SANTA CLARA, CA--(Marketwire - September 29, 2008) - Infoblox Inc. today announced enhancements
to its full line of core network services (CNS) appliances to provide
unique DNS security capabilities such as alerting, reporting, and attack
mitigation. These capabilities along with the automated software update
capabilities of Infoblox grid technology -- which links multiple Infoblox
appliances into a unified system for central management and control -- can
help enterprises thwart current and future DNS vulnerability exploits.
The security, reliability and manageability of core network services --
including domain name resolution (DNS), IP address assignment (DHCP), IP
address management (IPAM) and others -- directly impact the availability
and security of critical network applications, such as email, web services,
Microsoft Active Directory, Voice over IP (VoIP) and wireless.
An exploit recently discovered by security researcher Dan Kaminsky that
makes it relatively easy to execute a DNS "cache poisoning" attack
underscores how critical DNS security is to the functioning of other
Internet programs. Cache poisoning enables an attacker to redirect Web
traffic -- including ecommerce transactions and email -- from legitimate
sites to malicious sites controlled by hackers and criminals without any
action by end users and usually without detection. Although a short-term
fix has been implemented for the recently discovered exploit, experts agree
that there are going to be other critical vulnerabilities discovered in DNS
followed by new exploits and attacks. As such, the ability to quickly
react and patch DNS is essential to maintaining a secure infrastructure in
the future.
Dan Kaminsky commented, "Everything breaks when DNS breaks. The new DNS
vulnerability affects more than web browsers. It potentially hits
everything from the auto-update systems that download software upgrades and
vendors' websites to phone calls placed over the Internet via VoIP
technology. This is a pervasive problem that requires a holistic approach,
starting with a 'best practices' DNS architecture and including processes
and systems to quickly patch production DNS systems when new
vulnerabilities and exploits are released."
Infoblox Vice President of Marketing, Richard Kagan, commented, "Paying
attention to DNS security has always been important, but the new DNS
exploit illustrates the inextricable link between DNS integrity and the
security of virtually all Internet applications. We are committed to
providing solutions that not only address today's threats but that also
provide a lasting ability to provide protection as new attacks emerge.
Moreover, we will continue to work closely with the DNS community to
develop and deliver the next-generation of DNS protocol technology with a
more robust security architecture."
Infoblox DNS Security Enhancements Provide Enterprises with a "DNS
Firewall"
The Infoblox appliance-based solution provides immediate protection against
the DNS exploit discovered by Kaminsky and also provides features that will
be essential for detecting and thwarting future attacks. Infoblox's newest
NIOS release, version 4.3r2, includes several new security features that
monitor DNS protocol traffic, provide reports and proactive alerts when an
attack is in progress, and a means to automatically mitigate attacks.
The new features monitor multiple indicators of an attack in-progress, such
as mis-matched UDP ports and DNS Query IDs, and send email and/or SNMP
traps when the traffic pattern is consistent with an attack. This enables
IT administrators to take preventive actions. For example, the new NIOS
software also includes a command to throttle or completely deny connections
from a specific DNS server, allowing the administrator to mitigate or stop
an attack.
Infoblox's hardened NIOS™ operating system and unique grid technology
provide lasting protection against future attacks. Infoblox grid
technology makes it possible to patch and upgrade dozens or hundreds of
appliances with a single command, in a production network, without
incurring DNS service downtime. This is essential to enabling fast
response when new attacks are unleashed in the wild.
Organizations can protect their existing DNS infrastructure quickly and
easily, without major changes, by installing a layer of hardened Infoblox
appliances configured as forwarders between the Internet and their current,
Internet-facing DNS servers. The hardened Infoblox systems with DNS
monitoring, alerting, reporting, mitigation and one-button, no-downtime
upgrades essentially provide a "DNS firewall" -- the most flexible, dynamic
protection available for dealing with the new DNS security arms race.
After a one-click grid upgrade to secure all appliances against the new DNS
vulnerability, Michael L. Hershberger, infrastructure architect at
Armstrong World Industries, Inc., a global leader in the design and
manufacture of floors, ceilings and cabinets, commented: "That was too
easy; much better than upgrading standard servers with BIND."
Additional IPAM Enhancements Increase Automation and Simplify
Administration
The newest version of Infoblox's NIOS operating system also includes a
number of key IP address management features that help simplify
administration, especially for large, highly distributed organizations:
-- Network discovery: Enables an administrator to obtain a detailed view
of the devices actually connected to the network; reconciliation makes it
easy to align the Infoblox IPAM database with the actual state of the
network, providing a means to find lost assets and detect rogue devices.
-- Role-based administration: Ensures that administrators are only given
access to view and modify specific core network services attributes -- down
to the object level -- consistent with their functional role, limiting and
preventing errors and enabling delegated administration without
compromising system security or availability along with full auditing for
compliance.
-- Overlapping networks: Allows customers to have multiple instances of
the same network address space in a single grid with a common management
interface; multiple networks can be viewed and managed simultaneously,
without opening and closing different configuration sets.
Pricing and Availability
The new Infoblox NIOS software version 4.3r2 is now available. Pricing for
the solution on the Infoblox-250 appliance starts at $2,495 in the U.S.
Software upgrades are available free of charge for all current customers
with a valid maintenance contract.
About Infoblox
Infoblox appliances deliver utility-grade core network services, including
domain name resolution (DNS), IP address assignment and management
(IPAM/DHCP), authentication (RADIUS) and related services. Infoblox
solutions, which provide the essential "glue" between networks and
applications, are used by over 2,300 organizations worldwide, including
over 100 of the Fortune 500. The company is headquartered in Santa Clara,
Calif., and operates in more than 30 countries. For more information, call
+1.408.625.4200, email
info@infoblox.com, or visit
www.infoblox.com.
Contact Information: Media Contacts:
Jennifer Jasper
Infoblox
408.625.4309