Beruflich Dokumente
Kultur Dokumente
20 December
12:00-13:00 GMT
Vision
Inspiring a Safe and Secure Cyber World
Mission
Support and provide members and
constituents with credentials, resources, and
leadership to address cyber, information,
software and infrastructure security to deliver
value to society
125,000+ 23,000+
members members
worldwide EMEA
Bringing the Professional Community Together
Tackling issues and challenges in cybersecurity
Register Online
#ISC2SUMMITS
Visit www.isc2.org/memberbenefits
(ISC)2 EMEA Secure Webinars
Security Briefings
eSummits
ThinkTank Roundtables
CISO Says
Housekeeping
6
More CPE Events with Infoblox
Earn automatic (ISC)2 CPEs by attending any of Infoblox’s Exchange Security & Data Center
EMEA Road Tour events
http://www.infobloxemea.com/roadtour/
7
Is DNS Part of Your Cyber Strategy?
Gary Cox, CISSP – Technical Director, UK and Ireland
December 20th 2017
8
8 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Rights
Rights Reserved.
Reserved. COMPANY CONFIDENTIAL
9
9 || ©©2017
2013 Infoblox
Infoblox Inc.
Inc. All All Rights
Rights Reserved.
Reserved. COMPANY CONFIDENTIAL
About Infoblox…..
You may not think you know much about the Domain Name
System (DNS) but whenever you use the Internet, you use
DNS. Every time you send electronic mail or surf the World
Wide Web, you rely on the Domain Name System.
0%
5%
10%
15%
25%
30%
35%
40%
45%
50%
20%
Threats
Ransomware
Insider threat
Spoofing of identity or
access credentials
Questionable transactions
Corporate or foreign
government espionage
Compromise of DNS
infrastructure enabling
stealing and exfiltrating data
Information disclosure, such
as to Wikileaks
Once
Other
Multiple Times
What do you consider to be the top threats to the security of your sensitive data? Please indicate whether these have occurred in your organization one or more
Ransomware, DDoS and Data Loss Remain Top
12
In last 12 months:
2 4 6
1 3 5 7
Signature
DO NOT allow
Any -> Port 53
“packet inspection”
Internal
Clients
So where does DNS fit in the Cyber Strategy?
•To detect
More and block
places suspicious
than you mightand malicious traffic
think.…
•As highly focused indicators of compromise
•As part of your DLP Strategy
Sophisticated (zero-day)
Infected endpoint gets access to file containing
sensitive data Attacker controller
It encrypts and converts info into encoded format server- thief.com
INTERNET
NameMarySmith.foo.thief.com
(C&C) MRN100045429886.foo.thief.com
DOB10191952.foo.thief.com
Text broken into chunks and sent via DNS using
C&C commands
hostname.subdomain or TXT records Data
ENTERPRISE
Data Exfiltration via host/subdomain DNS server
Simplified/unencrypted example:
NameMarySmith.foo.thief.com
MRN100045429886.foo.thief.com
MarySmith.foo.thief.com DOB10191952.foo.thief.com
Infected
SSN-543112197.foo.thief.com endpoint
DOB-04-10-1999.foo.thief.com
MRN100045429886.foo.thief.com
DNS based Data Exfiltration (cont.)
Here is an example….
Infoblox Cyber Security Ecosystem
JSON CSV
REST CEF
Data Connector STIX CEF
RPZ STIX
Custom REST
27 | | ©©2017
27 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved. COMPANY CONFIDENTIAL
Further reading
•https://community.infoblox.com/t5/Security-Blog/SURBL-amp-Threat-
Intelligence/ba-p/8972
•https://www.farsightsecurity.com/solutions/threat-intelligence-
team/newly-observed-domains/
•https://www.infoblox.com/solutions/cybersecurity-ecosystem/
•https://www.infoblox.com/glossary/domain-name-system-security-
extensions-dnssec/
•https://dmarcguide.globalcyberalliance.org/#/
MARCHITECTURE: WHERE IT FITS | SOLUTION DIAGRAM
Cloud-based Recursive/Caching
(ActiveTrust® Cloud)
29 | | ©©2017
29 2013 Infoblox
Infoblox Inc.
Inc. All All Reserved.
Rights Rights Reserved. COMPANY CONFIDENTIAL
More CPE Events with Infoblox
Earn automatic (ISC)2 CPEs by attending any of Infoblox’s Exchange Security & Data Center
EMEA Road Tour events
http://www.infobloxemea.com/roadtour/
30
Q&A
31
1 CPE for this session will be uploaded to (ISC)2 members’ accounts
https://www.isc2.org/
32
If you would like to deliver a webinar, get your company involved or have
any content related questions, email Patricia
preiner@isc2.org
https://www.isc2.org/
33
Thank you for listening
www.isc2.org
34