It’s a bit of a mess. Over the years you’ve bought a bunch of security tools and platforms to address the threat du jour. You have your AV, your Intrusion Detection System (IDS), your next gen firewall (NGFW), your NAC system, and on and on. But somehow you are still vulnerable, and you know it. Your CFO has security buyer fatigue, and the non-existent security staff you don’t have must somehow bridge the gaps between all these platforms that are not integrated in the slightest. Now you’ve got to contend with protecting the data, assets, users and application who are on the road, deployed in public cloud or in a SaaS application. Oh, and you’ve got that SD-WAN project that means your finely crafted security stack at HQ is bypassed as applications break out at the remote site, and that line of business has decided to roll out those IoT applications using the same network as your finance app. Sound familiar?
Time for a new approach. We’ve got to get that plethora of tools and platforms into a cohesive architecture that can provide ubiquitous protection and provide the necessary oil to grease the wheels of your security operations tools (SIEM/SOAR). But you know you can’t deploy more boxes; you’ve already deployed more than you can manage.
Impossible task?
Maybe, but maybe not. Because you already have an architecture, a platform that is ubiquitous, that sees every device, user and application that utilizes the network. A platform that scales to Internet proportions, that can adapt to the changes in network architecture that digital transformation is demanding. One that delivers a level of automation that is second nature to it, but which is somehow alien to your fragmented security deployment. The control plane for your adversary should be the control plane, the underpinning of your assortment of security tools that will deliver a secure foundation that will bridge those islands of security you have built over the years.
What we’re talking about is your DNS/DHCP infrastructure. Use the gold mine of network context – DNS query logs and DHCP lease information – to help your security operations teams put the threats they receive in their SOAR/SIEM tools into context to prioritize event management and accelerate incident response. Infuse your existing security tools and platforms with the context that allows them to make smarter, more automated threat detection and response decisions. The data is there and with the Infoblox CyberSecurity Ecosystem integrations with vulnerability management systems, NAC tools, SIEM products, and others, that gold is ready to be mined.
Infoblox security architecture can provide a highly scalable hybrid architecture that allows a threat detected in your roaming user community to be automatically blocked and contained for your corporate users, your data center and public clouds, and all delivered automatically using well established industry standards. Take a look at Infoblox’s new BloxOne Threat Defense, and see how it can help you build a secure, flexible foundational security architecture based on the DNS infrastructure you have already built.
***
This post was written by Craig Sanderson, Vice President of Security Products at Infoblox. Thanks to Infoblox for being our first partner blog contributor!