Infoblox announced that a Tolly Group test revealed for a second straight year that the BloxOne Threat Defense secure DNS solution outperforms other DNS security solutions by detecting a fuller range of threats more accurately.
The results confirm a similar test Tolly conducted in 2020 between BloxOne Threat Defense and a competitor across several real-world scenarios. This time, Tolly once again found that BloxOne Threat Defense:
- Detects and blocks DNS-based malware, including ransomware, better. While both products were able to block communications with known malicious sites, only BloxOne Threat Defense was able to block the “FiveHands” ransomware, as well as other advanced DNS-based malware vectors, including fileless malware and the use of DNS itself to infiltrate networks.
- Prevents sensitive data from being exfiltrated more effectively, blocking credit card data from being exfiltrated via the UDP protocol from Points of Sale, as well as other DNS-based exfiltration methods. The other product was unable to block these attacks.
- Blocks more new and advanced DNS-based cyber threats domain generation algorithms (DGAs), and lookalike domains, while preventing bypass of internal DNS resolvers.
- Makes Incident Response and Investigation more effective, by leveraging DDI data to provide enhanced network visibility, integrating with a broad array of security tools, and providing critical threat intelligence to investigators in an intuitive, easy-to-use format.
“Tolly’s findings demonstrate how DNS continues to be a powerful tool for protecting networks from evolving cyberthreats, including ransomware,” said Krupa Srivatsan, Director of Product Marketing at Infoblox. “As organizations continue to move to the cloud to facilitate digital transformation and remote work, they need next generation DNS security that can keep up with the fast evolving threat landscape as a foundational layer in their defense in depth strategy.”
“These results show that, with its more effective security, richer context, and broader threat intelligence and ecosystem integrations, BloxOne Threat Defense is the clear choice for delivering DNS security on cloud, hybrid, and on-prem networks,” Srivatsan added.
To conduct the study, Tolly replicated several real-world situations, including malware infiltration, as well as the “FiveHands” ransomware and fileless malware infection, DNS-based exfiltration of sensitive data via UDP protocol on infected points-of-sale (POS), and the use of newer technologies such as DNS over HTTPS and the newer “Type65” record. They then compared how BloxOne Threat Defense and the competitor performed across a number of variables.
Tolly found that BloxOne Threat Defense was more effective at both detecting and blocking a fuller range of attacks. It also provided deeper visibility into the network environment, shared greater contextual data, and automated the sharing of actionable intelligence through a greater variety of ecosystem integrations. All this enabled security teams to be more effective at detecting and remediating security threats.