Cyber criminals are increasingly using DNS attacks to steal proprietary information, but a new product from Infoblox aims to fight back and block zero-day threats. It has announced Infoblox DNS Threat Analytics in a bid to stop DNS-based data exfiltration.
Infoblox DNS Threat Analytics looks at outgoing DNS traffic, and in real time looks for characteristics of data exfiltration. It analyses characteristics such as the size of the query, whether it contains encrypted data, and if it is being repeated at precise intervals, to flag up possible attacks, and block zero day attacks after analysing suspcious behaviour.
Scott Fulton, executive vice president of products at Infoblox: "Most firewalls and other security solutions don’t examine or understand the structure of DNS queries, a vulnerability that hasn’t escaped the attention of cybercriminals."
In December 2014 a survey found that 46% of large businesses had experience DNS-based data exfiltration in the previous year, with 76% in total falling victim to some kind of DNS attack.