Infoblox brings AI to DNS protection service
Infoblox is rolling out an AI-based package to bolster its domain name system (DNS) protection portfolio and boost security for widely disbursed, DNS-networked enterprise resources.
SOC Insights is a cloud-based expansion of the vendor’s current BloxOne DNS Threat Defense package. It lets customers use DNS threat intelligence to bring proactive threat disruption and analytics to the security operations team, according to Craig Sanderson, vice president of security and product management at Infoblox.
The idea with AI and SOC Insights, which is available now, is to give customers a way to reduce response time by turning vast amounts of security event, network, and DNS intelligence data into a manageable set of immediate, actionable insights, Sanderson said. AI SOC Insights takes in networking and security data from Infoblox’s DNS data set and third-party sources, and then it uses AI technology to correlate events, prioritize them, and offer recommendations for resolution. This not only accelerates threat detection and response but also alleviates the strain on overburdened SOC analysts, Sanderson said.
“As much as DNS is a control plane for enterprise networking, it’s also a control plane when it comes to adversaries and malware,” Sanderson said. “That can be a problem because who normally looks at DNS traffic? It’s not normally the security team. It’s the network folks, many times, who have to be able to pass through the billions of DNS events that get sent in a day, trying to work out of the literally hundreds of thousands of DNS domains to get registered every week. It’s very difficult to better identify what the adversaries are doing, and they’re hiding, in many cases, in plain sight,” Sanderson said.
AI will be able to see the most important data through all the noise, Sanderson said. He cited an example of an unnamed customer who recently boiled down about 500,000 events into 24 actionable insights.
In addition, SOC Insights can spot configuration errors, high-risk activity, and other behaviors to help organizations fortify their security posture and mitigate risks proactively, Sanderson said.