security tools like NGFWs to block DoH traffic to external servers.
  • Ability to review DoH-related domains and IPs within Dossier, Infoblox’s threat investigation tool.

These capabilities are available for all BloxOne Threat Defense subscription levels.

Support for DoT and DoH will also be added to an upcoming NIOS release. This capability will enable customers to encrypt last-mile DNS communications between their endpoints and DNS servers regardless of which protocol the endpoint supports.

Infoblox is committed to helping customers maintain the network performance, security, scale, and reliability that modern enterprise networks demand. While solving the “last mile” problem is important and worthwhile, the company also recognizes that it is important for IT managers to maintain visibility and control over their DNS traffic. Infoblox will continue developing solutions to help IT managers and network administrators address these challenges in the future.

How IoT devices open a portal for chaos across the network

Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox.

shadow IoT devices

The report surveyed 2,650 IT professionals across the US, UK, Germany, Spain, the Netherlands and UAE to understand the state of shadow IoT in modern enterprises.

Number of shadow IoT devices growing exponentially

Shadow IoT devices are defined as IoT devices or sensors in active use within an organization without IT’s knowledge. These devices can be any number of connected technologies including laptops, mobile phones, tablets, fitness trackers or smart home gadgets like voice assistants that are managed outside of the IT department.

The survey found that over the past 12 months, a staggering 80% of IT professionals discovered shadow IoT devices connected to their network, and 29% found more than 20.

The report revealed that, in addition to the devices deployed by the IT team, organizations around the world have countless personal devices connecting to their network. The majority of enterprises (78%) have more than 1,000 devices connected to their corporate networks.

“There are more than 25 billion connected devices globally, and that number is increasing exponentially,” said Brad Bell, CIO of Infoblox.

“IoT devices empower us to live healthier lives, gain greater insight into the world around us, and improve the ways businesses operate. But they can also present a serious cybersecurity risk and create challenges for IT leaders in their efforts to maintain and protect their network.”

Threat to branch offices

89% of IT leaders were particularly concerned about shadow IoT devices connected to remote or branch locations of the business.

“As workforces evolve to include more remote and branch offices and enterprises continue to go through digital transformations, organizations need to focus on protecting their cloud-hosted services the same way in which they do at their main offices,” the report recommends.

“If not, enterprise IT teams will be left in the dark and unable to have visibility over what’s lurking on their networks.”

To manage the security threat posed by shadow IoT devices to the network, 89% of organizations have introduced a security policy for personal IoT devices. While most respondents believe these policies to be effective, levels of confidence range significantly across regions.

For example, 58% of IT professionals in the Netherlands feel their security policy for personal IoT devices is very effective, compared to just 34% of respondents in Spain.

“As the complexity of networks continues to increase, IT teams will need to leverage solutions that help simplify networking procedures and make it easier to identify and track the security policies of devices connected to their network,” continued Bell.

“If IT managers want to address the challenge posed by shadow IoT devices, they will need to find ways to bring them into the light.”

TrueFort expands Fortified Ecosystem to improve customers’ security posture

TrueFort, the application detection and response company, announced the continued expansion of the TrueFort Fortified Ecosystem. The company is building upon its previously announced partnership with CrowdStrike, and now adds Infoblox to the program.

To protect applications and enable organizations to achieve full, 360-degree understanding of their behavior and context, the TrueFort Fortress XDR platform has been optimized to consume vast amounts of real-time telemetry into its advanced analytics engine to be able to accurately identify internal and external threats across all vectors.

“Without open integration and information sharing between the various security controls available today, malicious actors will continue to have great success attacking enterprises,” said Ed Amoroso, CEO of TAG CYBER and former head of cybersecurity for AT&T.

“Ask any Chief Information Security Officer (CISO) today what risk they are most concerned about and the majority will point to threats that target business applications.”

This announcement reinforces the company’s commitment to its ecosystem approach, and in also helping customers extract maximum value from the TrueFort platform, and from their existing deployed investments in third-party products and data via open APIs and especially, bi-directional information sharing.

“Through the Ecosystem Exchange model, Infoblox customers now have yet another way to extend the value of our Core Network Services data,” said David Barry, Senior Director of Business Development at Infoblox.

“The TrueFort Fortress XDR platform’s ability to consume our telemetry enhances its application profiling for better policy management, while providing increased insight into unmanaged systems to fast-track application-layer threat detection.”

TrueFort also announced its membership in the Center for Internet Security SecureSuite which provides organizations access to multiple cybersecurity resources including the CIS-CAT Pro configuration assessment tool, build content, full-format CIS Benchmarks, and more.

In addition, TrueFort Fortress XDR is expanding its footprint of protected application environments with a new listing on the VMware Solution Exchange as a data center and network security solution.

“To improve our customers’ security posture while reducing operational overhead, as vendors we need to ensure smooth integration and information sharing between toolsets, while following industry best practices like the CIS benchmarks,” said Sameer Malhotra, CEO and Founder, TrueFort.

“Through initiatives like the TrueFort Fortified Ecosystem, we look forward to promoting industry collaboration in 2020 and beyond.”