5 Minutes With: Gabe Luis, Senior Director at Infoblox

Infoblox recently published their 2023 Global State of Cybersecurity Report which offers a comprehensive data-driven report on global cybersecurity worldwide. It analyses how the last year arguably proved to be one of the most challenging yet for cybersecurity professionals. 

Some of the standout trends from the report include how the pandemic continues to have an impact in the wake of more businesses moving to a more hybrid/remote working pattern, as well as a new wave of organised cybercrime and attacks fuelled by the Russia-Ukraine conflict, as well as economic uncertainty impacting cybersecurity systems.

Cyber Magazine spoke with Infoblox’s Senior Director of Western Europe and EMEA Go-To-Market leader, Gabe Luis, about the report and what organisations can do to ensure their cybersecurity measures are sufficient for evolving technologies like AI.

What are some of the key threats identified in Infoblox’s 2023 Global State of Cybersecurity Report?

Infoblox is taking a strong position on why networking and security teams must join forces to fight cyber security threats.

We uncovered a range of threats that organisations should be acutely aware of. One of the standout concerns was data leakage. It's alarming that half of the respondents anticipate this issue, emphasising just how crucial it is for businesses to bolster their data protection measures. Unauthorised access or disclosure can have far-reaching consequences, not just financially but also in terms of reputation.

Another significant threat is ransomware. About 40% of those surveyed see ransomware as a looming challenge. This underscores the importance of not only having updated backups but also ensuring that employees are well-informed about potential risks.

Direct attacks through cloud services also emerged as a new battleground. Around 36% of participants expressed concerns in this area. It's a reminder that as we embrace the cloud, we also need to double down on our cloud security efforts, including early detection and continuous monitoring.

How can organisations tackle these threats and ensure that their cybersecurity measures are sufficient?

The most important thing that any organisation can do is to have a cyber strategy, policy, and tooling that directly relates to the needs of their specific requirements.

Investing in robust data protection tools, especially for cloud services, is essential.  Additionally, monitoring key performance indicators (KPIs) related to security, such as the time taken to detect and respond to threats, can provide insights into the efficiency of their measures. In many cyber security attacks, the first point of detection and response should be at the DNS layer. 

By continuously evaluating your infrastructure and how you continuously monitor it for lookalike domains and suspicious feeds, organisations can greatly reduce their MTTD and MTTR.

What are some strong cybersecurity measures that businesses can adopt?

Strong cybersecurity measures for businesses include implementing multi-factor authentication for all critical systems, ensuring regular software and system updates, and conducting frequent security training sessions for employees.

It's also vital to have a robust firewall and intrusion detection system in place. Regularly backing up data and encrypting sensitive information can safeguard against data breaches and ransomware attacks. Additionally, businesses should strive to adopt leading standards and frameworks such as NIST and MITRE.

Lastly, continuous monitoring and periodic security audits can help identify vulnerabilities and ensure the organisation's defences remain robust. Whilst many organisations have these measures, we are seeing more and more the need to identify threats earlier via pre-attribution with the use of good threat intel. We strongly believe that organisations need to start with looking at threat detection and mitigation at the DNS layer.

What does Infoblox do to ensure better visibility and control for businesses?

Infoblox provides solutions that emphasise real-time visibility into application, user, and device contexts, ensuring that businesses have a comprehensive view of their network activities. With the power of DNS, every device, every app, every link must use DNS and as such we can stop malicious activity at the earliest possible moment.

During the first three months of 2023, over four million domains were added to our Suspicious Feeds. Having a significant customer base also means that we are able to see domains that are brand new in our customer environments, research those domains and categorise them as benign or suspicious.

Infoblox is providing DNS Detection and Response. In today’s cyber climate, security teams are under tremendous pressure to protect more with less. As XDR has been defined to encompass Endpoint (EDR), Network (NDR), and other technologies, the realisation that DNS provides unique security visibility and protection that is not being addressed by traditional security solutions has become apparent.

By protecting against DNS tunnelling and DGAs, Infoblox helps organisations safeguard their perimeter defences and allow businesses to flag devices connecting to potentially harmful destinations, thus enabling the early detection of threats. We can flag suspicious threats that enable threat hunting teams to investigate early with contextual data via DNS. Through these solutions we ensure a more secure and efficient digital environment.

Is Infoblox seeing AI as a tool or a threat to cybersecurity?

While we recognise that, like any technology, AI can be misused by malicious actors, our focus is on harnessing its positive capabilities. At Infoblox, we also believe that AI holds immense potential as a force for good in the realm of cybersecurity.

For example, Infoblox uses AI by analysing over 70 billion DNS queries, monitoring domains and determining which domains are suspicious or malicious through our patented machine learning algorithms. Because we are focused on DNS and infrastructure actors, we can identify suspicious behaviour before its impact is known by the adjacent areas of the industry (endpoint, netflow vendors), and we can track persistent actors to block their DNS infrastructure before it becomes a problem for our customers.

By using AI's capabilities, we aim to enhance our cybersecurity measures, offering automated threat detection and predictive analytics to our clients. By integrating AI-driven insights and solutions, we're better positioned to anticipate, detect, and respond to cyber threats, ensuring a more secure digital environment for our clients. 

What do you predict the next 12 months will look like for industries from a cyber standpoint?

Based on the findings in our report, the next 12 months will be marked by several evolving cyber challenges.

Data leakage remains a top concern, with 50% of organisations anticipating this threat. The rise of cloud services will likely see an increase in direct attacks targeting these platforms. Ransomware, already a significant threat, will continue its trajectory, affecting businesses of all sizes.

The shift to remote and hybrid work has also opened new avenues for cyberattacks, and we expect attacks exploiting remote worker connections to persist. Advanced persistent threats (APTs) will also be on the radar, with sophisticated, long-term cyberattacks potentially compromising vulnerable organisations. We continue to find that DNS remains unmonitored by many organisations and is therefore a blind spot the cyber criminals can take advantage of.

At Infoblox, we remain committed to supporting industries in navigating this evolving DNS threat landscape, ensuring they're equipped with better detection and response to stay a step ahead of potential threats.

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.