What is a Data Loss Prevention (DLP)?
Data loss prevention (also known as DLP, data loss protection, data leak prevention, information loss prevention, or extrusion prevention) Is a strategy for seeking to prevent sensitive or critical information from being extracted from your corporate network. The term is also used to describe software products that help a network administrator control what data can be transferred outside your corporate network.
According to a recent survey, 46% of respondents experienced DNS-based data exfiltration and 45% experienced DNS tunneling. Malware and data theft are pervasive largely because conventional cybersecurity solutions such as secure email gateway (SEG), secure web gateway (SWG), next generation firewall (NGFW), data loss prevention (DLP) and intrusion prevention systems (IPS) are not designed to protect DNS.
DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission.
Adoption of DLP is being driven by insider threats and by more rigorous state privacy laws, many of which have stringent data protection or access components. In addition to being able to monitor and control endpoint activities, some data loss prevention tools can also be used to filter data streams on the corporate network and protect data in motion.
Infoblox Solutions for Data Loss Prevention (DLP)
Infoblox Data Protection and Malware Mitigation Solution is designed to address the DNS security gap described above. The Infoblox solution provides:
- Disruption of the cyber kill chain to limit malware proliferation
- Detection and protection against known and zero-day data exfiltration
- Deep visibility into the network
- Centralized reporting that can be leveraged for further analysis and planning
Disruption of Cyber Kill Chain Focus on the DNS control plane
The Infoblox solution for data protection and malware mitigation uses a multi-pronged approach to threat detection using a combination of reputation, signature and behavioral methods. It proactively contains malware such as phishing, ransomware and more, and stops command and control communications at the DNS choke point. It enforces policy using up-to-date threat intelligence that has been aggregated, verified and curated by an in-house threat research team. Available as an on-premises solution or as a service delivered from the cloud, the solution protects users wherever they are—within headquarters, roaming, or in remote offices/branch offices.
Extending Data Loss Protection across your Security infrastructure
By sharing the DNS indicators of compromise with security ecosystem tools such as next-generation endpoint protection (NGEP), NAC, vulnerability scanners, and SIEM, the solution protects against lateral movement of threats.
DNS Data Exfiltration Protection
The number one goal of malware is to steal sensitive information. There may be several ways of getting to sensitive data, but the pathway that is often left open and under-protected is DNS. Malicious actors know this and use DNS tunneling and other sophisticated zero-day methods to exfiltrate data over DNS queries. The Infoblox solution for data protection and malware mitigation uses a combination of reputation, signatures and behavioral analytics to detect not just standard DNS tunnels but also zero-day techniques that could be low and slow and happen over longer periods of time. This solution is offered both on-premises and in the cloud.
Deep Visibility
With Infoblox, you get end-to-end visibility into infected endpoints wherever they are and actionable context, including user name, MAC address, device type, and lease history, to hasten remediation. An integrated and sophisticated threat investigation tool enables rapid investigation and provides detailed information on threat actors, campaigns, and associated breaches for deep analysis.
Unified Reporting and Mining Valuable Historical DNS Data
Infoblox provides detailed and centralized reporting for on-premises and cloud-delivered solutions that:
- Harnesses rich network data to gain actionable insights
- Monitors and analyzes your network, devices, and applications
- Provides details on malicious activities and infected devices
Learn more about data loss prevention and related technologies
- SANS 2023 Survey: Visibility and Attack Surface – White Paper
- Preventing DNS-based Data Exfiltration – Solution Note
- Data Exfiltration and DNS – Whitepaper
FROM THE INFOBLOX COMMUNITY
ABOUT INFOBLOX
Infoblox unites networking and security to deliver unmatched performance and protection. Trusted by Fortune 100 companies and emerging innovators, we provide real-time visibility and control over who and what connects to your network, so your organization runs faster and stops threats earlier.