Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 7 Next »

What is Zero Day DNS?

Infoblox is introducing a new, real-time streaming detection feature called "Zero Day DNS." Zero Day DNS is designed to identify domains implicated in threat campaigns immediately after their registration, eliminating the aging period. It effectively blocks threat indicators in the initial stage of the threat lifecycle, specifically within 1 to 2 minutes following their registration. This proactive approach ensures the protection of our users against threats even before the commencement of the threat campaign.

Infoblox blocks these domains using  short duration TTL of 48 hours by which time other security system in place will have enough information to protect per the exisitng policy. The default  action for Zero Day DNS is Block-No Redirect.

Zero Day DNS is only available to BloxOne Threat Defense Advanced subscribers. The Zero Day DNS feed cannot be enabled (and thereby does not apply) to On-Prem NIOS.


Adding the Zero Day DNS feed to a Security Policy

To add the Zero Day DNS feed to an existing security policy, do the following:

  1. Log in to the Cloud Services Portal.
  2. In the Cloud Services Portal, navigate to the Security Policies tab (Policies > Security Policies).
  3. Locate the security policy you wish to add to your feed. Click the expandable menu icon associated with the security policy. Then, click Edit.

    Image: Click Edit next to the security policy to be added to the feed. 

  4. Click Policy Rules in the left navigation.

    Image: Click Policy Rules in the Edit Policy wizard

  5. Click Add Rule.Then, click Feeds and Threat Insight to display the list of threat feeds.

    Image: Click Add rule followed by clicking Feeds and Threat Insight to display the threat feeds list.  

  6. Locate the Zero Day DNS feed in the Security Note panel. The new Feed and Threat insight entry will be located at or near the bottom of the Policy Rules list.

    Image: Locating the entry in the Security Note panel.

  7. Click Choose a Feeds and Threat Insight. Select the Zero Day DNS feed from among the list of feeds to be added to the security policy. Once the new feed is selected, click Select to confirm the selection of the feed.

    Image: Selecting the Threat insight - Zero Day DNS feed for adding to the security policy. 

  8. Use the Up and Down arrows on the far right of the newly added policy rule to change the order of precedence for the newly added Zero Day DNS feed. Note: The Zero Day DNS feed should be placed in the seventh slot, just below the Ransomware feed. 


    Image    : Click the Up and Down arrows to change the newly added Zero Day DNS feed's precedence order. 

  9. The Zero Day DNS feed should be placed in the eighth slot, just below the Ransomware feed. 
    The available feeds, and their order, in the default global policy.
    Image    : The available feeds, and their order, in the default global policy. 

  10. Change the Action that is associated with the newly added policy rule. 

    Image: Selecting the Action to be associated with the newly added policy rule. For the Zero Day DNS feed, Infoblox recommends setting the assigned action to Block - No Redirect.

  11. Click Finish to add the feed to your security policy configuration
  12. Click Save & Close to save the newly updated security policy configuration. 





  • No labels