Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How a DNS firewall helps in the battle against APT and similar malware

Ken Pohniman, General Manager ASEAN at Infoblox | March 4, 2016
In Singapore, high profile incidents in 2014 included the data exfiltration of a leading bank's customer data, as well as persistent attacks of a government agency's network.

Although DNS firewalls are not a magic bullet that will stop all APTs, it will block many of the initial infections by blocking the initial dropper and the download of the full APT. It will also identify (if not block) subsequent attempts to call home. Should that effort fail because the collusive server infrastructure is not known, the DNS firewall will subsequently identify infected computers by their attempts to call home for instructions. While this step does not stop the infection directly, it allows for a timely response that ensures the threat is no longer "persistent," even if it is advanced. Finally the geographic blocking abilities mean that the DNS firewall will impede and alert any ensuing data exfiltration stages that might begin to be executed. 

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.