The situation triggered by the COVID-19 pandemic has led to the exponential growth of demand for remote working. Although remote working has been possible for a long time and there are many “home office” solutions, the current increase in demand that emerged overnight has forced organizations and companies to react quickly. According to observations by Atlas VPN, VPN traffic in Italy alone has increased by 112% in recent days.
That’s why, together with our partner Infoblox, we are offering 60 days of free BloxOne Threat Defense protection. Our Infoblox solution experts will provide every interested organization with online consultations to achieve effective and fast implementation.
Remote Secure Access and Infoblox BloxOne Threat Defense Cloud
Ensuring security is one of the key aspects of building remote working solutions. It’s particularly easy when preparing an ad-hoc solution to overlook something important, and equipment required to secure traffic between remote employees and company resources may simply not be available.
However, cloud solutions are generally available immediately. One of them is the Infoblox BloxOne Threat Defense Cloud.
Infoblox BloxOne Threat Defense Cloud offers the capacity to redirect DNS traffic through an encrypted communications channel to the Infoblox cloud to stop DNS-based cyber attacks.
The Infoblox Cloud thoroughly analyzes DNS traffic and captures attempts to use DNS as a communication channel for data theft, stops malware communication with Command & Control (C&C) servers, and allows you to block traffic to domains that don’t conform with policies set by the administrator. The administrator also gains access to a panel with information about the history of detected threats, which allows for fast identification of infected endpoints.
Lightweight client software and quick identification of infected endpoints
Infoblox BloxOne Threat Defense Cloud allows remote users to be protected by installing lightweight client software (for Windows and MacOS) – BloxOne Endpoint. This software redirects DNS queries from the local device to DNS servers operating in the BloxOne Threat Defense Cloud through an encrypted channel. BloxOne Endpoint sends the device name and MAC address to the cloud with each DNS query, which allows for quick identification of infected endpoints using the Cloud Service Portal. The Portal also provides a set of tools (Dossier and Infoblox Threat Research) to support threat analysis.
VPN and anti-virus software are not enough to protect remote workstations. Most of the current attack vectors are mainly emails with malicious attachments and links to infected websites.
Zero-Day security
In cases where a user manually initiates an SSL–VPN session, the security of the workstation often relies only on anti-virus software until the session is initiated. Protection often includes only inspection of static attack signatures and reputation databases. It often takes categorization engines more than 48 hours to classify domain names used in cyber attacks – a time during which, for example, a phishing campaign can be long over. BloxOne Threat Defense Cloud closes this gap and protects from “Zero Day” attacks in two ways:
- Behavioural analysis of DNS queries that allow for detection of anomalies and C&C traffic on the fly without relying on reputation databases
- Using reputation databases of newly observed domains (such as SURBL Fresh RPZ) to block domains that were registered within the last 24–48 hours.
Additionally, BloxOne Threat Defense Cloud allows for blocking communication attempts through DNS-over-HTTP (DoH), which is increasingly used by malware developers.