Food for Thought

7 Myths
about NetworK
Management in
a Digital World
In todays digitally driven, 24/7 world, how well you thrive as
a business depends, more than ever, on your network. Its the
central nervous system that drives business innovation, customer
satisfaction, and market expansion. Its no overstatement to say that

your network is one of your most

valuable business assets.

But how well do you understand the challenges its up against in an

ever-shifting landscape of rising customer expectations, massive
device proliferation, increased virtualization, cloud adoption, the
Internet of Things, and evolving threats?

Its time to get real.

2
 Think any of the following statements are true?

Think again.
MYTH 1

Data center REALITY

management tools
optimize application You can fully optimize
deployment speeds. application deployment
speeds in the data center
only by automating core
network services.
If you believe your current data center management tools can serve up apps
as fast as your business requires, you may be guilty of wishful thinking. Truth
is, most data centers are built on legacy technology, which can leave you at
a serious disadvantage when it comes to providing your business with the
digital agility it needs to compete in todays hyper-connected world.

Conventional management tools were designed to support more static

assets, not to roll out enterprise apps on demand or provision hundreds
and thousands of virtual machines in the blink of an eye. These days, to
optimize data center performance, you must first automate the core
network services that make connectivity possible across virtual, physical,
and cloud environments. These services include DNS, DHCP, and IP address
management (IPAM), otherwise known as DDI.

The problem todays data centers face is that performance demands for
DDI are escalating astronomically. In addition, DDI platforms are becoming
more diverse, and yet the tools used to manage these core services are still
heavily dependent on manual processes and siloed, patchwork solutions.
These methods are often managed using separate tools, which degrades
efficiency, hinders visibility, and increases the risk of configuration errors and
deployment delays.

3
Bring Automation and Next-Generation Agility to
Your Data Center.
Infoblox Actionable Network Intelligence puts you in control of your data
center by automating key functions, including application deployment
and the provisioning of virtual machines. It automates and optimizes core
network services, enabling you to quickly launch applications and provision
and decommission virtual machines dynamically and on demand to meet
fluctuating business requirements, and without having to wait for manual
intervention.

In addition, the Infoblox platform vastly simplifies what it takes to ensure

smooth and seamless operation across diverse physical, virtual, and cloud
infrastructure. Using a single, intuitive console, your teams can manage data
center resources in context with your extended ecosystem. The platforms
open APIs enable you to easily integrate across all major orchestration
technologies, including VMware, OpenStack, Microsoft Azure, Amazon Web
Services (AWS), HP, Cisco, and BMC.

You also get a unified view that displays the entire network landscapevirtual
and physicalso you can efficiently track current and historical resources for
troubleshooting, compliance, optimization, and audit requirements.

Get a Next-Generation Data Center Today

Deploy applications exactly where and when
theyre needed

Support highly dynamic workloads

Scale services and capacity up and down based

on demand and policy

Gain visibility for more efficient management

and compliance

4
MYTH 2

Your current policies REALITY

and procedures can
eliminate shadow IT. Shadow IT is here to stay,
but with automation and
actionable insight you can
bring it into the light.

Shadow IT, the use of technology solutions without the knowledge or support
of IT, is on the rise. Most companies know it exists. But few are aware of its
extent. In fact, most CIOs believe there are about 50 unauthorized cloud
services running inside their companies; the actual number is more than 700,
according to research from Cisco.*

Shadow IT has become pervasive for the simple reason that business
users need new tools and solutions faster than IT can provide them.
The consumerization of IT is in full swing. Powerful cloud-powered business
apps are coming online every day. Its folly to assume you can put the genie
back in the bottle by simply ramping up your enforcement efforts using your
existing procedures and network management tools.

The reality is, when business users reach for the latest cloud app without
approval, theyre not out to sabotage your security or compliance. They
just want to do their jobs as quickly and effectively as possible. Rather than
fight shadow IT, your enterprise would be wise to find ways to identify its
presence, and then embrace it, safely and efficiently.

*Corbin, K. (2015, August 10). CIOs vastly underestimate extent of shadow IT. Retrieved August 19, 2016,
from CIO: http://www.cio.com/article/2968281/cio-role/cios-vastly-underestimate-extent-of-shadow-it.html

5
 Embrace the Benefits of Shadow IT by Bringing It into
the Light, Automatically.
With Infoblox Actionable Network Intelligence, you can automatically detect
and secure shadow IT applications and devices. By doing so, you can free
your business users to gain valuable new capabilities at the pace they
demand, while minimizing your risks.

From its unique position within the core of your network, the Infoblox platform
continuously monitors all traffic. It analyzes data as it crosses the network
grid, so you can see which systems are sharing data with your enterprise.
It automatically detects the presence of unauthorized applications and
devices and automatically triggers policy enforcement.

In addition, Infoblox provides a unified view of your entire network landscape,

including all virtual, physical, and shadow IT assets and resources, enabling
you to apply actionable insight for troubleshooting, compliance, optimization,
and audit requirements.

Using Infoblox, you can embrace the benefits of shadow IT, such as self-
service, speed to market, and business innovation, while ensuring that every
application your employees and colleagues use is secure, within policy,
and compliant.

Why Business Users Choose Shadow

WhyITBusiness
Solutions
Users Choose Shadow IT Solutions
Lack of Awareness
Business users often dont know they should seek
authorization because policies are not as clear or
communicated as effectively as they could be.

Lack of Patience
Your staff may anticipate that IT will not authorize a request
or respond in the time they feel they need.

Individual Preference
Your co-workers are eager for apps they believe will be
easiest for them to use, regardless of where they originate.

6
MYTH 3

Manual processes are REALITY

an unavoidable part
of collecting data for Your network can help
compliance. you meet your compliance
obligations
automatically.

Devices and applications are multiplying at dizzying rates throughout your

infrastructure. Its harder than ever to maintain compliance when vast
numbers of assets are strewn across mixed physical, virtual, and cloud
environments. For most companies, gathering data for compliance is an
unending burden that entails endless cycles of manual effort. Given the
disjointed toolsets that most IT departments rely on to perform compliance
tasks, manual effort just comes with the territory.

Unfortunately, manual compliance processes carry steep costs, and

not just in terms of staff time. They introduce errors and consume vital
resources. They make it difficult to manage in-scope data and stay ahead
of regulatory change. They also complicate the task of rooting out instances
of non-compliance quickly and determining corrective action, leaving your
organization vulnerable to security threats and regulatory violations.

7
Automate Data Gathering for Compliance
With automated data gathering and policy enforcement from Infoblox,
you can take command of your compliance efforts while freeing your staff
to focus on core business objectives. With Infoblox Actionable Network
Intelligence, administrators can assess and ensure the compliance of devices,
applications, and network infrastructure without manual intervention.

Moreover, the Infoblox platform makes audits simple and automatically

defines in-scope network segments for compliance, vastly increasing
accuracy and enforcement oversight. It streamlines the process for
documenting and encoding control policies across diverse infrastructure.
In addition, it simplifies enforcement of corporate and regulatory compliance
requirements such as PCI, HIPAA, DISA, and STIGs across your multi-
vendor equipment.

Perhaps best of all, with Infoblox, you gain a single source of truth for
network and device data across the enterprise. It brings unparalleled visibility,
certainty, and clarity to your compliance program. Youll always know what is
out of compliance and where corrective action needs to take place.

8
MYTH 4

Of the many security REALITY

issues your network
faces, DNS is important, DNS is the #1 attack
but not a top priority. pathway into your network.

Its true. Your network must confront an ever-rising number of complex

security challenges. Increasingly, however, they directly involve DNS. Its the
number one attack vector into your network. More than ninety percent of
malware uses DNS to communicate with command and control (C&C) servers,
steal data, or redirect traffic to malicious sites.

DNS is a top attack pathway for several reasons. First, it plays a unique role
in connectivity. Every device, every virtual machine relies on DNS to connect
to your network. In addition, the open nature of the protocol makes it a
ripe target.

Lastly, and most importantly, conventional network security measures

such as firewalls and intrusion protection systems do not understand DNS.
Because they are not designed to inspect and analyze DNS traffic for signs
of suspicious activity, they cant adequately prevent many types of attacks,
including sophisticated distributed denial of service (DDoS) attempts, cache-
poisoning and DNS hijacking. As a consequence, cybercriminals exploit
DNS specifically to infect devices, propagate malware, and exfiltrate data
because they know its vulnerable. And their DNS-based tactics are evolving
at breakneck speed.

9
Comprehensively Defend Your Network from
DNS-based Threats
Infoblox Actionable Network Intelligence automatically and comprehensively
defends your DNS server from the widest range of DNS-based attacks,
including DNS DDoS, while enabling you to maintain service availability and
business continuity. Its able to distinguish between legitimate and malicious
DNS traffic in real time, enabling your DNS server to respond only to valid
queries, even during DDoS events.

With Infoblox, you can continuously monitor malware threats in real time
based on machine-readable threat intelligence. The platforms firewall
capabilities stop malware in its tracks by automatically identifying, isolating,
and remediating compromised devices, preventing them from communicating
with malicious C&C servers and botnets. The platform also gives you the
ability to speed remediation by seeing threat information in context and in
real time, and then automatically share that data with security personnel and
third-party systems.

In addition, Infoblox protects your most sensitive information from going

out the DNS backdoor. Using advanced behavioral analytics and actionable
network intelligence, Infoblox can tell when data is being tunneled out
through DNS and stop the leak.

10
MYTH 5

Organizations REALITY
should hold off on
IoT initiatives until You can safely deploy
security improves. IoT in many scenarios by
shoring up DNS defenses.

Security is one of the biggest roadblocks to the wide-scale adoption of the

Internet of Things (IoT). Its easy to see why. Built for low cost and lacking key
security features, the billions of connected smart chips, sensors, beacons,
and devices of IoT are indeed vulnerable to attack.

For example, in 2015, hackers gained remote control of an IoT-connected

Jeep Cherokee. In October 2016 a massive DDoS attack on cloud DNS
provider Dyn simultaneously crippled high profile web sites including Twitter,
Netflix, Box, The New York Times, and many others. The attack involved
the use of malware to hijack millions of IoT-connected cameras, residential
gateways, and even baby monitors to flood DNS servers.

As it turns out, a chief pathway for attacks against IoT devices is, you guessed
it, DNS. IoT increases DNS-based attack surfaces by orders of magnitude.
For example, as more and more data is exchanged through smart grids, the
more damage security breaches can cause. The prospect of hackers gaining
entry to connected systems prevents many companies from launching game-
changing IoT deployments in the near term.

By securing DNS, however, companies can move forward with many IoT
scenarios right now.

11
Secure IoT Devices in Real Time by Shutting Down
DNS Pathways
Infoblox Actionable Network Intelligence enables you to overcome many
IoT-related security threats that prey on DNS connectivity. The platform
combines advanced automation, centralized policy management, enhanced
visibility, and unique actionable intelligence drawn from telemetry streaming
through IoT devices, applications and systems.

In addition, using its powerful reporting and analytics capabilities, you can
analyze IoT device access patterns, capacity trends, and the evolution of
threats to proactively manage network capacity, improve application design,
and bolster security.

Serious security issues remain for certain IoT deployments, such as

those involving connected healthcare and vehicle safety systems. But
with the DNS security capabilities built into Infoblox Actionable Network
Intelligence, organizations can bring safety and security to many common
IoT scenarios today.

12
MYTH 6

Security teams have REALITY

enough information
to prioritize security
issues effectively.
Security teams are so
inundated with information
that they dont know
which threats to act on
first and why.

Around the clock, hackers and their bots are attempting to gain entry to your
network. Their activity creates a relentless stream of alerts from security tools
that your security teams have to ingest and process in order to prioritize
responses. Even the best-equipped security teams struggle to identify
genuine threats in the gushing torrent of threat data coursing through their
systems. Without knowing which threats are most urgent and can cause
the most damage, security personnel waste valuable time and resources
chasing down the wrong issues.

In addition, most IT departments rely on a collection of point solutions and

management tools for security. These systems are poorly integrated and
cant provide visibility into distributed network assets. They also often involve
a high degree of manual processing, which further slows threat identification
and remediation.

13
Prioritize and Remediate Threats with Advanced
Threat Intelligence and Insight
With Infoblox Actionable Network Intelligence, your organization can
automatically identify, prioritize, and remediate threats using advanced threat
intelligence and context awareness.

Using the Infoblox platform you can cut through the noise and take
immediate action on threats that truly matter, automatically and in real time.
Infoblox integrates curated and verified threat intelligence on the latest attack
techniques, enabling you to anticipate emerging DNS-based threats and
proactively defend against them.

Moreover, with Infoblox, you can see security incidents in context from a
single, unified console. You always know where infected devices are located,
who owns them, the attack methods involved, and how many times theyve
accessed malicious destinations. With such insights, you can better assess
your security risks, identify high value assets that are infected, conduct
further investigations, and pre-empt future threats.

14
MYTH 7

Organizations can REALITY

automatically track
the activation and Organizations lack a
compliance of new comprehensive view of
devices. newly activated devices.

Its tempting to believe that conventional network management systems

can keep you informed when new devices join your network. After all, that
information is vital to effective network management. Regrettably, getting that
information is increasingly challenging for most organizations. The reason
why is the same as with many other aspects of network administration
disparate tools and disjointed data siloes hinder the ability to track new
devices and ensure their compliance.

The task is becoming even more daunting as the number of connected

devices continues to soar, a trend that will escalate manyfold as the Internet
of Things ramps into high gear. The bottom line is that organizations have no
efficient way of knowing when new devices are added and if they meet the
latest standards.

When you lack a comprehensive view and contextual information about

devices, your network remains vulnerable to security risks, unplanned
outages, traffic spikes, and slow performance.

15
Automatically Detect New Devices and Make
Them Compliant
With Infoblox Actionable Network Intelligence, you gain a real-time view
of all devices across your diverse, multi-vendor infrastructure, including
newly activated devices. Residing at the core of your network, Infoblox
automatically detects new devices and notifies vulnerability scanners to
initiate compliance activities.

The platform provides complete details about your devices, including their
configurations, where they reside, and how they interconnect with one
another. It also enables you to harden security by providing the ability to
find and fix rogue devices and identify compromised devices in real time
using rich contextual data, including associated switch ports, IP and MAC
addresses, location, and user information.

Infoblox helps you manage more than devices. It brings advanced automation
and insight to all network management activities. For example, you can
enhance network efficiency by proactively monitoring and analyzing network
configurations, enabling you to flag problems early. Reduce waste and avoid
downtime from configuration errors by automatically reclaiming unused
resources. And always be ready to accommodate explosive growth in new
devices and virtual machines with predictive insights into capacity needs
while avoiding IP address and switch port exhaustion.

16
One Final Reality You Cant Ignore
Its no myth that networks drive business strategy today. Improved efficiency,
capacity, and security arent just nice to havetheyre critical characteristics
of a successful organization in todays increasingly competitive, always-on
world. Actionable Network Intelligence helps your business excel by putting
the data inside your network to work for you, gathering insights that ease
management and security while revealing new capabilities and capacities.

Actionable Network Intelligence helps you evolve your

business on the fly while reaping substantial savings in
time and expense.

About Infoblox
Infoblox, headquartered in Santa Clara, California, delivers critical network services that protect Domain
Name System (DNS) infrastructure, automate cloud deployments, and increase the reliability of enterprise
and service provider networks around the world. As the industry leader in DNS, DHCP, and IP address
management, the category known as DDI, Infoblox (www.infoblox.com) reduces the risk and complexity
of networking.

3111 Coronado Drive +1.408.986.4000 (Main)

Santa Clara, CA 95054 1.866.463.6256 (Toll-free)