DNS-focused network control company Infoblox has announced a further extension of their partnership with McAfee, that will see it redirect suspicious DNS traffic to the McAfee Web Gateway Cloud Services. This integrated solution plugs a DNS security gap, enabling deep visibility into DNS and Web traffic for malware scanning and SSL inspection.
This partnership is the latest stage in Infoblox’s evolution from a long-time DNS address management provider in the networking space to also having a major security focus.
“We have made a journey from being a pure network player to a security player as well,” said Krupa Srivatsan, Product Marketing Manager at Infoblox.
“Infoblox started in DNS address management, and has a leading share in that space, with about 50 per cent of the total market,” Srivatsan said.
In their first decade-plus of existence, they focused on that space, upgrading it eight years ago with a Grid architecture with a distributed database that consolidates and provides DR and centralized management. At this time, they also made the solution enterprise grade.
Their entry into the security market was more recent.
“That was five years ago, and was around threats using DNS,” Srivatsan said. “We could offer protection for the DNS layer that no one was providing. Our DNS firewall capability was our first foray into DNS security. The second was DNS-based DDoS accounts, which generic DDos protection vendors didn’t protect against.”
From there, they moved into DNS-based data exfiltration, using analytics on DNS queries, something that Srivatsan indicated still remains a differentiator for them
“In the last year and a half, we have added a lot of ecosystem integration, with Palo Alto, Carbon Black, McAfee and other SIEM vendors,” she said. “There are a couple of reasons why security vendors have not developed their own DNS protection. One is that DNS has been in the background for a while as a kind of ‘set and forget’ thing. It is now getting more attention, but it did not in the past. The second reason is that DNS expertise is needed, so that these vendors deem it better to partner with a best-of-breed player rather than invest themselves.”
Infoblox added threat intelligence capability in 2016 through the acquisition of IID.
“We have since beefed that up by partnering with others to further strengthen our threat intelligence feed,” Srivatsan said.
Infoblox’s evolution has led to refinements in how they go to market.
“As our technology developed, the partners we did business with changed, from having a pure network focus to adding more security shops, although there are some that do both,” said Dirk Venzlaff, Infoblox’s Director of Worldwide Business Development. “We have also narrowed the focus on how many partners we do business with globally, and better defined best practices. Before, there hadn’t been much discipline in the program. Now we have incents in place that give partners more for bringing in more. Deal registrations are super important for us.
“We have also deepened our integration between our product teams and marketing teams, and how we go to market in the channel, Venzlaff added. “Because we enhance other security solutions rather than compete with them, our partners tend to sell the adjacent technologies.”
Infoblox’s integration with the McAfee Web Gateway Service is the fourth partnering between the two companies, automating data sharing between Infoblox DNS, DHCP, IPAM, (DDI) and McAfee to provide McAfee customers with this complementary protection.
“Our first integration was with their ESM SIEM,” Srivatsan said. “The ESM integration with our ActiveTrust DNS security solution notified McAfee SIEM on DNS networking events and security defense, blocking them and sending it to their SIEM for further analysis. We then added support for McAfee DXL in the second half of last year, and can publish networking and security events as topics on that platform. Our third point of integration was deployment of endpoint agents with our SaaS-based AT Cloud DNA Security as a service, so that McAfee ePO can deploy them. That was in January.”
The new integration adds DNA web traffic inspection to McAfee Web Gateway, providing it with suspicious activity identified by Infoblox’s ActiveTrust Cloud.
“If they have our AT Cloud DNA Security-as-a-Service, it also adds a one-two punch for enhanced protection – DNA for the first step and web gateway as a second step,” Srivatsan said. It also offloads some of the burden from the Web Gateway, because we can block some things first.”
“It is a more natural deployment for core McAfee partners because of their familiarity with McAfee, but it’s something that can be of value to Infoblox-focused partners as well,” Venzlaff said. “We have mutual partners, but the sheer number of McAfee partners trumps us by tenfold, and can greatly expand our reach.”