This topic includes upcoming features and enhancements for BloxOne Threat Defense in May 2024.
BloxOne Threat Defense: Zero Day DNS™
Threat actors often register a new domain and launch targeted attacks within minutes of
registering that domain. Zero Day DNS, a capability available to BloxOne Threat Defense
Advanced subscribers, inspects customer network DNS traffic in near real-time to detect and
block threats from domains that are registered by threat actors just minutes before being used
in an attack. Zero Day DNS detection protects customers against targeted attacks like spearphishing
that leverage lookalike domains, providing the earliest defense against these attacks.
Any events detected in customer networks related to Zero Day DNS will also be available as a
SOC Insight.
BloxOne Threat Defense: RPZ Feed Revamp
BloxOne Threat Defense for NIOS now includes a new RPZ feed structure that provides
simplicity, along with user friendly names, allowing users to set the correct policies and address
the growing number of available RPZs over time. With the new structure, customers can
configure their policy action correctly per their risk posture and have an “at a glance”
understanding of how their network is protected. This requires removing the prior configured
RPZ feeds and updating them to the consolidated new RPZs. The old RPZs will be supported
until December 2024, giving time for transition to the new RPZ. The old RPZs will be
deprecated after December 2024. Beyond the current RPZ updates for OnPrem, the feeds on
the cloud will also be updated to reflect the same feed structure around July 2024.
BloxOne Threat Defense: New Threat Actor Page
To get a single view of all threat actors seen in your network, BloxOne Threat Defense now
includes a Threat Actor page. Each threat actor card carries the domains seen in your
environment and all the domains associated with that actor. Each domain highlighted also
shows the timeline of the detection - when the domain was discovered as a threat by Infoblox
Threat Intel, when the domain was observed in your environment, and relatively when the
external world (any vendor listed in VirusTotal) came to know about the domain. The timeline
highlights how early Infoblox Threat Intel was in discovering and protecting you from these
threats. This Threat Actor page is easily accessible in Cloud Services Portal, under "Research"
and within "Threat Intel."
BloxOne Threat Defense: Agentless Implementation Over DoT/DoH and Approved Public Subnets
In April, Infoblox released a feature to help BloxOne Threat Defense Business Cloud and
Advanced customers secure endpoints without the need for deploying BloxOne Endpoint
and/or defining public subnets (External Networks), reducing the complexity of their network
architecture. This optional, agentless capability supports DNS resolution over direct, encrypted
DoH (DNS over HTTPS)/DoT (DNS over TLS) protocols and unencrypted DNS resolution for
customer-approved External Networks.
This feature can be used to chain/integrate a variety of solutions within the existing security
ecosystem. Among the many use cases for this feature, this is a huge win for our customers
who want to deploy the native Zscaler client and B1TD as a SASE solution without deploying
an additional agent. The robust design of this capability supports other Secure Service Edge
solutions, as well as web proxies and VPNs, making it easier for customers to achieve a more
comprehensive security posture for endpoints.
Related Pages
Please note that future functionality and releases described in this communication are subject to change.