SafetyDetectives spoke with Jesper Andersen, President & CEO of Infoblox. He talked about how about some of the biggest cyberthreats and how Infobox can help mitigate them, the security benefits of cloud-first networking, and he gave a few tips on improving your cybersecurity to avoid being hacked.
Thank you for taking some time for us today. Can you talk about your professional journey to becoming President and CEO of Infoblox?
Growing up in Denmark, my father worked in the high tech industry, thus I learned about computers at a very young age. I received my master’s degree in computer science from Aalborg University and started my career as a software developer, where I worked for a Danish software company in engineering and development.
I have been fortunate to work for some great companies throughout my career, including Cisco and Oracle, where I learned about the entire technology stack, databases, and business applications. It was in these roles that I truly appreciated the importance of a team and where I learned to add value at a management level. I’m a social person by nature and a team environment is extremely important to me. At Cisco as a Senior Vice President for Network Management, I managed a team of more than 1,000 employees and was responsible for the development of the Cisco Prime portfolio of integrated network management and analysis solutions. Prior to Cisco, I served as Senior Vice President of Application Strategy at Oracle, where I was responsible for creating an application integration architecture capable of bringing together disparate products from multiple acquisitions.
My professional background allowed me the opportunity to become President and CEO of Infoblox starting in 2014, and I’m proud to work for this company, especially since it’s an incredibly important time in network services.
What are some of the main services that Infoblox offers?
Our mission is to simplify networking and security for our customers. We provide critical network services to nearly 13,000 customers worldwide, and are the leader in next generation DNS management and security, offering a combination of both cloud and on-prem solutions to best fit our customers’ needs. Our customers rely on us to scale, simplify and secure their hybrid networks to meet the modern challenges of a cloud-first world.
In addition to DNS management, Infoblox provides visibility and security for the hybrid workplace using DNS as the first line of defense. The solution, called BloxOne Threat Defense, stops attacks such as ransomware, malware C&C, and phishing, earlier in the threat lifecycle, which minimizes lateral spread, reduces dwell time and offloads other more expensive security solutions. We are constantly monitoring new and evolving threats and making updates to our solutions to protect our customers. We also recently introduced a new algorithm that produces easy-to-interpret threat classification scores to identify which ten TLDs (Top Level Domains) have the highest risk of containing malicious data. Using our reputation-scoring algorithm, we’ve already seen great success in strengthening the defense of our customers. We also don’t stop with just blocking threats. Security operations teams need user and device attribution to understand which parts of the network were impacted. DNS, DHCP and IPAM data is a critical source of this telemetry that SecOps teams can use to speed up their incident response. Some of our customers have been able to reduce SecOps effort by 34% because of the contextual information they were able to get from our DNS platform.
What’s your client base like?
Infoblox’s technologies enable 13,000 organizations, including more than 75% of the Fortune 500, to modernize their IT infrastructures for remote work. With more than 50% of the DDI market share, which is nearly 4x more than our closest competitor, we are the industry’s top choice for DNS, DHCP, and IP address management services. Customers across healthcare, financial services, insurance, government and technology companies rely on us to simplify, scale and secure network connectivity across the most complex environments across on-premises, cloud-only, and hybrid deployments.
What are some of the biggest cyber threats that you’ve encountered, and how does Infoblox help mitigate them?
Cyber threats can be big in a number of different ways, whether that be the overall damage they do or the breadth of their attack. What keeps us on our toes is that these threats come from human adversaries who are constantly innovating to keep themselves in business. We saw a lot of activity during the globally covered Log4Shell attacks last year, in which actors exploited a vulnerability in a commonly used open source library. Our intelligence group published multiple papers on those events, including an in-depth longitudinal study this Spring.
Clever cybercriminals are finding ways to spread while remaining below the radar as a major threat. We find that DNS is particularly helpful at identifying these networks as they present as outliers in the sea of DNS queries we observe every day. The techniques used to uncover them are complex, we leverage our internal algorithms for name server and registrar reputation, as well as characteristics about the domains and how they relate to each other over time, in part. We’ve published two of these large malvertising networks this Summer and were the first in the Industry to recognize they were not just “nuiscance”-ware. In addition, we have recently published our algorithms for reputation.
What are the security benefits of cloud-first networking?
The rise in remote work, branch offices, and IoT devices has led to the increased adoption of cloud-based services and infrastructure, creating more challenges for security professionals.
BloxOne Threat Defense addresses these challenges and makes cloud-first networking safe, by securing and scaling customer networks for a cloud-first world. It provides simple, ubiquitous protection for on-prem, cloud and hybrid networks.
The solution goes beyond traditional security tools by leveraging the data generated by DDI to monitor network traffic, proactively identify threats, and automatically alert security systems and teams of potential compromises. This enables customers to address security incidents with speed and efficiency, better protecting user data and mitigating the costs of an attack.
BloxOne Threat Defense is unique for the way that it operates at the DNS level, giving customers foundational security by catching the 90% of all malware that touches DNS to enter or exit the network. It combines advanced analytics based on machine learning, highly accurate and aggregated threat intelligence and automation to detect and block a broad range of threats, including modern malware, ransomware, data exfiltration, domain generation algorithms, and more. It uses pervasive automation and ecosystem integrations to monitor the network, quickly detect any threats, and trigger remediation. And it adds crucial context around these threats, which it shares with third-party security tools to further fortify network defenses.
BloxOne Threat Defense is a flexible solution for today’s cloud-first world. It can run in multi-cloud environments to protect workloads in the cloud. The solution can also be delivered as a SaaS service, enabling organizations to quickly and remotely secure their work-from-anywhere users.
Do you have any tips for the average person on how to improve their cyber security and prevent getting hacked?
- Investing in threat intelligence is one of the most important things even the average person should take advantage of. When properly implemented, a threat intelligence system like BloxOne Threat Defense from Infoblox can help to effectively defend against, prioritize and mitigate threats. Applying high quality threat intelligence to your security systems can also aid in properly classifying events and minimizing false positives or misclassified events. Obtaining reports that contain details on the threat, severity and action taken by the system(s) will also be helpful as this will help you gauge the effectiveness of your security architecture in taking action on highest impact threats vs. lower priorities.
- DNS visibility can be a powerful tool for understanding what’s going on inside a company’s networks. Even if organizations use other security tools such as NGFWs and EDRs, gaining real time visibility on what resources (internal and external) are being accessed by devices, knowing when new devices are connecting to the network and quickly gauging which devices are impacted when there is a breach is very critical for an optimal security response.
- Don’t forget about DNS protection – DNS is foundational to every organization because it provides mission-critical network connectivity. If your DNS is down, your business is down. Successful DDoS attacks can cost an organization hundreds of thousands of dollars in lost revenue per month. Something like Infoblox’s Advanced DNS Protection (ADP) effectively shields you from the widest range of DNS DDoS attacks, maintaining service uptime for your organization.