DNS security firm Infoblox is getting into the reporting and analytics market. The company has teamed up with log analysis firm Splunk to create a reporting tool that can predict network capacity load and help security experts drill down into suspicious events.
Infoblox cut its teeth with software that manages DNS, DCHP and IP addresses for customers. This category, known as DDI, helps larger companies manage the volume of IP addresses that they need to dish out to connected devices, and can also monitor where their devices are going online.
The company also offers network automation products that help administrators discover devices, manage network switch ports, and automate network change configuration.
Its latest product, Infoblox Reporting and Analytics, takes network data from its other products, and aggregates it. It then produces customizable reports for users, with the help of Splunk, which sells IT infrastructure analytics tools. Infoblox uses a large portion of the Splunk code in its own tool, explained Jonathan Gohstand, vice-president of product management at Infoblox.
The Infoblox reporting tool uses predictive analytics to help network administrators understand what will happen to their networks in the future, Gohstand said. This, in particular, has applications in capacity management.
“Network administrators have to manage the IP address space in an organization. They slice and dice it into various segments and subnets. You can run out of addresses in different parts of the network,” he said. “It can result in downtime.”
The reporting tool can predict when different parts of the business will run out of address space. It will also help admins to understand security events more effectively, added Gohstand.
The system can highlight unusual DNS activity, such as clients on the same subnet all trying to connect to an obscure Russian web site at the same time, perhaps, or clients attempting to connect with a known malicious address. That information can then be passed to security administrators as a heads-up.
Because Infoblox also lets administrators tag internal IP addresses with information such as owner contact details, company department, and physical location, this can help administrators to quickly find the right person and address potential security issues, he said.
The reporting tool comes with some security integrations, enabling it to plug into Cisco ISE and Bit9 + Carbon Black. This automates the passing of IP address and DNS activity information into these products.
The upside of this product from a security perspective is that it doesn’t need any software agents on the client side, argued Gohstand. “You can’t put them on medical kit, IoT devices, or BYOD computers,” he said, adding that monitoring address activity at the DNS level was more practical.
“In theory there are a whole slew of products that you could cobble into the network and have it monitor everything and report back,” he suggested. “In theory you do that, but in practice it’s difficult and expensive.”
Compliance and uptime
Other areas the reporting component can help with include compliance, and application uptime. On the compliance side, the reporting tool can provide detailed audit information to help satisfy regulations such as PCI and HIPAA, said the firm.
The dashboards built into the reporting platform can also alert administrators of potential network performance issues by looking at spikes and drops in DHCP lease rates, the company added.