In an interview with FedTech Managing Editor David Stegon, Ralph Havens, president of Infoblox federal, answered questions about current security trends and the company’s recent vendor conference.
FEDTECH: From your vantage point, what are the biggest challenges right now in federal IT?
Havens: FedRAMP is helping federal agencies take a deeper dive into how they procure cloud technologies and drive innovation. From our vantage point, many agencies need to pay greater attention to core networks services — such as DNS, DHCP and IPAM [Domain Name System, Dynamic Host Configuration Protocol and IP address management, collectively referred to as DDI] — essentially because it’s the foundation on which everything else rests. DDI automation impacts how effectively an agency can transition to the cloud or seamlessly modernize its critical IT infrastructure. With that in mind, automating DDI and securing DNS is key to ensuring IT infrastructure is functioning at its highest levels. We are in an era of unprecedented connectivity and network traffic that represent great opportunities but also harbor security threats — agencies really can’t afford to neglect DDI.
When most of the IP networks used in agencies today were designed, no one could have imagined the number of connected devices, the volume of traffic, or the nature of security threats that these networks would be required to handle, and the problem is only growing. With demand increasing, security attacks becoming more sophisticated, and complex new protocols like IPv6 on the way, agencies must prepare by automating core network functions and securing DNS.
FEDTECH: It seems DNS attacks are on the rise. Why is that happening?
Havens: Because DNS is the dial tone for the Internet, a successful attack is able to shut down the entire network. This makes DNS attacks very appealing to cybercriminals and other adversaries. The 2015 Quarter 4 Infoblox DNS Threat Index found that 72 percent of domains created for malicious attacks worldwide were in the United States. This is far greater than in any other country. Therefore, agencies need to realize that cyberattackers consider U.S. enterprises and government agencies a top target.
DNS is now the number one attack vector to enterprise networks because hackers have determined that organizations have not properly protected their systems. These organizations have assumed that the broader cybersecurity solutions they have in place will help them find and block DNS attacks, but this is often not the case.
FEDTECH: Can you share some best practices for how to combat these attacks?
Havens: Agencies can begin the process of protecting against DNS attacks by automating their cybersecurity defenses, including core network services. Network administrators are having to manage and track activity on their Domain Name Systems manually. This makes it much more difficult to detect malicious traffic coming through the DNS port.
They also need to ensure that security is built into their DNS rather than bolted on by other cybersecurity solutions. One example of built-in security is the ability some agencies now have to perform real-time streaming analytics on live DNS queries to detect a DNS attack. Analytics give agencies the ability to detect both known threats and zero-day attacks. This matters because it only takes minutes once a DNS attack is underway for serious damage to be done. The longer it takes for a network administrator to realize an attack is occurring, the greater the damage.
FEDTECH: Infoblox had a big event in May. What can you tell us about that?
Havens: You are referring to Bloxfest, our first annual customer conference for IT professionals committed to building world-class networks and security infrastructure. For three days in Boston, we explored trends, technologies, and techniques IT professionals need to know to help their organizations succeed. We had great keynote speakers, including “Mr. DNS” Cricket Liu and “World’s Most Famous Hacker” Kevin Mitnick. A wide range of track sessions dived into the big concerns and practical solutions for core network services and security. The sessions included hands-on labs, where IT pros earned and practiced new skills in real time; a “View from the Trenches,” during which Infoblox sales and service engineers shared stories from the front lines; and “Ask the Experts,” which featured unstructured Q&A with leaders in network architecture and engineering.
We allotted time for attendees to meet informally and learn from each other throughout the conference. There was also a full day of specialized training immediately before the start of Bloxfest, for those seeking greater know-how on deploying Infoblox-specific solutions, products and add-ons.