Infoblox: Company Update. Thomas Gerch Account Executive Infoblox, Date 30 march, 2017 Bern

Transcription

1 Infoblox: Company Update Thomas Gerch Account Executive Infoblox, Date 30 march, 2017 Bern

2 Agenda Challenges and IT Key Initiatives The Core IB Portfolio Overview Security, DNS a valuable target? Virtualization, Cloud & Security Ecosystem Integration The Infoblox Value Applicable to the Key IT Initiatives Strategy & Alliance Partner

3 Robust Networks: The Bedrock of the Modern Business Smart Secure Available

4 Challenges Common Across Several IT Initiatives N/W Transformation Virtualization Hybrid Cloud Public Cloud SD WAN NFV Data Exfiltration DDoS protection Malware Detection Analytics Internal Policy Regulatory Mandates IoT E-commerce Digital Transformation E-communication Next Generation Data Center Security Compliance Digital Economy

5 Evolving Network & User Environment People Things Threats Cloud Data +25% +30% +26% +13% +22% 3.4 Billion 1 Active internet users worldwide in Billion 2 Connected devices by 2020, +30% over last year 430 Million 3 Unique pieces of malware in 2015, up 36% 71% 4 Hybrid cloud adoption by enterprises in Zeta Bytes 5 Annual global IP traffic by Internet Live Stats (

6 Scale, Diversity & Volume Drive Complexity Control Secure Analyze Manual Processes Organizational Silos Inefficient $ Expensive Vulnerable Evolving Threats X Limited Context Intelligence Silos Lack Visibility Uninformed Decisions Technology Silos Slow Remediation

7 The Core what Infoblox deliver Open: APIs Plattformen (Openstack, AWS, Vmware) Intgration: Cisco ISE, Carbon Black, FireEye, Logrythm, Arcsight, Qualys, Reporting DNS IPAM DHCP

8 Subscriptions The Infoblox Product Portfolio Security Core Network Services IP Address Management Network Automation Advanced DNS Protection Infoblox DDI: (DNS, DHCP, IPAM) IPAM NetMRI DNS FW + Threat Insight Active Trust Cloud Cloud Network Automation Cloud Platform Appliances DDI for Amazon Web Services (AWS + Azure) Network Insight IPAM for Microsoft (Windows Server) Automation Change Manager Cybersecurity Ecosystem DNS Traffic Control Infoblox Reporting and Analytics Infoblox Grid Real-time Network Database Physical & Virtual Appliances

9 SECURITY Is the DNS Protocol a valuable target?

10 DNS is a Key Threat Vector for Malware Spread Infoblox DNS Threat Index at all-time high Infrastructure known to host or facilitate ransomware grew just over 35x Exploit kits still the dominant category less sophisticated criminals are being enabled by more mature ones that sell exploit kits, pre-weaponized Infoblox DNS Threat Index Over 91% percent malware uses DNS to 1 Communicate with Command and Control (C&C) servers Exfiltrate data Redirect traffic to malicious sites Existing security controls lack visibility into DNS based malware Source: 1. Cisco 2016 Annual Security Report

11 MALWARE: Easy to Let In, Tough to get Out 91% Of malware uses DNS to carry out campaigns 431M New unique pieces of malware in 2015 # No. 1 Malware C&C is #1 responsible vector for crimware

12 DATA THEFT: One Byte is Too Much 46% Of large businesses have experienced data exfiltration >$3.8M The average cost of a single data theft occurance

13 Infoblox Acquires IID February 8, 2016: Acquisition of privately held IID, a leader in global cyberthreat intelligence Leader in providing verified Machine Readable Threat Intelligence (MRTI) using thousands of sources incl. internal cyber threat research experts Native threat intelligence on malicious domains and IP addresses Unique federated platform for curating and sharing data 100+ customers (federal civilian agencies, financial services organizations, Internet companies, security vendors) Cloud based services extend protection to off-premise devices 63 full time employees; headquartered in Tacoma, Washington

14 Solution ActiveTrust Infoblox DNS Firewall Threat Intelligence Data Exchange (TIDE) Infoblox Dossier

15 Infoblox DNS Firewall Stop Malware C&C Communications via DNS with: Multiple Response Policy Zones (RPZs) Latest Threat Intelligence Feed via Cloud Security Portal (CSP) Integration into Cybersecurity Ecosystem

16 Easily Aggregate Data - TIDE Includes both internal and external sources Third-party threat data feeds from multiple vendors Normalize data to ease consumption Automation of data collection

17 High Quality Data - TIDE Timely ensure that data is most current and delivered when required Reliable data is curated by research team Accurate data sets <.01% historic false positive rate Contextual why it s a threat and related threat indicators Easy-to-use multiple output formats (JSON, CSV, RPZ, etc.) supported for third-party integration

18 Flexible Data Distribution - TIDE Infoblox DNS Firewall RPZ zones Existing cybersecurity infrastructure such as NGFW, SIEM, NAC, Vulnerability Management, ATP, and End Point Security

19 ActiveTrust - Architecture ActiveTrust Threat Intelligence Data Exchange (TIDE) Threat intelligence Various output formats supported for third party systems - custom Delivered via Cloud Security Portal (CSP) Pre-integrated, RPZ files ready for use Infoblox DNS Firewall (on premise) Easily provide outbound indicators of compromise to third party system(s) to act on out of the box Cybersecurity ecosystem technologies: SIEM, NGFW, vulnerability scanner, NAC, endpoint security, filter, web proxy

20 ActiveTrust Tiers ActiveTrust Standard ActiveTrust Plus ActiveTrust Advanced Annual Subscription Licensed By Appliance by model Organization by protected user Organization by protected user Zones (RPZs) Infoblox Infrastructure only Standard (4) Standard (4) + Advanced (5) + SURBL (2) Standard (4) + Advanced (5) + SURBL (2) Infoblox Data via TIDE Third party infrastructure No ONE of Hostnames or IP Addresses or URLs ALL of Hostnames IP Addresses URLs Dossier No (Cloud Services Portal with threat lookup only) 32,000 queries/year 65,000 queries/year

21 Solution: ActiveTrust Cloud Protecting Users Everywhere - on and off Premises

22 Workflow Scenarios

23 ActiveTrust Cloud Std. DNS FW Infoblox Threat Data 4 reputation datasets Threat Intelligence Data Exchange (TIDE) Data for 3 rd party system (NGFW) (HN, URLs & IP addr.) 3rd party /market feeds Govt. data feeds * (future) N/A Dossier (queries) Threat Insight Plus Standard (4) + Advanced (5) + SURBL (2) Only with AT N/A N/A 32K / year Adv. (future) Standard (4) + Advanced (5) + SURBL (2) Only with AT N/A N/A 65K / year * Requires government approval ActiveTrust Endpoint (for client)

24 Components DNS Firewall/DNS Response Policy Zones (RPZs) Threat Insight - Data Exfiltration Prevention Verified Threat Intelligence ActiveTrust Endpoint Cloud Services Portal Reporting and Analytics Dossier - Threat Investigation Recursive DNS Services ActiveTrust Cloud tightly integrates with on-premises DDI for enriched visibility and ecosystem integrations

25 ActiveTrust Cloud Features DNS Firewall/DNS Response Policy Zones (RPZs) Cloud Services Portal Threat Insight Data Exfiltration Prevention Reporting and Analytics Threat Intelligence Data Dossier Threat Investigation Lightweight Endpoint Client Recursive DNS Services ActiveTrust Cloud tightly integrates with on-premises DDI for enriched visibility and ecosystem integrations

26 AT / AT Cloud Benefits Summary Enable Actionable Network Intelligence with Flexible Threat Intelligence Integrated into Your DDI Environment on or off Prem Acquire curated threat intelligence from external and internal sources and selectively distribute data Apply threat intel data to DNS Firewall preventing malware communications with C&C hosts Quickly investigate threat indicators for context and prioritization Easily deploy threat data, using pre-built integrations with your existing security infrastructure, to remediate threats and prevent future attacks

27 Virtualization, Cloud & Ecosystem automation Provides a integration Platform with API communication (r&w), API Output for triggering Provide more automated processes and integration with Security Vendors Manuel and disconnected processes become more efficient fully automated Flexible deployment, more efficient and decrease operating costs Infoblox deliver automated Network Intelligence between Solutions Plug In s available for multiple vendors (VM, OpenStack, AWS, Azure, etc.)

28 Our Security Ecosystem Expanding Aggressively You name it! Current Integrations Future Firewall IPS/Sandboxing

29 End-Point Security Infoblox and Bit 9 + Carbon Black Infoblox sends alert to Carbon Black Infoblox identifies domain associated with data exfiltration and blocks connection Infected endpoint attempts data exfiltration Carbon Black correlates endpoint, network data and remediates infected endpoint automatically Kills endpoint process, preserves evidence Updates security policy [kill process] on all endpoints

30 Cloud Solution Infoblox Technology Integrations Broadest level of Cloud platform support in the industry

31 Cloud Ecosystem Solutions available today Partner/ Technology Infoblox/Partner Developed Integration Type VMware Infoblox Infoblox developed plugin for IPAM and DNS Automation for VMware vrealize Automation and vcloud Director. Integration Pack for Log Insight. OpenStack Infoblox Infoblox developed plugins for IPAM and DNS Automation for OpenStack Neutron and OpenStack Designate Amazon Infoblox API Proxy capability for IPAM and DNS Automation of Amazon EC2 virtual machines Microsoft Infoblox Infoblox developed plugin for Microsoft System Center Orchestrator Chef Infoblox Infoblox developed Chef cookbook Cisco Partner Cisco developed integrations to UCS Director and CIAC HP Partner HP developed plugin for Operations Orchestrator. HP Helion OpenStack 2 support. IBM Partner IBM developed plugin for IBM Cloud Orchestrator ServiceNow Partner ServiceNow developed plugin for ServiceNow Orchestrator CliQr Partner CliQr developed integration to CliQr Cloud Center BMC, Service Mesh, ElasticBox, Red Hat, CSC Agility Partner Additional partner developed cloud integrations

32 Einblick in die Cloud Informationen AWS VPCs AWS Instances AWS Networks Cloud Netzwerk Automation Automatisched Discovery der AWS Inhalte - VPCs - Instanzen - Netzwerke Integration zwischen traditionellem und Public Cloud Netzwerk

33 Flexible Anbindung DDI für Hybrid Cloud Grid Members sind verteilt über die Private and AWS Grid Master im DC, Managed alle GM in der AWC Cloud Grid Master Grid Member (DNS) Data Center DDI mit Fehler Toleranz Primary DNS in Private und Secondary DNS in Amazon Grid Master im DC and GMC (backup) in AWS Grid Master Grid Member (DNS) Data Center DDI für Full Public Cloud Das gesamte GRID, inklusive GM und Members in der AWS Grid Members können verteilt sein über verschiedene VPCs Grid Member (DNS) Secondary DNS GMC DNS Grid Master Virtual workloads Virtual workloads Virtual workloads

34 Insight Driven Networks Create Enterprise Value CONTROL SECURE ANALYZE Infoblox Actionable Network Intelligence Delivers Control & Security From the Core

35 Extensive Capabilities Automation IP Address Management Application Load Balancing Cloud Integration Workflow integration Configuration Management DDoS protection Malware detection Ecosystem Integration Threat Investigation Data Exfiltration Compliance Reporting & Analytics CONTROL SECURE ANALYZE Infoblox Actionable Network Intelligence

36 Broad Product Portfolio DDI (DNS, DHCP, IPAM) Cloud Network Automation Cloud Connectors DNS Traffic Control NetMRI DNS F/W ActiveTrust ADP API for Ecosystem Int. Threat Insight Network Insight Reporting & Analytics CONTROL SECURE ANALYZE Infoblox Actionable Network Intelligence

37 Look For Capabilities That Enable Best Practices AUTOMATE BASIC TASKS BRIDGE SILOS PROACTIVE INTELLIGENCE INFRASTRUCTURE AGNOSTIC HARNESS DNS/DHCP DATA Intelligently serve protocol, centrally manage resources and automate with workflow integration Rich Ecosystem and APIs with shared threat intelligence for integration with workflow and security infrastructure Business & Network Context: when, where, who and what for security and compliance Multi-platform and Multi-cloud Support out-of-the-box: AWS, Azure, OpenStack, Vmware, Single pane-of-glass visibility: across infrastructure, access to relevant data for efficiency and security

38 Robust, Scalable & Distributed Architecture Your Public Cloud IaaS Your Private Cloud IaaS Infoblox Cloud ActiveTrust Threat Intel HQ Grid Master (HA pair) Grid Master Site Grid Member with DNS Firewall Network Insight Infoblox Grid Grid Member DNS / DHCP Grid Member Reporting & Analytics Edge Network/ Remote Office DHCP Grid Member DNS / DHCP Branch Office Microsoft DNS, DHCP

39 Strategic Alliance Partners Broad Ecosystem of Engaged Partners System Integrator & Channel Partners

40 Applicable To Key IT Initiatives IT INITIATIVES Next Generation Data Center Security Compliance Digital Economy False Positives DHCP Virtual Machines NETWORK DEVICES PCs Mobile Devices TRAFFIC APPLICATIONS CONTROL SECURE ANALYZE Infoblox Actionable Network Intelligence Customer Experience Risk Management Operational Efficiency Visibility Delivers Control & Security From the Core

41 Infoblox: Track Record of Success & Growth Sustained YOY Growth $102 $133$169 $56 $62 ($MM) $358 $306 $225 $250 Market Share Leadership Customers 83 of Fortune 100 Global Sales & Support Presence patents 18 pending Nokia (ALU) - BlueCat Netw Ohers 9.20% 2015 BT Diamond IP Infoblox 49.90% Market Share All organizations looking to deploy DDI should consider Infoblox.

42 Many thanks for your attention, any questions?