Interviews | March 15, 2019

Diverse Cloud Infrastructures Complicating Core Network Management Challenges: Infoblox and Intezer

Chris Usserman
Principal Security and Threat Intelligence Advisor


Q1. What are some of the security limitations of traditional networking in the hyper-connected world of the cloud, smart apps and connected devices? Where do the biggest gaps in capabilities exist?

In a hyper-connected world packed with emerging IoT devices, evolving infrastructure, and constant security threats, network management and security have, undoubtedly, become increasingly complex and expensive tasks. Today's networks must be agile, solid, and secure while ensuring visibility across the entire ecosystem. DDI is great, but there's much more to it than basic DNS protocol — it's supporting hybrid and public cloud environments, it's adding integration with key providers, it's providing automation, and it is protecting data.

Organizations make significant investments in making sure their networks are secure. However, many security systems are complex to configure and implement, work in silos, and don't scale to the level needed to protect today's dynamic networks. Also, security operations teams are heavily short staffed, use siloed tools and manual processes to gather information, and have to deal with thousands of alerts every day. What's needed is a scalable, simple, and automated security solution that can catch threats in today's dynamic networks, even in IoT environments.

Q2. Infoblox has positioned itself as a Next Generation Networking company. What exactly is that? Describe for us some of the key attributes of a next gen network?

For most enterprises, it's becoming harder and harder to manage increasingly complex network demands across diverse physical, virtual, and cloud infrastructure. Nowhere is this more the case than with core network services, including DNS, DCHP, and IP Address Management (DDI) that make network accessibility and connectivity possible.

With the explosive growth in devices and IP addresses, DDI workloads are soaring in volume and complexity. Security threats that specifically target DDI services such as DNS are growing more frequent, sophisticated, and intense.

Traditional on-premises network management solutions can no longer keep up. Adding to the challenge is that private, hybrid and public cloud providers lack crucial network integration, orchestration, and automation capabilities today's networks require.

Infoblox brings advanced security, reliability, and automation to network environments by empowering organizations to:

  • Streamline and automate complex DDI provisioning across on-premises and private, hybrid, and public cloud deployments
  • Centrally and automatically discover, track, and monitor devices and assets across diverse physical, virtual, and cloud infrastructure
  • Automate the provisioning of DNS records and IP addresses for virtual machines with the only DDI solution that offers built-in adapters and out-of-the-box integration for leading cloud and virtualization platforms including Azure, AWS, VMware, Docker, and OpenStack
  • Protect devices and data from the widest range of DNS-based threats with the only DDI solution that is certified for both AWS GovCloud and Azure Government Cloud
  • Maximize SOC efficiency with faster threat investigation, threat research and hunting

Q3. What are your company's plans at Black Hat Asia 2019? What is your main focus going to be?

We will be showcasing Infoblox's Next Level Networking solutions on how to:

  • Extend security to devices everywhere with Infoblox ActiveTrust, deployed on premises or from the cloud
  • Maximize SOC efficiency with faster threat investigation, threat research and hunting
  • Protect your devices and data from the widest range of DNS-based threats with the only DDI solution that is certified for both AWS GovCloud and Azure Government Cloud

Itai Tevet


Q1. What exactly is Genetic Malware Analysis? How is it different from traditional approaches to malware detection and analysis?

Genetic Malware Analysis is an industry first, applying the biological immune system concepts to cybersecurity. Our technology is based on the evolutionary principle that all software, whether legitimate or trusted, is based on previously written code. By identifying the origins of every piece of code, we are able to detect code reuse from known malware, as well as code that was seen in trusted and legitimate applications, which enables us to detect sophisticated, evasive threats that cannot be identified by other techniques.

Traditional and next generation approaches are always based on some kind of Anomaly Detection technique. This introduces a problem that if an attack will look "normal" or won't generate any noise, it will go under the radar. Intezer's genetic approach is based on identifying the origins of a potential threat rather than relying on behavioral data or anomalies. This allows users to identify the source of the threat rather than trying to figure out if it's something that behaves good or badly.

Q2. What can attendees at Black Hat Asia 2019 expect from Intezer this year? What do you want them to know about the company?

Intezer will be exhibiting at booth B06. I invite attendees to stop by and speak with our experts, to demo Intezer Analyze and discuss some of our use cases, which include accelerating all stages of the incident response cycle, from the initial alert to the final step of remediation.

Intezer Analyze integrates with organizations' existing security solutions and gateways, enabling incident response teams to automatically analyze files at a large scale, classify threats to their relevant malware families, and respond to threats in a timely manner without missing critical incidents or spending resources on false positives.

What some people may not know about Intezer is through Genetic Malware Analysis we have provided crucial insights, detecting code similarities in several high profile examples including APT28, MirageFox, NotPetya, and WannaCry.

We also offer a free community edition for Intezer Analyze. Many of our current customers were community users before subscribing to the enterprise edition. As CEO this makes me feel good, really validating the value behind our technology and how it is making a difference in the world of malware detection, analysis, and classification. I encourage people to join our community. It's free and users can upload up to 10 suspected files per day, detect code similarities to known malware, and obtain new insights about malware families and threat actors. We recently launched an API for the community, which enables users to create automation scripts, produce plugins with other security systems, and more.

Sustaining Partners