BloxOne Infoblox Threat Defense integrates threat intelligence feeds, security policies, rules, custom lists, category and application filters, and advanced analytics to strengthen your network network’s security , protecting and protect you from escalating cyber threats that can adversely affect your business. Infoblox Threat Defense combines secure DNS resolution in the cloud with advanced analytics tools for detecting and preventing a broad range of threats, such as DGA families, data exfiltration, lookalike domains, and fast flux. These tools consist of reports, active indicators, Threat Lab, Dossier research, and TIDE (Threat Intelligence Data Exchange) and are based on machine learning, highly accurate and aggregated threat intelligence, and automation. All these features work together to provide insight into your network’s security and into infected and compromised devices.
To begin protecting your network infrastructure using BloxOne with Infoblox Threat Defense, you use the Infoblox Portal to define a network scope to which you will apply security configuration via the Cloud Services Portal. The network scope can include your company's public networks, roaming end users, and on-premises premise networks (including the NIOS Grid). You can then Next, configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, BloxOne Infoblox Threat Defense will automatically applies apply threat intelligence feeds to your defined networks. In addition to providing secure DNS resolution in the cloud, BloxOne Threat Defense combines advanced analytics based on machine learning, highly accurate and aggregated threat intelligence, and automation to detect and prevent a broad range of threats, including DGA families, data exfiltration, look-alike domain use, fast flux, and others. These analytic tools include reports, active indicators, threat lab, Dossier research, and TIDE (Threat Intelligence Data Exchange), all working together to provide insight into your network security and visibility into infected and compromised devices.
The following illustration describes the high-level workflow of the BloxOne for deploying Infoblox Threat Defense deployment:
Complete the following steps to deploy BloxOne Threat Defense:
...
Diagram: The high-level workflow for deploying Infoblox Threat Defense includes the initial setup of the system, defining the scope of the network, configuring specific security policies, and concludes with analyzing and researching the outcomes and security data.
To deploy Infoblox Threat Defense, complete the following steps:
- Use the Infoblox Portal to define the scope of the networks you would like to protect from malicious attack via the Cloud Service Portalattacks:
- For your company's public networks, see see Configuring External Networks.
- For roaming end users, see see BloxOne Endpoint or or BloxOne Mobile Endpoint.
- For on-premises premise networks (including the NIOS Grid), see see Configuring DNS Forwarding Proxy.
- Set up the initial security configuration on the defined network scope by doing the following
- . For details on:
- Setting up custom lists,
see - To apply
- Applying category or application filters,
see - see Using Filters.
- Viewing the threat intelligence feeds that Infoblox Threat Defense offers based on your subscription level, see Viewing Threat Intelligence Feeds.
- Configure security rules and policies, or point your networks to a redirect page. For details on:
- To apply Applying security policies to the networks you have defined networks, see see Configuring Security Policies.
- To use Using the default redirect page or configure configuring custom redirects, see see Defining the Redirect Page.
- Using advanced analytics, BloxOne Threat Defense provides reports that you use to analyze DNS traffic, so you can monitor how the security configuration protects your networks.
BloxOne provides a list of available reports. To view available reports, see Viewing Reports.
You can also view high-level statistics by viewing the Dashboards, For more information, see Viewing the Dashboards.
Independent of reporting, you can always Use the reports, dashboards, Infoblox Threat Lab, Dossier, and TIDE to analyze your security policies and take appropriate actions. Infoblox Threat Defense uses advanced analytics to provide reports that will help you analyze DNS traffic and monitor the effectiveness of your security configuration. For details on:- Viewing the reports provided by Infoblox, see Viewing Reports.
- Viewing high-level statistics, see Viewing the Dashboards.
In addition to reporting, you can use Dossier research, active indicators, and
Infoblox Threat Lab to investigate suspicious domains and decide what action you might want to take.
For more information
about:
About Dossier,
see Infoblox Dossier.
About active indicators,
.
Optionally, you can do the following to enhance security in your network infrastructure:
- Configure an on-prem DNS firewall for your NIOS Grid to receive feeds from BloxOne Cloud. For information on how to set up on-prem DNS firewall, see from Infoblox Platform. For details, see Configuring On-Prem DNS Firewall.
- View threat intelligence feeds that BloxOne that Infoblox Threat Defense offers based on your subscription level. For details, see Viewing Threat Intelligence Feeds.
For more information about BloxOne about Infoblox Threat Defense, see the following:
Excerpt | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
|