With cybercriminals expanding their targets, security systems and innovative solutions are becoming more in demand. In this exclusive interview, Jesper Andersen, President and CEO, Infoblox talks about the growing set of threats against DNS and the company's solutions to minimize security risks.
What is driving DNS threats to increase?
Cyber terrorism is similar to the cat and mouse game. The bad people find their way to penetrate an organization and steal information whereas the good people develop technologies and processes to close the holes as they appear. We've done a good job as an industry- we've fortified the desktop with endpoint security solutions, then we moved to the network and built our firewalls and intrusion prevention systems, and now as the attack vectors have moved into the application layer, we've seen an entirely new security industry emerge with web-application firewalls, next-generation firewalls etc.
Over the last two years, there has been a growing set of threats and attacks against Domain Name Systems (DNS) directly. DNS is becoming an ever more critical core network service. If a company's DNS services are down, the company won't be able to get to the internet and its customers or partners won't have access to its website. Therefore, if cybercriminals want to hurt a company and manage to take down its DNS infrastructure, the enterprise will be closed for business. This kind of attacks has led to the wave of Distributed Denial of Service (DDoS) attacks. Then companies like Infoblox came up with technologies to help prevent or at least prepare for the prevention from DDoS attacks. Today, we are seeing a new wave of other attacks on DNS - data exfiltration using DNS.
How is Bring Your Own Device (BYOD) influencing demands on security systems?
Through the BYOD phenomenon, employees are using their own private devices in public places using public Wi-Fi. Thus, when they go to these places, the business they work for has no control over these devices and no visibility into what networks they get on to, which in some cases may be unsecure. Moreover, even if a company requests its employees to log on to its network by VPN, not every worker would abide by the rule since they wouldn't want the company to see every website they go to. Subsequently, that leads to malware getting on the devices when siting in those unsecure locations.
The problem today is about employees taking their own devices to the workplace. Once the device is on the corporate network, you can safely assume that they will be bringing malware into the network. There are various techniques of dealing with that. BYOD is a challenge for businesses today. Some businesses prohibit their employees from using their personal devices on the company's network, but that is a losing proposition. The best solution for companies is to secure their network and accept that they don't have full control over these devices. Moreover, they need to accept that it is not a question of "What if I get a malware on my network" but "When will I get". In addition, they need to ensure that the malware is contained through the best possible solutions. That includes a great perimeter defense with the latest next generation firewall and comprehensive DNS security through solutions from the likes of Infloblox.
What are the other threats posed by cloud that businesses are facing nowadays?
Cloud brings an additional challenge. Not only workers bring in additional devices into the workplace but also a company increasingly runs its applications in data centers that it doesn't control. Giving an example, if a company was to run its ERP applications in the cloud, how would it know if they are secure? Companies can run this in different ways. They could buy ERP services from SAP and trust them with running it in the cloud. Alternatively, they can take an on-premise ERP and host it with a co-location partner, which means that someone else owns the data center. However, not all of these centers are equally secure, and that is the added risk with cloud. In cloud, we are moving into the hyper cloud world. How would a company -in that world- know if the cloud providers they are working with are secure? Thus, solutions like those provided by Infoblox, which give visibility and control in all those cloud scenarios, are necessary in order to minimize security exposure.
Are cybercriminals after businesses within a specific industry?
It is said that cybercriminals are mainly after financial services since the potential for financial gains could be big. However, every day we see cybercriminals going after personal data and user information, which includes data from government agencies as well as retail businesses. I don't think that any industry can say that it is safe from cyber attackers.
What are the most common attacks that you see in the UAE and the Middle East in general?
The UAE is witnessing a similar pattern to that in other parts of the world. There are some macro political stability challenges and wars happening in the Middle East. Cyber terrorists are increasingly behind this, spying on citizens and other nations, trying to gain access into systems, and that is very scary. Therefore, whenever there is personal information in the systems, both governments and large enterprises in this part of the world need to seriously consider robust cybersecurity measures.
What is the best way for businesses to detect malware attacks before they spread?
Businesses need to have good holistic security solutions in all the areas of the enterprise and not rely only on one vendor. No single vendor can really secure businesses. Enterprises should have a reliable systems integrator partner to implement best of breed solutions based on open standards that all integrate well with each other and the IT infrastructure. They need best Next-Gen Firewalls in addition to the best Sandboxing solution as well as the best security analytical solutions and of course the best DNS security solution such as the one Infoblox provides.
How would you describe Infoblox's presence in the Middle East and Africa?
We have been operating in the region for many years. Middle East and Africa is very important to us, as it is our fastest growing market in the world. Over the last 18 months, we have more than tripled the number of employees and opened offices in Dubai, Saudi Arabia, Turkey and South Africa. Undoubtedly, this investment does not come without business results.
What are your latest solutions that help manage the exposure of DNS servers in the Middle East?
Some of the latest things that we are working on is leveraging sophisticated analytics to detect patterns of data exfiltration. Malware used to be simple. It would get on our laptops and have a Hard-Coded URL that it would contact to get instructions about what to do.
Cybercriminals are becoming more sophisticated and we are seeing malwares randomly generating domain names. The pattern between their attacks is randomized. The only way to defeat that kind of randomized system is by using sophisticated analytics and machine learning. Those are some of the things that we are investing in. Thus, if a vendor wants to be serious in this market, they need to spend a lot on Research & Development.
Can you share with us more details on your solution that features Identity Mapping?
Any malware needs to do a DNS query in order to contact the command center. Infoblox can see that query because we serve it. In addition to that, we handle the IP addresses. Thus we know the IP address of the client who made the query. However, if that is a server on the network, many people may login to it and this is where Identity Mapping comes in. It bridges the gap between network security and user identity by intelligently correlating two previously separate sets of data, making it easier for network administrators to locate the source of security events, track mobile devices, monitor network usage and more.
How do you plan to steal a march on your competitors and combat cyberattacks further?
The most important thing is to invest in people and products. One cannot provide products without having great people. Thus, we will continue on working with knowledgeable people and partners.
© Capital Business 2015
