Fuelled through behavioural analytics, machine learning and up-to-date threat intelligence data at the DNS layer, the comprehensive solution can identify potentially infected devices and block DNS-based data exfiltration, including zero-day attacks. Suspicious traffic is redirected from those devices to the McAfee® Web Gateway Cloud Services for deeper levels of content inspection including malware scanning and SSL inspection. Additionally, by sharing indicators of compromise and threat intelligence between Infoblox ActiveTrust® suite and McAfee Data Exchange Layer, organisations can gain visibility into DNS security events, consolidate security tools, and enable security orchestration to speed up incident response and remediation.
“Infoblox, a leader in DNS security, together with McAfee, a device-to-cloud cybersecurity leader, can now help organisations bridge the gap between security tools and enable workflow orchestration across solutions,” said Kanaiya Vasani, vice president of business development at Infoblox. “Leveraging DNS as the first line of defence, this partnership will provide enhanced protection against attacks, help to identify malicious behaviour and enforce content policies. Using McAfee’s cybersecurity suite allows further inspection of traffic, more granular policies for content filtering and orchestration of workflows for automated remediation.”
The integration unifies domain blocking and HTTP security to provide broader protection for mutual customers. Capabilities include:
?Proactive and adaptive protection on various layers of a connection attempts, with increased web traffic inspection by McAfee Web Gateway for suspicious, but not yet convicted connections identified by Infoblox ActiveTrust® Cloud.
?Broader threat intelligence leveraging the combined capabilities of McAfee and Infoblox threat intelligence for better protection.
?Faster detection of malicious traffic and data exfiltration originating from infected endpoints or suspicious users, regardless of its location. The automatic redirection by ActiveTrust Cloud to McAfee Web Gateway ensures that enterprise data is protected in real time.
“Lack of interoperability and the inability to share threat intelligence across security solutions inhibits an organisation's capability to effectively respond to the growing and ever-changing threats,” said DJ Long, head of McAfee Security Innovation Alliance. “The integration between McAfee and Infoblox enriches an organisation’s ability to provide protection for non-web protocols via DNS, while improving the visibility into web traffic and enabling customers to share threat indicator for faster and more effective response.”