BloxOne Threat Defense integrates threat intelligence feeds, rules, custom lists, category and application filters, and advanced analytics to strengthen your network network’s security , protecting and protect you from escalating cyber threats that can adversely affect your business. BloxOne Threat Defense combines secure DNS resolution in the cloud with advanced analytics tools for detecting and preventing a broad range of threats, such as DGA families, data exfiltration, lookalike domains, and fast flux. These tools consist of reports, active indicators, Threat Lab, Dossier research, and TIDE (Threat Intelligence Data Exchange) and are based on machine learning, highly accurate and aggregated threat intelligence, and automation. All these features work together to provide insight into your network’s security and into infected and compromised devices.
To begin protecting your network infrastructure using with BloxOne Threat Defense, you use the Cloud Services Portal to define a network scope to which you will apply security configuration via the Cloud Services Portal. The network scope can include your company's public networks, roaming end users, and on-premises premise networks (including the NIOS Grid). You can then Next, configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, BloxOne Threat Defense will automatically applies apply threat intelligence feeds to your defined networks. In addition to providing secure DNS resolution in the cloud, BloxOne Threat Defense combines advanced analytics based on machine learning, highly accurate and aggregated threat intelligence, and automation to detect and prevent a broad range of threats, including DGA families, data exfiltration, look-alike domain use, fast flux, and others. These analytic tools include reports, active indicators, threat lab, Dossier research, and TIDE (Threat Intelligence Data Exchange), all working together to provide insight into your network security and visibility into infected and compromised devices.
The following illustration describes the high-level workflow of the for deploying BloxOne Threat Defense deployment:
.png?version=1&modificationDate=1725606132669&cacheVersion=1&api=v2&width=1000)
Complete the following steps to To deploy BloxOne Threat Defense, complete the following steps:
- Define Use the Cloud Service Portal to define the scope of the networks you would like to protect from malicious attack via the Cloud Service Portalattacks:
- For your company's public networks, see see Configuring External Networks.
- For roaming end users, see see BloxOne Endpoint or or BloxOne Mobile Endpoint.
- For on-premises premise networks (including the NIOS Grid), see see Configuring DNS Forwarding Proxy.
- Set up the initial security configuration on the defined network scope by doing the following
- . For details on:
- Setting up custom lists,
see - To apply
- Applying category or application filters,
see - see Using Filters.
To view - Viewing the threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level,
see - Configure security rules and policies, or point your networks to a redirect page. For details on:
- To apply Applying security policies to the networks you have defined networks, see see Configuring Security Policies.
- To use Using the default redirect page or configure configuring custom redirects, see see Defining the Redirect Page.
- Using advanced analytics, Use the reports, dashboards, Infoblox Threat Lab, Dossier, and TIDE to analyze your security policies and take appropriate actions. BloxOne Threat Defense provides uses advanced analytics to provide reports that will help you use to analyze DNS traffic , so you can and monitor how the effectiveness of your security configuration protects your networks.
BloxOne provides a list of available reports. To view available reports, see . For details on:- Viewing the reports provided by BloxOne, see Viewing Reports.
- Viewing high-level statistics
- , see Viewing the Dashboards.
In addition to reporting, you can
use Dossier research, active indicators, and
Infoblox Threat Lab to investigate suspicious domains and decide what action you might want to take.
For more information
about:
About Dossier,
see Infoblox Dossier.
About active indicators,
About threat lab,
see Infoblox Threat Lab.
Optionally, you can do the following to enhance security in your network infrastructure:
- Configure an on-prem DNS firewall for your NIOS Grid to receive feeds from BloxOne Cloud.For information on how to set up on-prem DNS firewall, see For details, see Configuring On-Prem DNS Firewall.
- View threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level. For details, see Viewing Threat Intelligence Feeds.
For more information about BloxOne Threat Defense, see the following:
| Excerpt | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
|
...