Tweet
Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood
Audience: Defense
Vadim Pavlov
DNS is the control plane of the Internet with unprecedented detailed views on applications, devices and even transferred data going in and out of a network. 80% of malware uses DNS to communicate with Command & Control for DNS data exfiltration/infiltration and phishing attacks using lookalike domains. Response Policy Zones or DNS Firewall is a feature which allows us to apply security policies on DNS. Commercial DNS Firewall feeds providers usually do not allow user to generate their own feeds. Cloud only DNS service provides do not provide feeds for on-prem DNS. ioc2rpz is a DNS server which automatically creates, maintains and distributes DNS Firewall feeds from various local (files, DB) and remote (http, ftp, rpz) sources. This enables easy integrations with Threat Intel providers and Threat Intelligence Platforms. The feeds can be distributed to any open source and commercial DNS servers which support RPZ, e.g. ISC BIND, PowerDNS, Infoblox, BlueCat, Efficient IP etc. With ioc2rpz you can create your own feeds, actions and prevent undesired communications before they happen.
http://ioc2rpz.com
Vadim Pavlov
Vadim is a senior product manager at Infoblox where he manages Security Ecosystem integrations, Security API, BloxOne Threat Defense. He has more than 15 years of experience in the network and security industry in various roles. He is an author of open source tools such as ioc2rpz (DNS RPZ feeds distribution server) and others. Vadim earned a Master of Science degree in Computer Science (Software Engineering) from a state university in Russia.
Audience: Defense
Vadim Pavlov
DNS is the control plane of the Internet with unprecedented detailed views on applications, devices and even transferred data going in and out of a network. 80% of malware uses DNS to communicate with Command & Control for DNS data exfiltration/infiltration and phishing attacks using lookalike domains. Response Policy Zones or DNS Firewall is a feature which allows us to apply security policies on DNS. Commercial DNS Firewall feeds providers usually do not allow user to generate their own feeds. Cloud only DNS service provides do not provide feeds for on-prem DNS. ioc2rpz is a DNS server which automatically creates, maintains and distributes DNS Firewall feeds from various local (files, DB) and remote (http, ftp, rpz) sources. This enables easy integrations with Threat Intel providers and Threat Intelligence Platforms. The feeds can be distributed to any open source and commercial DNS servers which support RPZ, e.g. ISC BIND, PowerDNS, Infoblox, BlueCat, Efficient IP etc. With ioc2rpz you can create your own feeds, actions and prevent undesired communications before they happen.
http://ioc2rpz.com
Vadim Pavlov
Vadim is a senior product manager at Infoblox where he manages Security Ecosystem integrations, Security API, BloxOne Threat Defense. He has more than 15 years of experience in the network and security industry in various roles. He is an author of open source tools such as ioc2rpz (DNS RPZ feeds distribution server) and others. Vadim earned a Master of Science degree in Computer Science (Software Engineering) from a state university in Russia.