BloxOne Infoblox Threat Defense integrates threat intelligence feeds, rules, custom lists, category and application filters, and advanced analytics to strengthen your network’s security and protect you from escalating cyber threats that can adversely affect your business. BloxOne Infoblox Threat Defense combines secure DNS resolution in the cloud with advanced analytics tools for detecting and preventing a broad range of threats, such as DGA families, data exfiltration, lookalike domains, and fast flux. These tools consist of reports, active indicators, Threat Lab, Dossier research, and TIDE (Threat Intelligence Data Exchange) and are based on machine learning, highly accurate and aggregated threat intelligence, and automation. All these features work together to provide insight into your network’s security and into infected and compromised devices.
To begin protecting your network with BloxOne with Infoblox Threat Defense, use the Cloud Services the Infoblox Portal to define a network scope to which you will apply security configuration. The network scope can include your company's public networks, roaming end users, and on-premise networks (including the NIOS Grid). Next, configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, BloxOne Infoblox Threat Defense will automatically apply threat intelligence feeds to your defined networks.
The following illustration describes the high-level workflow for deploying BloxOne deploying Infoblox Threat Defense:
.png?version=1&modificationDate=1725606132669&cacheVersion=1&api=v2&width=1000)
Diagram: The high-level workflow for deploying BloxOne deploying Infoblox Threat Defense includes the initial setup of the system, defining the scope of the network, configuring specific security policies, and concludes with analyzing and researching the outcomes and security data.
To deploy BloxOne deploy Infoblox Threat Defense, complete the following steps:
- Use the Cloud Service the Infoblox Portal to define the scope of the networks you would like to protect from malicious attacks:
- For your company's public networks, see Configuring External Networks.
- For roaming end users, see BloxOne Endpoint or BloxOne Mobile Endpoint.
- For on-premise networks (including the NIOS Grid), see Configuring DNS Forwarding Proxy.
- Set up the initial security configuration on the defined network scope. For details on:
- Setting up custom lists, see Creating Custom Lists.
- Applying category or application filters, see Using Filters.
- Viewing the threat intelligence feeds that BloxOne that Infoblox Threat Defense offers based on your subscription level, see Viewing Threat Intelligence Feeds.
- Configure security rules and policies, or point your networks to a redirect page. For details on:
- Applying security policies to the networks you have defined, see Configuring Security Policies.
- Using the default redirect page or configuring custom redirects, see Defining the Redirect Page.
- Use the reports, dashboards, Infoblox Threat Lab, Dossier, and TIDE to analyze your security policies and take appropriate actions. BloxOne Infoblox Threat Defense uses advanced analytics to provide reports that will help you analyze DNS traffic and monitor the effectiveness of your security configuration. For details on:
- Viewing the reports provided by BloxOneInfoblox, see Viewing Reports.
- Viewing high-level statistics, see Viewing the Dashboards.
In addition to reporting, you can use Dossier research, active indicators, and Infoblox Threat Lab to investigate suspicious domains and decide what action you might want to take. For more information:
About Dossier, see Infoblox Dossier.
About active indicators, see Active Indicators Search Tool. About threat lab, see Infoblox Threat Lab.
Optionally, you can do the following to enhance security in your network infrastructure:
- Configure an on-prem DNS firewall for your NIOS Grid to receive feeds from BloxOne Cloudfrom Infoblox Platform. For details, see Configuring On-Prem DNS Firewall.
- View threat intelligence feeds that BloxOne that Infoblox Threat Defense offers based on your subscription level. For details, see Viewing Threat Intelligence Feeds.
For more information about BloxOne about Infoblox Threat Defense, see the following:
| Excerpt | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
|
...