Versions Compared

Version Old Version 7 New Version Current
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Automatic Categorization: Users Organizations are automatically categorized under a predefined industry vertical.

  • Peer Organizations: The number of peer organizations included in the industry comparison is displayed (not applicable for global benchmarks).

  • Organizations can compare their Confirmed Threats, Unconfirmed Threats, Threat Actor-Associated Traffic, Zero-Day DNS Traffic, and Threat Insight Detections against:

    • Your own network: DNS traffic on your own network. This information can be viewed under the “Your average” report column.

    • Industry peers: DNS traffic on the same vertical. This information can be viewed under the “Avg. across customers (from your industry” report column.

    • All Infoblox customers: DNS traffic across all verticals. This information can be viewed under the “Avg. across all Infoblox customers” report column.

...

Report Metrics

Definition

Source Feeds

Actionable Insights

Malicious Indicators Seen

The percentage of network traffic flagged as malicious based on Infoblox threat intelligence feeds.

Infoblox Base Feed - Infoblox Base-IP Feed (Includes Base, AntiMalware, Malware-DGA, Ransomware, and AntiMalware-IP feeds)

  • High Confirmed Threats: Indicates the network is frequently targeted or employees need security training. - Low Confirmed Threats: Suggests strong security posture with minimal external threats.

Risky Indicators Seen

The percentage of suspicious but unverified threats detected in network traffic.

Indicators are given a High, Medium, or Low-risk ratingbased on their risk potential.

Infoblox High Risk Feed - Infoblox Medium Risk Feed - Infoblox Low Risk Feed

  • High-rated Unconfirmed Threats: Indicates potential risks or targeted activity. -

  • Medium-rated Unconfirmed Threats: Indicates a potential risk less than that of a high risk theat but greater than a low risk threat.

  • Low-rated Unconfirmed Threats: Suggests strong security measures and reliable vendor ecosystem.

Threat Actor-Associated Traffic

The percentage of network traffic associated with known threat actors.

N/A

  • High Threat Actor Traffic: Indicates direct targeting by known adversaries. -

  • Low Threat Actor Traffic: Suggests minimal external targeting.

Zero-Day DNS Traffic Seen

The percentage of traffic involving newly registered, suspicious, or emerging domains (Zero-Day DNS domains).

N/A

  • High Zero-Day Traffic: Users are prone to accessing newly registered domains.

  • Low Zero-Day Traffic: Suggests good security hygiene and cautious browsing habits.

Threat Insight Detection

The percentage of DNS traffic flagged by Threat Insight for potential Data Exfiltration (DNST) and Domain Generation Algorithm (DGA) activity.

N/A

  • High Threat Insight Traffic: Indicates potential DNS tunneling or exfiltration risks. -

  • Low Threat Insight Traffic: Suggests secure and well-monitored DNS traffic.

...

  1. Log in to the Infoblox Portal.

  2. Navigate to Monitor > Reports > Security > Industry Vertical Analysis.

  3. On the Industry Report Analysis page, you can view DNS traffic trends relative to industry peers and global benchmarks (comparison metrics) for:

    • Malicious Indicators Seen.

    • Risky Indicators Seen.

      Clicking in the data window will take you to the Security Activity - Security Eventsreport where detailed information on the indicator may be viewed.

      Threat Actor Associated Traffic Seen.

    • ZeroDayDNS Traffic Seen.

      Clicking in the data window will take you to the

      Threat

      Intel Zero Day DNSreport where detailed information on the threat can be viewed.

      Threat Insight Detection.

...