Ashraf Sheet, Regional Director, MEA at Infoblox discusses the company’s role in digital transformation and the increase of insider DNS threats.
Q: What is Infoblox focusing on at GITEX this year?
A: Looking at the industry now, everybody is looking at digital transformation and that’s the key thing. They want to understand what’s the role of Infoblox in digital transformation and that’s what we’re really focusing on here.
We’re showing how our solutions, the actionable network intelligence platform, plays a role in moving standard networks into the next generation. Most of them are really concerned about security. We’re showcasing our security solutions which are focusing about infrastructure protection, data protection, value mitigation as well as threat containment.
Q: What do you currently identify as the trends within your industry?
A: Definitely it’s about cloud computing. I think what we’ve seen is the trend is to go for a hybrid combination.
Q: What is Infoblox focusing on for the next year?
A: For the coming year our major focus is on security. This will involve going to the organisations in the market and raising awareness on DNS security.
Q: How have you seen DNS threats evolve over the last couple of years?
A: In 2016 DNS became the number one vector of attack. This is really alarming because everybody is now looking seriously at DNS and you’re digitising almost all of your services.
Mobility is one of the key things, everyone is now using their mobile in daily life and there are always billions of devices connected to applications. Transforming all these into the Internet as a platform of communication brings DNS into a high-risk threat to any organisation, because if the DNS is not available none of these services are available. DNS is the engine of the way we route information.
If that goes down for an organisation or multiple organisations, even for countries, if you bring it down you actually kill the whole country’s communication. The threats have been rising and just last year there was the major attack from Mirai bot and we’ve seen a new type of attack which created a huge denial of service on the networks.
This is another thing which we realise that the IoT may bring around, where we have a lot of devices that are connected to the network, anybody can see the vulnerability on these and take advantage and maybe utilise them as part of a botnet to create an attack internally.
We’ve seen that also happen in one of the universities in the US where vending machines were actually being hacked and attacking the internal infrastructure, bringing the whole network down. The perception is that the DNS is on the outside and it exposes your services, but in reality it’s also for internal services.
Moreover, DNS is not only about the service, it’s also a channel of communication. If you look at malware, statistically almost every malware uses DNS. And not only that, hackers are becoming more intelligent, they know that security controls at network levels used to block malware or detect malware will also block any data confidential data going out, now hackers are using DNS communication channel because it’s not monitored, it’s actually ignored and it’s a blind spot, they are taking data out through that channel.
This is one of the things which we see happening now, and that’s why we’re becoming more and more relevant not only the outside but also the inside domain.
Everybody looks at the DNS as a granted service, it’s there because it’s always been there, but the reality now is that hackers always look for the ignored controls. If the DNS is ignored, I would definitely as an attacker try to use that vulnerability on the network.