BloxOne Threat Defense integrates threat intelligence feeds, rules, custom lists, category and application filters, and advanced analytics to strengthen your network security, protecting you from escalating cyber threats that can adversely affect your business.
To begin protecting your network infrastructure using BloxOne Threat Defense, you define a network scope to which you apply security configuration via the Cloud Services Portal. The network scope can include your company's public networks, roaming end users, and on-premises networks (including the NIOS Grid). You can then configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, BloxOne Threat Defense automatically applies threat intelligence feeds to your defined networks. In addition to providing secure DNS resolution in the cloud, BloxOne Threat Defense combines advanced analytics based on machine learning, highly accurate and aggregated threat intelligence, and automation to detect and prevent a broad range of threats, including DGA families, data exfiltration, look-alike domain use, fast flux, and others. These analytic tools include reports, active indicators, threat lab, Dossier research, and TIDE (Threat Intelligence Data Exchange), all working together to provide insight into your network security and visibility into infected and compromised devices.
The following illustration describes the high-level workflow of the BloxOne Threat Defense deployment:
.png?version=1&modificationDate=1725606132669&cacheVersion=1&api=v2&width=1000&height=411)
Complete the following steps to deploy BloxOne Threat Defense:
- Define the scope of networks you would like to protect from malicious attack via the Cloud Service Portal:
- For your company's public networks, see Configuring External Networks.
- For roaming end users, see BloxOne Endpoint or BloxOne Mobile Endpoint.
- For on-premises networks (including the NIOS Grid), see Configuring DNS Forwarding Proxy.
- Set up initial security configuration on the defined network scope by doing the following:
- To set up custom lists, see Creating Custom Lists.
- To apply category or application filters, see Using Filters.
- To view threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level, see Viewing Threat Intelligence Feeds.
- To set up custom lists, see Creating Custom Lists.
- Configure security rules and policies, or point your networks to a redirect page:
- To apply security policies to the defined networks, see Configuring Security Policies.
- To use the default redirect page or configure custom redirects, see Defining the Redirect Page.
- Using advanced analytics, BloxOne Threat Defense provides reports that you use to analyze DNS traffic, so you can monitor how the security configuration protects your networks.
BloxOne provides a list of available reports. To view available reports, see Viewing Reports.
You can also get high-level statistics by viewing the Dashboards, For more information, see Viewing the Dashboards.
Independent of reporting, you can always use Dossier research, active indicators, and threat lab to investigate suspicious domains and decide what action you might want to take.- For information about Dossier, see Infoblox Dossier.
- For information about active indicators, see Active Indicators Search Tool.
- For information about threat lab, see Infoblox Threat Lab.
Optionally, you can do the following to enhance security in your network infrastructure:
- Configure on-prem DNS firewall for your NIOS Grid to receive feeds from BloxOne Cloud. For information on how to set up on-prem DNS firewall, see Configuring On-Prem DNS Firewall.
- View threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level, see Viewing Threat Intelligence Feeds.
For more information about BloxOne Threat Defense, see the following: