Infoblox - 160217 General Pitch GPb

8/19/2019 Infoblox - 160217 General Pitch GPb

1/118

1 | © 2013 Infoblox Inc. All Rights Reserved.


Secure and Control Your Network!Giancarlo Palmieri | Pre-Sales Engineer | Infoblox Italy

17 February 2016


2/118



Agenda

2

1 The Infoblox Solution

2 The Grid

3 Advanced DNS Protection

4 DNS Firewall

5 DNS Traffic Control

6 Cloud Automation

7 Network Automation

8 Infoblox


3/118



Automate the Network and its Core Services

NetworkRouting, Switching!

Core Services:DNS / DHCP / IPAM

Closed Loop

Automation

Real Time Visibilityand

Task Automation

Applications

Track and automate change

Automate IP Mgt, DNS & DHCP

Communicate /Take Action

Infoblox NetMRI

Infoblox DDI,

Trinzic Enterprise


4/118



IT Analyst Validation

•

Gartner: “usage of a commercialDDI solution can reduce (network)OPEX by 50% or more.”

•

IDC: Infoblox is the only major DDI vendor

to gain market share over thepast three years.

• Gartner: “Infoblox has the highest degree

of visibility in the market shows up onnearly all client shortlists, and is commonlyperceived as the market leader.

Worldwide DDI

Market Share – 2013


5/118



Top CIO Concerns

Agility Security Efficiency

Are We NimbleEnough?

Are We Protectingthe Business?

Can We Shift $$ toStrategic Projects?


6/118



Infoblox listen to Key IT InitiativesSecurity

•

Malware & Advanced Persistent Threats (APT)• Infrastructure attacks (DDoS)• Data Exfiltration

Cloud •

Ongoing evolution of the Data Center• Private, Public, Hybrid

Automation • Budget for IT headcount continues to decline• Skilled staff more difficult to find and retain


7/1187 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved.

Barriers to SuccessSecurity

•

Attacks growing in volume and sophistication•

Traditional approaches are helpful but insufficient

Cloud • Manual network orchestration•

Takes hours or days to setup network elements• Different DDI constructs for on Prem & Public

Cloud

Automation • Manual network configuration, spreadsheet

management, and home-grown scripts



Automate the mosttime-consuming network tasks

like discovery, change andconfiguration management

Infoblox Recommended Approach

2.

Control

3.Automate

1.

Secure

Address risk to critical infrastructurefirst. Protect against externalattacks & malware call-backs Deliver reliable, high performancenetwork services for

data center, branch, cloud



Traditional Network Architecture

I N T E

R N E T

I N T R A N E T

MICROSOFTDNS

MICROSOFTDHCP

DENVER

D M Z

A P P S &

E N D - P O I N T S

FIREWALL

BIND DNS

EUROPE

BIND DNS

AMERICAS

BIND DNS

APJ

VulnerableVulnerable Vulnerable

Vulnerable(Malware)

Vulnerable Vulnerable Vulnerable

Security Vulnerabilities• Hacks of DNS server• External attacks (DNS DDoS)• Malware inside network

Management Silos• Multiple points of management• Multiple data silos

MICROSOFTDNS

MICROSOFTDHCP

LONDON

MICROSOFTDNS

MICROSOFTDHCP

TOKYO

Single Points of Failure

APPS &END POINTS

VIRTUALIZATION &PRIVATE CLOUDS



IPAM

INTERNAL

DNS & DHCPTOKYO

EXTERNALDNS

EXTERNALDNS

INTERNALDNS & DHCP

DENVER

Where Infoblox Helps

I N T E R N E T

I N T R A N E T

D M Z

A P P S &

E N D - P O I N T S

APPS &END POINTS

VIRTUALIZATION &PRIVATE CLOUDS

(1) Secure! Secure Platform! Protection from external attacks! Block Malware call-backs! Data Exfiltration protection

(3) Automate! DDI + Automation for

Virtualization & Hybrid Clouds

(2) Control! Highly efficient, centralized control! ONE authoritative IPAM data source



Infoblox Appliances AutomateCore Network Services

DNS (DNSSEC) DHCPIPAMFTP/TFTP/HTTPNTP !

"

Integrated Core Network Services on hardened appliances

"

Centralized visibility & control of appliances, protocols and data

SIMPLE RELIABLESECURE



Infoblox Grid – Robust, Reliable Technology

Infoblox Grid™

Virtual Appliance

Member

All devices aresynchronized through

a shareddistributed database

Centralized

visibility& control

Grid™ Benefits

" Automated Failover &Disaster Recovery

" Automated Maintenance

GridMaster

LocalMember

RemoteMember

ReportingMember


14/11814 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. 14

Coordinated by the Grid Master

Sharing a Distributed Database(with Zero Maintenance)

Grid: a collection of secure memberappliances, all running the same

software, providing one or moreservices (DNS, DHCP, Discovery, FileDelivery, NTP etc.)

Communicating via an SSL VPN

Provides:- Centralized visibility and control- Real time IPAM & discovery- Monitoring and reporting- Failover and disaster recoveryfor services, data & management

GridMaster

InfobloxGrid

Infoblox Grid TechnologySimple, Secure and Reliable

Grid Manager GUI

External DNS

External DNSDNS, DHCP, NTP

DNS

NTP

Member

Member

ReportingMember

Member

Member

Grid MasterCandidate

DNS, DHCP, NTP

IPAM, DNSDHCP, NTP

Configuration Examples



Real-time and Automated DNS/DHCP & IPAM

Reduce Risk & Expense

"

Real-time and historical insighton connected IP endpoints andnetworks

" Monitoring of IP and subnetusage

"

Delegation and automation of IPprovisioning tasks

" Secure DNS

"

Auditing and reporting

" Enhances installed Microsoft

DNS/DHCP



Infoblox Physical and Virtual Appliance

InfobloxGrid

Replacing Servers with Appliances in Branch Offices Improves Performance,

Provides Local Survivability and Drives Compelling ROI16

Virtual GridMember

Grid Master Candidate

VMWareESX / ESXi

Infoblox vNIOSVirtual Appliance

Software

Virtual GridMember

Cisco 28/29xx & 38/39xxISR with Infoblox vNIOS

Virtual GridMember

Riverbed Appliance withInfoblox vNIOS

Grid Member

Microsoft®DNS / DHCP

Agent-less

Microsoft®DNS / DHCP

Virtual GridMember

Grid Master

ManagementInterface

Virtual GridMember



Virtual Appliances

Infoblox Appliances Family

RegionalCenters

BranchOffices

Edge/RemoteLocations

Headquarters

Trinzic Reporting

PT-4000

PT-2200

PT-1400

NetworkAutomation

4000

NetworkAutomation

2200

NetworkAutomation

1400Trinzic 810

Trinzic 820

Trinzic 1410

Trinzic 1420Trinzic 2210

Trinzic 2220

Trinzic 4010

Trinzic 4030

Trinzic 100

ND-1400

ND-800

ND-4000

ND-2200


18/118

18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved.

Infoblox Grid™Real-time Network Database

The Infoblox Product Portfolio

NetworkAutomation

NetMRI

Automation ChangeManager

Physical & Virtual Appliances

Core NetworkServices

Infoblox DDI:(DNS, DHCP, IPAM)

Security

Internal DNS Security

DNSFirewall-FireEye Adapter

DNS Firewall

S u b s c r i p t i o n s

Infoblox Advanced Reporting

DNS Traffic Control

Cloud Network AutomationExternal DNS Security

IP AddressManagement (IPAM)

IPAM

Network Insight

IPAM for Microsoft (WindowsServer)

DDI for Amazon Web Services(AWS)


19/118


Infoblox Grid™Real-time Network Database

The Infoblox Product Portfolio

NetworkAutomation

NetMRI

Automation ChangeManager

Physical & Virtual Appliances

Core NetworkServices

Infoblox DDI:(DNS, DHCP, IPAM)

Security

Internal DNS Security

DNSFirewall-FireEye Adapter

DNS Firewall

S u b s c r i p t i o n s

Infoblox Advanced Reporting

DNS Traffic Control

Cloud Network AutomationExternal DNS Security

IP AddressManagement (IPAM)

IPAM

Network Insight

IPAM for Microsoft (WindowsServer)

DDI for Amazon Web Services(AWS)


20/118



21/118


The Position

Protect Now or Wait until its Too Late?


22/118


The Problem

DNS-based attacksare on the rise

Traditionalprotection is

ineffective againstevolving threats

DNS outage causesnetwork downtime,

loss of revenue,and negative brand

impact

Unprotected DNS infrastructure introduces security risks


23/118


Why is DNS an Ideal Attack Target?

DNS is thecornerstone of theInternet, used by

every business andgovernment

DNS protocol isstateless and hence

vulnerable

DNS as a protocolis easy to exploit

Maximum impact with minimum effort


24/118


Attack apps being built

How DNS DDoS is Becoming Easier

• DDoS attacks against majorU.S financial institutions

• Launching (DDoS) taking

advantage of Server bandwidth

• 4 types of DDoS attacks:

" DNS amplification,

" Spoofed SYN,

"

Spoofed UDP " HTTP+ proxy support

• Script offered for $800


25/118


2013: The Threat is Significant

Source: Arbor Networks

DNS is #2 attack vector protocol Source: Prolexic Quarterly Global DDoS Attack Report Q3 2013

" Attacks that target DNS are growing

"

DNS-specific attacks up 200%from 2012

"

ICMP, SYN, UDP flood attacksgrowing significantly too


26/118


Infoblox Advanced DNS Protection Solution

Unique Detection and Mitigation

"

Intelligently distinguishes legitimate DNS traffic fromattack traffic like DDoS, DNS exploits, tunneling

" Mitigates attacks by dropping malicious traffic andresponding to legitimate DNS requests

Centralized Visibility

" Centralized view of all attacks happening across thenetwork through detailed reports

" Intelligence needed to take action

Ongoing Protection Against Evolving Threats

" Regular automatic threat-rule updates based onthreat analysis and research

" Helps mitigate attacks sooner vs. waiting for patchupdates


27/118


28/118


ReportingServer

AutomaticThreat-rules

updates

Block DNS attacks

InfobloxThreat-rule Server

Infoblox AdvancedDNS Protection(External DNS)

GRID Master

Reports on attack types, severity

Send reports

New

Grid-wide ruledistribution

L e g i t i m a

t e T r a f f i c

Infoblox AdvancedDNS Protection(Internal DNS)

New

Fully Integrated into Infoblox Grid

ManagementInterface


29/118


DNSTop

attacks

DNS amplification:

Use amplification in DNS reply toflood victim

TCP/UDP/ICMP floods:

Flood victim’s network with largeamounts of traffic

Protocol anomalies: Malformed DNS packets causingserver to crash

DNS cache poisoning: Corruption of a DNS cachedatabase with a rogue address

DNS hijacking: Subverting resolution of DNS queriesto point to rogue DNS server

DNS tunneling: Tunneling of another protocolthrough DNS for data ex-filtration

Reconnaissance: Probe to get information on networkenvironment before launching attack

DNS based exploits: Exploit vulnerabilities inDNS software

Fragmentation: Traffic with lots of small out oforder fragments

DNS reflection/DrDos: Use third party DNS servers topropagate DDoS attack

NXDOMAIN: Flood DNS server with requestsfor non-existent domains

Phantom Domain: Force DNS server to resolve multiplenon-existent domains and wait for responses

What Attacks Do We Protect Against?The Rising Tide of DNS Threats


30/118


What Attacks Do We Protect Against?The Rising Tide of DNS Threats

Volumetric/DDoS Attacks DNS-specific Exploits

DNS reflection

DNS amplification

TCP/UDP/ICMP floods

NXDOMAIN attack

Phantom domain attack

Random subdomain attack

Domain lockup attack

DNS-based exploits

DNS cache poisoning

DNS tunneling

Protocol anomalies

Reconnaissance

DNS hijacking

Domain lockup attack

Secure DNS is Not Only About DDoS


31/118


Intelligence Needed to Take Action

Centralized Visibility: Reporting

• Attack details by category, member, rule, severity, and time•

Visibility into source of attacks for blocking, to understand scope and severity•

Early identification and isolation of issues for corrective action


32/118


Event Count by Category



33/118


Event Count by Severity Trend



34/118


Event Count by Member Trend



35/118


Event Count by Member Time



36/118



37/118


Infoblox ADP - External AuthoritativeProtection against Internet-borne Attacks

INTERNET

Data Center

Advanced DNSProtection

Grid Masterand Candidate (HA)


D M Z

INTRANET

- Campus office- Regional office(s)- Disaster recovery site(s)

Grid Reporting Member

Advanced DNS Protection when deployed as an external authoritative DNS servercan protect against cyberattacks


38/118


Internal DNSProtection against Internal Attacks on Recursive Servers

Advanced DNS Protection can secure internal DNS environments where internaluser traffic is hostile

Data Center

GRID Masterand Candidate (HA)

INTRANET

- Campus office- Regional office(s)- Disaster recovery site(s)

Endpoints

Advanced DNSProtection Advanced DNSProtection

Reporting


39/118


Advanced Appliances Come in ThreePhysical Platforms

Advanced Appliances have next-generation programmable processorsthat provide dedicated compute for threat mitigation.

The appliances offer both AC and DC power supply options.

Note: Customers who have IB-4030 Rev2 just need to purchase the Advanced DNS Protection service


40/118


Internet

ADP

How Does IB-4030 & ADP Work?

ADPDCA

Smart NIC

Host Appliance

BIND

5-Synthesized Response (Pre-Recursion)

9-Synthesized Response (Post-Recursion)

6-Recursion

7-Response

4-BIND CachedResponse

3-DCA CachedResponse

9-Synthesized Response (Post-Recursion)

1- DNS Query

2-Drop/Rate Limit

Client

BLK-LIST

Match? YesNo

NXDR

Match? Yes

DFW

Match?

No

No

9-Recursive Response

Yes

ThreatRule

Match?

No

Yes

DCACached

?

Yes

BINDCached

?

Yes

No

No

8-Drop/Rate Limit


41/118


Infoblox - Differentiation and Value

InfobloxStandard

InfobloxAdvanced

LoadBalancers

PureDDoS NGFW IPS Cloud

DNS server

General DDoS

DNS DDoS

DNS server OS and

applicationvulnerabilities

Flood attacks

Semantic attacks

Cache poisoning

DNS Reflection

Tunneling

DNS Amplification


42/118


The Basic ADP Technology Principles

• DNS Traffic Pre-Filtering

• Real-Time AutomaticPattern Detection

•

Automatic Rulesupdate

L e g i t i m a t e T r a f f i c

Advanced DNS Analysis Engine

DNSBIND Engine

Legitimate Traffic BAD Traffic

Automaticupdates

Infoblox

Threat-rule Server


43/118



44/118


Infoblox Advanced DNS Protection

ReportingServer

Automatic Updates

(Threat Rules)

InfobloxThreat-rule

Server


Infoblox AdvancedDNS Protection(Internal DNS)


D a t a f o r

R e p o r t s

GridMaster

InfobloxAdvanced DNS

Protection(External DNS)

ManagementInterface

L e g i t i

m a t e T r a f f i c


45/118


How to Run an ADP PoC

In-Line

•

Deploy the ADP in-line to acceptand deal with your incoming traffic(run in Monitor Mode)

Traffic Capture

•

Capture traffic in front of the DNS(PCAP) to be analyzed in theInfoblox Labs

Off-Line

•

Deploy ADP on a SPAN port withlive DNS traffic. ADP will configureMAC Address of customer’s DNS,resolve and generate reports onattacks found


46/118

46 | © 2013 Infoblox Inc. All Rights Reserved.46 | © 2015 Infoblox Inc. All Rights Reserved. 46

In-Line PoC with ADP

Advanced DNSProtection Reporting

Internet

Grid Master

!"#$ %&'(

ManagementInterface

DNS

Switch

) * + " ,

- + . / 0 1 . +

X

• Replace the standard DNS with anInfoblox solution with ADPprotection (run in Monitor Mode)


47/118


Traffic Capture

Traffic Capture

•

Capture traffic (PCAP) in front of theExternal DNS to be analyzed in theInfoblox Labs

• We will run the same PCAP traffic in

our Lab and return all valuableresults in a structured document

Off C


48/118


Off-Line PoC with ADP (Enterprise)

CachingDNS

Switch

Internal Network

2/31 50"6


78#+16.

Internet

!

) * + " ,

- + . / 0 1 .

+

Grid Master

!"#$

%&'(

%&'9

ManagementInterface

Off Li P C ith ADP


49/118


Off-Line PoC with ADP (Service Provider)

CachingDNS

Switch 25&' 50"6


Internet

!

Grid Master

!"#$

) * + " ,

- + . / 0 1 . +

%&'9

%&'(

ManagementInterface

S DNS Att k ith R t


50/118


See DNS Attacks with Reports

•

POC hardware shipped with temp license to enable threat protectionautomatically (License expiration: 60 days)

•

POC includes virtual Reporting Server and virtual Grid Master

ADP G id S t ( ith Li T ffi )


51/118


ADP Grid Setup (with Live Traffic)

ReportingServer

Automatic Updates

(Threat Rules)

InfobloxThreat-rule

Server



D a t a f o r

R e p o r t s

GridMaster

ManagementInterface

Internet

Incoming DNS Traffic(with threats)

LAN1

Grid

MGMT

LAN1

LAN1


(External DNS)

N t St


52/118


Next Steps

•

Request the free POC " https://www.infoblox.com/downloads/

software/advanced-dns-protection-trial

• Deploy with help of an Infoblox SE

• See if your DNS is under attack

•

Block attacks and prevent downtimewith the full featured Advanced DNSProtection


53/118


O ll M l Th t B i


54/118


Overall Malware Threats Booming

54

•

Around 7.8 million new Malwarethreats per quarter in 2012

•

Mobile threats grew about 10Xin 2012*

•

855 successful breaches / 174 millionrecords compromisedin 2012**

• 69% of successful breachesutilized Malware**

• 54% took months to discover,29% weeks**

• 92% discovered by external party**

0

2,000,000

4,000,000

6,000,000

8,000,000

10,000,000

Q12010

Q22010

Q32010

Q42010

Q12011

Q22011

Q32011

Q42011

Q12012

Q22012

Q32012

New Malware

0

5,000

10,000

15,000

20,000

25,000

2004 2005 2006 2007 2008 2009 2010 2011 2012

Total Mobile Malware Samples in the Database

Startling statistics

* Source: McAfee Threats Report: Third Quarter 2012** Source: Verizon Security Study 2012

Security Breaches – 2013


55/118


Nasdaq, Visa, JCPenney among hacking victims:prosecutors

NEWARK, New Jersey (Reuters) - The United States on Thursdaynamed major corporations including Nasdaq OMX Group Inc, NewYork Times, J.C. Penney Co Inc and Visa Inc as among the victimsof what federal prosecutors said is the largest hacking and data

breach case prosecuted in the nation.

July 25, 2013

Security Breaches 2013Advance Persistent Threat is on the Rise!.

$300 MillionStolen

Security Breaches – 2014


56/118


Malware attack hits thousands of Yahoo users perhour

(CNN) -- A malware attack hit Yahoo's advertising server over thelast few days, affecting thousands of users in various countries, anInternet security company said.

In a blog post, Fox-IT said Yahoo's servers were releasing an

"exploit kit" that exploited vulnerabilities in Java and installedmalware.

"Clients visiting yahoo.com received advertisements served byads.yahoo.com," the Internet security company said. "Some of theadvertisements are malicious."

December 31, 2013

Security Breaches 2014Malware from Yahoo!.

For a time during the attack, which started on Dec. 31, 2013, and

was discovered on Jan.3, 2014, the malware was creating an

estimated 27,000 infections per hour.

The Infoblox DNS Firewall Subscription service had identifiedand blocked the malicious IP before Yahoo noticed themalware.

DNS Firewall quick overview


57/118


DNS Firewall – quick overview

• Many organizations on the Internet track malicious activity "

They know which web sites are malicious " They know which domain names malware look up to rendezvous with

command-and-control servers

•

DNS Firewall relies on RPZ (Response Policy Zones)

• Response Policy Zones are funny-looking zones thatembed rules instead of records " The rules say, “If someone looks up a record for this [malicious]

domain name, or that points to this [malicious] IP address, do this.” " “This” is generally “return an error” or “return the address of this

walled garden” instead

Infoblox DNS Firewall


58/118


Infoblox DNS FirewallBlocking Malware An infected device brought intothe office. Malware spreads to

other devices on network.

1

2

3

Malware makes a DNS queryto find “home.” (botnet / C&C).DNS Firewall detects & blocksDNS query to malicious domain

Maliciousdomains

Infoblox DDIwith DNSFirewall Blocked attempt

sent to Syslog

Malware / APT

1

2

Malware / APT spreadswithin network; Calls home

4

Pinpoint. Infoblox Reporting listsblocked attempts as well as the:

• IP address• MAC address• Device type (DHCP fingerprint)• Host name• DHCP lease history

DNS Firewall is updated every 2hours with blocking informationfrom Infoblox DNS FirewallSubscription Servic

Infoblox MalwareData Feed Service

4

IPs, Domains, etc.of Bad Servers

Internet

Intranet

3

2


59/118

Infoblox Malware Data Feed Service


60/118


Infoblox Malware Data Feed Service

GeographicBlocks

Inbound Attacks

MalwareDroppers

Botnet C&C /DNS Servers

InfobloxDNS Firewall

InfobloxMalware DataFeed Service

RPZ datapushed thrusigned XFR

•

24/7 service

•

Data from over 35 different public and

proprietary sources – 7 feed types•

Incremental threat data changes are

pushed every 2 hours

•

Significant threats cause immediate

updates (notify)

External Feed:Legge Gentiloni

DNS Firewall & Reporting


61/118


DNS Firewall & Reporting

• List of Top Infected

Clients

• What malicious domainnames were requestedand number of requests

•

Mitigation performed(e.g., Redirect, Block, orPass)

•

Lease history by MACaddress & OS Fingerprintvia drilldown option

Click to view historyfor this IP

Security Policy Violations Report

Customizing DNS Firewall


62/118


Customizing DNS Firewall

RPZ Feed Data Export example


63/118


RPZ Feed Data Export example

zumbapolska.combecomes NXDOMAIN

DNS Firewall implementation


64/118


DNS Firewall implementationReal life example

•

Existing customer DNS caching infrastructure(large research institute)

• DNS firewall implemented on caching NS

•

Log only policy

•

“! We got the first high risk trojan within an hour !”

From the reputation lookup tool


65/118


From the reputation lookup tool!

Industry’s First True DNS Security Solution


66/118


PREVENTIVE TIMELY TUNABLE

Leverages highquality MalwareData Feed

updated in nearreal time

Maximizespotency againstmalware

worldwide

Preventsmalwareinfection and

execution

Industry s First True DNS Security Solution

Infoblox DNS FirewallStops DNS-exploiting malware (APT & Botnets)

Solution Components

" Product License (cost based on appliance model) "

Malware Data Feed from Infoblox (optional annual subscription)

"

Infoblox Grid TM

Infoblox DNS Firewall Differentiators


67/118


Infoblox DNS Firewall Differentiators

The ONLY solution in the market that offers

these capabilities

• Near real-time feed targeted toDNS-exploiting malware

•

Proactively prevents infection

•

Ability to target infected device daysor even weeks later

• Policy flexibility by action, by Geo,and by type

• Ranking of the malware that isactually impacting your organization


68/118


How does the DNS Firewall work?


69/118


How does the DNS Firewall work?

Malware Data Feedfrom Infoblox

Dynamic Grid-WidePolicy Distribution

2

Landing Page /Walled Garden

InfectedClient4

Redirect

6

Write to Syslogand send toTrinzic Reporting

Infoblox DNS Firewall /Recursive DNS Server



Dynamic PolicyUpdate

1

Link to maliciouswww.badsite.com

3

Apply Policy Block / Disallowsession

Contact botnet

5

How to Run a DNS Firewall PoC


70/118


How to Run a DNS Firewall PoC

In-Line

•

Deploy the DFW on existingInfoblox appliances to accept anddeal with your internal DNS traffic

Traffic Capture

•

Capture traffic in front of the DNS(PCAP) to be analyzed in theInfoblox Labs

Off-Line

•

Deploy DFW on a SPAN port withlive DNS traffic. DFW will configureMAC Address of customer’s DNS,resolve and generate reports onMalware/Botnet/APT found

In-Line PoC with DFW


71/118


In-Line PoC with DFW

InternalDNS

Switch

Internal Network

DNS FirewallGrid Master

Reporting

78#+16.

Internet

) * + "

,

- + . / 0 1

. +

!"#$ %&'(

%&'9

:&55 01

;


72/118


Traffic Capture

Traffic Capture

•

Capture traffic (PCAP) in front of theInternal DNS to be analyzed in theInfoblox Labs

• We will run the same PCAP traffic in

our Lab and return all valuableresults in a structured document

Off-Line PoC with DFW


73/118


Off Line PoC with DFW

InternalDNS

Switch

Internal Network

2/31 50"6

DNS FirewallGrid Master

Reporting

78#+16.

Internet

!

) * + "

,

- + . / 0 1

. +

!"#$

%&'(

%&'9

:&55 01

;


74/118


See DNS Attacks with Reports

•

POC vAPP shipped with temp license and feed activation (Public IPregistration required). License expiration: 60 days

•

POC is a vAPP for vCenter including a virtual DNS Firewall, also GridMaster, and a virtual Reporting Server

Click to view historyfor this IP

Next Steps


75/118


Next Steps

•

Download the free POC " https://www.infoblox.com/catchmalware

• Deploy with help of an Infoblox SE

• See if your DNS carrying maliciousDNS requests

•

Block attacks and prevent downtimewith the full featured DNS Firewallinstallation


76/118


What is Global Server Load Balancing? (GSLB)


77/118


What is Global Server Load Balancing? (GSLB)

Global Server Load Balancing (GSLB) uses DNS to direct users to anappropriate instance of an application. GSLB can be used for distributing

workloads across multiple computing resources or data centers

Web/App Server(myapp.abc.com)

Web/App Server(myapp.abc.com)

DNS for“abc.com”

GSLB

1

2

g s l b . m y a p p . a

b c . c o m

3

C on

n e c t t o

D C 1

4

DC1

DC2

IT Networking Challenge


78/118


IT Networking Challenge

Availability

Provide 100%availability of

internet facingservices

Service Optimization

Optimizeperformance by load

balancingapplication requests

Cost Efficiency & Easeof Management

Cost and complexityof traditional GSLB

solutions

Introducing Infoblox DNS Traffic Control


79/118


Introducing Infoblox DNS Traffic ControlMarket Leading DNS & Integrated Global Load Balancing

•

Uses DNS to intelligently route traffic to theappropriate data center based on server load, health(availability), or pre-defined ratio.

• Helps Internet facing apps (eg. Web sites) performbetter and ensure greater service availability.

• Improves response time by directing web requestsbased on geo-location

•

Integrated DNS + GSLB reduces your CAPEX (one

less box) and OPEX (management effort &administrator overhead)

• Fully integrated with Infoblox NIOS and AdvancedDNS Protection

Infoblox DNS Traffic Control


80/118


Infoblox DNS Traffic ControlScalable DNS with Integrated Global Load Balancing

• Integrates a cost-effective GSLB within an Authoritative DNS server to simplify web infrastructureand reduce the cost of deploying, configuring andmanaging multiple devices

• Simplified management

•

Uses DNS to Intelligently route traffic to theappropriate global datacenter

•

Directs web requests across active or standby sitesbased on servers’ health

• Optimizes performance and ensures 100% availabilityof internet facing services (e.g. web site)

•

Improves response time by directing web requestsbased on Geo-Location

DNS Traffic Control (DTC)


81/118


( )

100%

50%

100%

• Integrated GSLB Functionality

• Directs customer web traffic to most efficientlocation based on server availability /

geography / health-check

• Directs queries between load balancedresources utilizing multiple load balancingalgorithms

• Global Availability, Ratio, Round Robin,Topology

• Supports both paid and free Maxmind geo-

location data bases

•

Automated health-check

•

Performs health check against load balanced

resources• HTTP / HTTPS / TCP / SIP / ICMP / PDPconnections

• Integration with NIOS, Grid and Advanced DNSProtection

•

New Reports

How Does DNS Traffic Control Work?


82/118


Health Check

ResourcePool A

ResourcePool B

Health Check

Client sends a DNS request to IB DNSServer

IB DNS Server resolves the query

• If the final query name belongs to a

zone for which the server isauthoritative and matches anLBDN linked to that zone, then

DTC handles the response• Otherwise normal DNS processing

occurs

If the cache contains a previous

answer to the same request for thesame client and that server is stillavailable, it is selected.

• Otherwise, based on theavailability and configured topology

rules, DTC selects first a pool andthen a specific server from thatpool

A DNS record is synthesized from theaddress of the selected server andreturned to the client

The client contacts the server

myapp.abc.com(101.10.0.1)

myapp.abc.com(201.10.0.1)

Each member performsindependent health monitoring to

ensure that pool members orservers are able to receive traffic

1

2&3

4

5

Load Balancing Methods and Health Monitors


83/118


gLoad Balancing Methods

Global Availability Clients are directed to the first resource in a list, i.e. a resource pool. Only ifthe first resource becomes unavailable then DNS Traffic Control directs clients

to the next resource in the list.Ratio Clients are directed to servers in a pool or among pools (in a multiple pool

configuration) using weighted round robin.

Topology DNS Traffic Control uses predefined geo mapping and other user-definedsource IP/subnet-based mapping to adjust the response to a query.

Health Monitors

HTTP/HTTPS Validates the health of a HTTP/HTTPS service by first sending a specificHTTP message to a server and then examining the returned code receivedfrom the server.

TCP Validates the health of a server by attempting a full TCP handshake.Completing a handshake and establishing a connection constitutes success.

SIP The SIP monitor determines the health of a SIP server by issuing SIP options

to the server and examining the returned code received from the server.Supports the following transports: TCP, UDP, TLS, SIPS

PDP Validates the health of a server by sending a fixed GTP ECHO. Receiving anyECHO response constitutes success.

ICMP Sends an ICMP/ICMPv6 Echo Request to the IP address of the target serverand expects an ICMP/ICMPv6 Echo Response.

Use Cases


84/118


Infoblox DNS Traffic Control

• DC Disaster Recovery

•

Load Balancing Requests

•

Geo Location

• Internal server balancing and failover

•

DNS views for records

Use Case 1: DC Disaster Recovery


85/118


Site 1 (San Francisco)

x.abc.com

Local LoadBalancer

VIP =100.10.0.1

Ib_sf.abc.com

Site 2 (London)

x.abc.com

Local LoadBalancer

VIP =200.10.0.1

Ib_ld_.abc.com

x.abc.com

201.10.0.1

x.abc.com

101.10.0.1

Remote Site 3 (San Jose)

Remote Site 4 (Paris)

Health Check

Hong Kong

yPolicy:• Direct all requests originating from U.S to

SJ or SF using Round Robin

•

Direct all request originating from ROW toParis or London using Round Robin

1

2 3

Use Case 2: Load Balancing Requests


86/118



x.abc.com

Local LoadBalancer

VIP =100.10.0.1

Ib_sf.abc.com

Site 2 (London)

x.abc.com

Local LoadBalancer

VIP =200.10.0.1

Ib_ld_.abc.com

x.abc.com

201.10.0.1

x.abc.com

101.10.0.1



Health Check

New York

g qPolicy:• Direct all requests originating from U.S

to SJ or SF using Round Robin,

•

Direct all request originating from ROW toParis or London using Round Robin

Boston

1

45

2

3

Use Case 3: Geo Location


87/118



x.abc.com

Local LoadBalancer

VIP =100.10.0.1

Ib_sf.abc.com

Site 2 (London)

x.abc.com

Local LoadBalancer

VIP =200.10.0.1

Ib_ld_.abc.com

x.abc.com

201.10.0.1

x.abc.com

101.10.0.1



Health Check

Sydney, Au Policy:• Direct all requests originating from U.S to

SJ or SF using Round Robin

•

Direct all request originating fromROW to Paris or London using RoundRobin

1

2

3

Health Check Capabilities/Parameters


88/118


p• Descriptions: The health check monitors validates the health of a service by first

sending a specific message to a server and then examining the response received fromthe server. The validation is successful if the received response matches the expected

message.

• Heath Check Options: HTTP / HTTPS / TCP / SIP / ICMP / PDP

• Common Configuration Parameters• Interval

•

Timeout•

Retry up counts• Retry down count

• Other configurable parameters• HTTP / HTTPs / SIP:

• Http Request

•

Expected Return Code• Client Certificate• Ciphers• Port• Transport (SIP only)

• TCP: • Port

Infoblox Advantages


89/118


•

High Integrity DNS Platform with a robust DNS control plane•

Intelligent DNS query direction to ensure high application availability

•

Superior management via advanced DNS control plane

• Centralized visibility into all DNS conditions

•

Server consolidation and lower TCO

•

Best-in-class protection against DNS threats

g

SecurityControl Availability Performance

Licensing Strategy


90/118


g gy

New Licenses(DTC)

• Requires NIOS 7.0 or higher • Enables:

• Creation and management of LBDN records

•

Assignment of Global Pools of Load Balanced Resources•

Perform Health Check against Load Balanced Resources•

Direct queries between Load Balanced Resources using various Load Balancing

Algorithms• DNS Traffic Control Reports (Reporting appliance required)

LicensingPackages

• Licensed per Appliance

•

Available as add-on modules (for existing deployments)•

Available as bundled SKUs (for new deployments)

PlatformSupportability


91/118


Market Dynamics:


92/118


Private Clouds Deployments on the Rise

• Commodity gear• Better utilization

Cost SavingsIT & Business

Agility

• Faster App roll-out• Self-service

LOB Productivity

•

Less time waiting• More time producing

IT Departments Increasingly Want Their OwnAmazon-like Cloud In-house!here is why:

Private Cloud Perception vs. Reality


93/118


• Perception " Snap of the fingers

" Measured in seconds or

minutes

• Reality " Slow with manual processes

" Measured in hours, days or

weeks

How long does it take deploy a new virtual instance?

Hidden Achilles Heel for Cloud Deployments


94/118


Manual

Traditional Approach

ProvisionVirtual

Instance

1

Request IPor Use

Allotment

2

Forward IPData forTracking

3

UpdateDatabase orSpreadsheet

4

RequestDNS

Record

5

Allocateand Manually

Enter DNS

6

Clean UpWhen

De-provisioned

Automated

• Multiple teams and handoffs

• Shortcuts cause gaps and dangers

•

Lack of correlated view across the organization•

Risk for compliance and auditing

Cloud Network Pain Points


95/118


No visibility to IP address/DNS records for VM/network resources

No central reporting on lease history, DNS/IP associations

Lack of reliable DDI for Private CloudStability and simplified upgrades of underlying network inhibits Cloud rollout

Requires too much administrator overhead Manual IP address/DNS provisioning is slow, error-prone

Network provisioning is too slow for application deliveryNo Amazon-like capabilities i.e., on-demand, self-service, DevOps


96/118

Infoblox Cloud Network Automation(Adapters Only)


97/118


id Master

id Master

( p y)

CorporateWide DNS

Private CloudData Center 1

InternalDNS

ReportingServer


Grid Master

VMs

DHCP

Grid Member

id Master InternalDNS

VMs

Grid Member

Corporate Data Center

DHCP

Grid Member

CMP 1 with IB Adapter(E.g. OpenStack)

CMP 2 with IB Adapter(E.g. VMware vCAC)

Infoblox Cloud Network Automation(Cloud Platform)


98/118


id Master

id Master

( )

CorporateWide DNS


InternalDNS

ReportingServer


Grid Master w/Cloud Network Automation

CMP 1 with IB Adapter(E.g. OpenStack)

WAPI

VMs

DHCP

Cloud Platform Appliance

id Master InternalDNS

CMP 2 with IB Adapter(E.g. VMware vCAC)

WAPI

VMs


Corporate Data Center

DHCP


New

New

New

New

Infoblox Cloud Network Automation


99/118


Cloud-focused discoveryand visibility

"

Centralized, integrated management user interface " Cloud widgets for monitoring cloud network elements

" Cloud-specific reports2

Scalable cloud platformdeployment

" Virtual appliances that supports communication with

Cloud Management Platforms through Infoblox Adapters

" Deployed per data center to support scale-out

3

1 Integrated adapters " Free adapters to integrate with key cloud

management / orchestration platforms " Leveraging RESTful API

Cloud Network Automation – New GUI


100/118


Provisioning a VM using a Cloud Management Platformwith Infoblox Integration


101/118


Hypervisor

CMP/Orchestrator

Infoblox Adapter

2 - CMP/Orchestrator calls theInfoblox Adapter

1 - A cloud admin/user requests a VM to be created throughself service portal

6 - VM starts upeither withinjected static IP

or IP allocated viaDHCP Request to

Member (Fixed Address)

5 – CMP/OrchestratorSpins up VM onHypervisor

Infoblox Grid Member

DNS/DHCP

3 - Infoblox Adaptercontacts NIOS via WAPIfor Next Available IP and

creates DNS Recordsfor VM

End User

7 - End User accesses VMusing DNS FQDN

Infoblox Grid Master

4 - GM synchronizesHost record or Fixed

Address + A/AAAA/PTR

with Grid Member

DDI Support for OpenStack


102/118


Grid Master

GridMember

GridMember

Description

Extend DDI to manage VM networks created by

OpenStack

Infoblox Grid

"

Creates/Deletes networks via OpenStack UI/CLI/APIs

" Allocates/De-allocates IP addresses whenVMs are created or floating IPs are assigned

"

Creates/Deletes DNS host records or A/AAAA/PTR/CNAME records for allocated IPs

"

Provides DNS and DHCP Services to VMs

" Manages internal and external networks

Benefits

Centralized Cross Platform DDI Service(OpenStack/VMware/Microsoft Compatible)High AvailabilityOperational EfficiencyLower cost of migration (Physical to Virtual toCloud)

Project 9

IP IP IP

Project 10

IP IP IP

Project 11

IP IP IP

Infoblox Adapter

API

DDI Service DDI Service

GridMember

DDI Service

ReportingServer

Delivering the Cloud Promise with Infoblox


103/118


IPAM & DNSAutomation

Multi-vendorCloud

Integration

Enhancedand

ExtendedVisibility

Auditing andCompliance

Centralizedand

IntegratedManagement

Always OnCore

NetworkServices

Speed Deployment Times with Infoblox Cloud Network Automation

The Power of Cloud Network Automation


104/118


Manual

Traditional Approach

ProvisionVirtual

Instance

1

Request IPor Use

Allotment

2

Forward IPData forTracking

3

UpdateDatabase orSpreadsheet

4

RequestDNS

Record

5

Allocateand Manually

Enter DNS

6

Clean UpWhen

De-provisioned

1 62 3 4 5

Automated

ProvisionVirtual

Instance

Automated

Automated

Infoblox Cloud Network Automation


105/118


Infoblox NetMRI i DDI


106/118


The way to active DDI

•

Network discovery and inventory•

Monitor and track changes•

Switch Port Management• Proactive Check against best practices• Proactive Check against security policies

•

Automate change in lock step with DDI• Automatic VRF detection and handling

Interaction with network Via:SNMP

CLI/configurationSyslog

Fingerprinting

Infoblox NetMRI Infoblox DDI Automation

106


107/118

Managing Issue Analysis with NetMRI


108/118


Proactively alerts of issues – problemsand potential suboptimal settingslurking within the devices

Easy ability to select individual issuesand drill down for more detailedinformation

108

Managing Issue Analysis with NetMRI


109/118


Proactively alerts of issues – problemsand potential suboptimal settingslurking within the devices

Easy ability to select individual issuesand drill down for more detailedinformation

Once the issue is identified, the auto-remediation options greatly reduce timeto resolve

109

Understanding the Impact of Change


110/118


Cause & Effect

•

Help user identifyhard to find issues

•

See if a change had apositive or negative

impact on health

• Verify if changeimpacts policycompliance

• View impact ondevice neighbors

110

Enforce Compliance and Standardization


111/118


Build Consistency

• Over 200 pre-

packaged rules

• Wizard encoding ofcomplex rule logic

•

Deploy easily

• Proactive alerts forpolicy violations

•

Built-in remediation• Live and historical

status, trends andreports

111


112/118

Packaging


113/118


"

Standalone

" ACM (Automated Change Management)

"

NetMRI

NetMRI – Appliance and VM version


114/118


• NetMRI can be provided in " Hardware (usual Infoblox Appliance, 3 different models)

" In VMWare (ESX, ESXi)

VMWareESX / ESXi

Virtual GridMember

114


115/118

About Infoblox


116/118


Founded in 1999

Headquartered in Santa Clara, CAwith global operations in 25 countries

Market leadership• DNS, DHCIP, IPAM (DDI) Market

Leader (Gartner)

• 50% DDI Market Share (IDC)

8300+ customers89,000+ systems shipped to 100

countries

63 patents, 25 pending

IPO April 2012: NYSE BLOX

Leader in securing and automatingmission-critical network services

Total Revenue(Fiscal Year Ending July 31)

35

56 62

102

133

169

225

250

306

$0

$50

$100

$150

$200

$250

$300

$350

FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 FY 15

($MM)


117/118



118/118

Giancarlo PalmieriInfoblox Pre-Sales EngineerMob: +39 335 789 3463Email: [email protected]

Infoblox - 160217 General Pitch GPb

Documents

Transcript of Infoblox - 160217 General Pitch GPb