Industry Vertical Analysis

Industry Vertical Analysis enables organizations to benchmark their security posture against others within the same industry. By analyzing DNS traffic trends across key threat categories—Malicious Threats, Risky Threats, Threat Insights, Threat Actors, and Zero-Day Detection—users can gain valuable insights into their relative security stance. This comparison allows organizations to fine-tune security policies and enhance their overall security posture.

The Industry Vertical Analysis Report provides comparative insights into an organization’s DNS traffic patterns relative to industry peers and the broader market. This report highlights commonalities and key differentiators across industry verticals, allowing organizations to assess their security posture and identify potential risks.

The Industry Vertical Analysis Report is available to users with Infoblox Threat Defense Business Cloud and Infoblox Threat Defense Advanced licenses.

Notes

Data Normalization: All statistics are normalized across comparison points to ensure consistent analysis.
Time Frame Consistency: Comparisons are performed over a fixed duration (7 days or 30 days) to ensure accurate trend analysis.
Traffic-Based Analysis: The report focuses on traffic patterns rather than blocked or unblocked queries, ensuring policy-agnostic comparisons.
Vertical Assignment: Customers are automatically categorized under a predefined industry vertical. Manual modifications to the predefined industry vertical is not possible at this time.

Industry Tagging and Peer Comparison

Automatic Categorization: Organizations are automatically categorized under a predefined industry vertical.
Peer Organizations: The number of peer organizations included in the industry comparison is displayed (not applicable for global benchmarks).
Organizations can compare their Confirmed Threats, Unconfirmed Threats, Threat Actor-Associated Traffic, Zero-Day DNS Traffic, and Threat Insight Detections against:
- Your own network: DNS traffic on your own network. This information can be viewed under the “Your average” report column.
- Industry peers: DNS traffic on the same vertical. This information can be viewed under the “Avg. across customers (from your industry” report column.
- All Infoblox customers: DNS traffic across all verticals. This information can be viewed under the “Avg. across all Infoblox customers” report column.

Report Metrics Rubric

Report Metrics refer to key performance indicators used to assess network security by analyzing traffic patterns and threat intelligence. These metrics help identify malicious activity, risky behaviors, threat actor interactions, and potential security vulnerabilities within an organization’s network. By monitoring these indicators, security teams can take proactive measures to mitigate risks, enhance defenses, and improve overall cybersecurity posture.

Report Metrics	Definition	Source Feeds	Actionable Insights

Report Metrics	Definition	Source Feeds	Actionable Insights
Malicious Indicators Seen	The percentage of network traffic flagged as malicious based on Infoblox threat intelligence feeds.	Infoblox Base Feed - Infoblox Base-IP Feed (Includes Base, AntiMalware, Malware-DGA, Ransomware, and AntiMalware-IP feeds)	High Confirmed Threats: Indicates the network is frequently targeted or employees need security training. - Low Confirmed Threats: Suggests strong security posture with minimal external threats.
Risky Indicators Seen	The percentage of suspicious but unverified threats detected in network traffic. Indicators are given a High, Medium, or Low-risk rating based on their risk potential.	Infoblox High Risk Feed - Infoblox Medium Risk Feed - Infoblox Low Risk Feed	High-rated Unconfirmed Threats: Indicates potential risks or targeted activity. - Medium-rated Unconfirmed Threats: Indicates a potential risk less than that of a high risk theat but greater than a low risk threat. Low-rated Unconfirmed Threats: Suggests strong security measures and reliable vendor ecosystem.
Threat Actor-Associated Traffic	The percentage of network traffic associated with known threat actors.	N/A	High Threat Actor Traffic: Indicates direct targeting by known adversaries. - Low Threat Actor Traffic: Suggests minimal external targeting.
Zero-Day DNS Traffic Seen	The percentage of traffic involving newly registered, suspicious, or emerging domains (Zero-Day DNS domains).	N/A	High Zero-Day Traffic: Users are prone to accessing newly registered domains. Low Zero-Day Traffic: Suggests good security hygiene and cautious browsing habits.
Threat Insight Detection	The percentage of DNS traffic flagged by Threat Insight for potential Data Exfiltration (DNST) and Domain Generation Algorithm (DGA) activity.	N/A	High Threat Insight Traffic: Indicates potential DNS tunneling or exfiltration risks. - Low Threat Insight Traffic: Suggests secure and well-monitored DNS traffic.

Viewing the Industry Vertical Analysis Report

To view the Industry Vertical Analysis Report, follow these steps:

Log in to the Infoblox Portal.
Navigate to Monitor > Reports > Security > Industry Vertical Analysis.
On the Industry Report Analysis page, you can view DNS traffic trends relative to industry peers and global benchmarks (comparison metrics) for:
- Malicious Indicators Seen.
  - Clicking in the data window will take you to the Security Activity - Security Events report where detailed information on the indicator may be viewed.
- Risky Indicators Seen.
  - Clicking in the data window will take you to the Security Activity - Security Events report where detailed information on the indicator may be viewed.
- Threat Insight Detection.
  - Clicking in the data window will take you to the Security Activity - Security Events report where detailed information on the indicator may be viewed.

The Industry Vertical Analysis report examines security indicators observed over the past 7 to 30 days. This report offers a comprehensive analysis of your organization's data in comparison to industry standards and overall data from Infoblox customers.

Image: The Industry Vertical Analysis report examines security indicators observed over the past 7 to 30 days. This report offers a comprehensive analysis of your organization's data in comparison to industry standards and overall data from Infoblox customers.

Understanding the Comparison Metrics

Each analytical metric represents the average number of DNS observations of a specific type detected on your network over the past 7 or 30 days, depending on the selected period of time. Additionally, the metric provides a comparison of your organization's data against the metrics observed for other organizations within your industry sector, as well as across all organizations. Clicking on any of the report metrics will take you to the respective security report where details for each threat or detection can be viewed.

Data Display Period Settings

The default setting for the Industry Vertical Analysis report shows results based on the last 30 days of recorded data. However, based on your organization's needs, you have the option to display results based on the last 7 days of recorded data by clicking on the desired time period located at the top-right corner of the screen.

To receive analytical data for either 7 or 30 days, simply click on your preferred duration. In this image, the option for 30 days of data is selected.

Image: To receive analytical data for either 7 or 30 days, click on your preferred duration. In this image, the option for 30 days of data is selected.

BloxOne Threat Defense