Illusive Networks Integrates with Infoblox to Speed Deployment
April 2020 by Marc Jacob
Illusive Networks announced an out-of-the-box integration with Infoblox DDI. The integration allows for the automated mapping of deceptive hostnames so that DNS deceptions are simple to deploy, with no need for additional and monotonous manual or scripted mapping. The combined solution also reduces the need for security operations center (SOC) teams to rely on external IT networking staff to keep hostname deceptions updated and authentic, greatly reducing deployment and management overhead.
To be successful, distributed deceptions must appear realistic down to the tiniest details, so that sophisticated attackers will be duped into engaging with them and quickly notify defenders of their unauthorized network presence. Hostname deceptions, one of hundreds of deception types that Illusive Networks plants all over an organization’s network, must be mapped to the domain name system so that they appear to attackers like any other genuine hostname. This extensive DNS mapping also serves to bind the deceptive hostnames to the Illusive Networks trap servers that notify a protected organization when an attacker has gained access to their network.
With the new integration between Illusive Networks and Infoblox, DNS records are seamlessly and adaptively mapped to deceptive hostnames so that Active Directory (AD) hostnames can be deployed without manual or scripted mapping. With the solution, IT and SOC teams become more independent and efficient. Automated DNS mapping reduces the labor and expense of deploying hostname deceptions, while also speeding up the discovery and repair of any DNS misconfigurations that might enable other sideways network attacks.