The industry’s largest security show, the RSA Conference, kicks off this week in San Francisco, but many companies are getting ahead of it with announcements — including Infoblox Inc, the market leader in Domain Name System, Dynamic Host Configuration Protocol and IP address management, or DDI for short. It beat the news cycle last week when it announced a new go-to-market approach coupled with a new brand.
The new logo begins with a lowercase “i,” which is consistent with the shift many other brands have made, including Amazon.com Inc., Lenovo Group Ltd., Citibank, Facebook Inc. and so many others. By moving away from the traditional capital letter, companies are attempting to be more approachable as the logo is more casual versus a formal noun. The biggest change in the logo is the morphing of the grid. The previous mark was inspired by the company’s patented grid technology which was instrumental in the company’s early success.
The new logo represents the coming together of networking and security with the seven shapes combined to create a single diamond. It also signifies both stability and progression as Infoblox looks to the future to maintain its leadership in established markets and builds its presence in new growth areas. The colors of green and black are a much cleaner look than the multitude of colors the old logo had. Historically, Infoblox has addressed the needs of security and networking but now it’s time to bring these domains together.
In a pre-briefing with analysts, CEO Scott Harrell, who joined Infoblox after a 21-year career at Cisco, talked about the changing nature of both industries and why it’s time for networking and security to come together. “We want to be a company that can help other companies, in a world that never stops, by uniting network and security so that business can deliver the best performance and protection,” he told us.
The obvious question is how can a DDI provider, which has been a niche market historically, have that kind of impact. The answer is through DNS. Industry experts have called for security and networking to come together for decades, but it has been slow to happen, mostly because the technical benefits did not outweigh the stubbornness and protective nature of security and network professionals. In full disclosure, prior to being an analyst, I was in corporate information technology and lived this. During my time as a network professional, I had an almost adversarial relationship with the security team – they had their tools and we had ours.
Today, the world is quite different and has shifted to being network-centric. All the digital transformation building blocks – cloud, mobility, the internet of things, artificial intelligence and the like are all network-centric, and that changes the security equation. Historically, if an endpoint was breached, the malware would live on the endpoint. Now, because everything is connected, that malware can quickly make its way to a server, across the network, to other locations, and to anything the company network touches, including other companies. This is why breaches today are so massive in their reach and impact. The only way to combat modern threats is to tie networking to security so that if a breach happens, the path can be traced and the origin found quickly.
With that being, what’s Infoblox’s role in this? To understand that, one must first realize that the main focus area of fraudsters is attacking the actual workers and this is primarily done through user-directed attacks. Take phishing for example, phishing is getting a lot smarter and more accurate with AI tools. Modern phishing can fool a worker into believing an email came from their company leader and will cause the employee to log into a site that looks (known as a lookalike) like the company.
Harrell gave an example where a directed e-mail could send people to “lnfoblox.com” instead of “Infoblox.com” where the former has a lowercase “L,” making it indistinguishable to the user. This leads to credential theft as workers would input their username and password into the fake site. Most users tend to use the same credentials with all their apps, so once the fraudsters have access to one service, they’ll have access to others.
DNS plays a key role here because although the URLs may look the same, the DNS address is different. Infoblox has offered a DNS monitoring service since 2020 but announced it was customizable last week where businesses can configure their own set of domains for “lookalike” threat protection. Additionally, the company now provides new defenses against lookalike threats.
The technology specifically identifies suspicious and malicious lookalikes, including those that target multifactor authentication. These state-of-the-art attacks break the protective shield companies have come to rely on to protect their internal networks. No other vendor provides customers the ability to configure their own set of domains for customized lookalike threat protection, while also identifying and protecting them from lookalike domains to popular products and services. Also, Infoblox has developed new algorithms to identify suspicious and phishing lookalikes to customer-chosen monitored domains. This affords protection against spear phishing and brand abuse with alerts for suspicious activity that is tailored to their needs.
As part of the launch of the new service last week, Infoblox announced its Threat Intelligence Group discovered a toolkit called Decoy Dog, which is being used by threat actors to create anomalous DNS signatures which have been observed in the U.S., Europe, South America and Asia across a range of verticals. Many of these are directed back to a controller in Russia. In the blog post Infoblox issued on it, they provided all the technical information required to help companies protect against it.
As part of its RSA activities, the company released a report that provides a primer on lookalike domains, how they work and a number of examples of successful breaches. Examples span a crypto site, a government body and social media. I’ve talked with many companies that believe better user training can thwart phishing and related scams, but the reality is the attacks are so good they’re virtually indistinguishable to the worker – but DNS can tell the difference.
I’m expecting the convergence of networking and security to be a hot topic at RSA 2023 because the network is the only single source of truth when it comes to fighting cyberattacks. In my opinion, DNS security is the simplest and most effective starting point for any security strategy. It obviously won’t catch all malware, but it will get rid of a big chunk of it before it hits the enterprise network.