Licensing and Subscriptions
- Gary Leicht
- Shirly Tsang
InfobloxTM Threat Defense offers the following license packages:
- Infoblox Threat Defense Essentials
- Infoblox Threat Defense Business On-Premises
- Infoblox Threat Defense Business Cloud
- Infoblox Threat Defense Advanced
Each package provides a different level of threat intelligence feeds, features, and protection.
Depending on your subscription, you might or might not have access to all functionality through the Infoblox Portal. For detailed information about Infoblox Threat Defense subscriptions, contact your Infoblox representative. For information on viewing your licensing entitlements from within the Infoblox Portal, see Viewing License Entitlements.
The following table lists the available features for each license package:
| Feature | Essentials | Business On-Premises | Business Cloud | Advanced |
|---|---|---|---|---|
Access Authentication | ✔ | ✔ | ||
| Active indicators tool (for TIDE) | ✔ | |||
| Application Discovery tool | ✔ | |||
| Block DNS Data Exfiltration, DNS Tunneling | ✔ | ✔ | ✔ | ✔ |
| Block Malicious Domains (malware, C2, phishing, etc.) | ✔ | ✔ | ✔ | ✔ |
| Infoblox Endpoint (Mac, Windows, Linux, ChromeOS, iOS, Android) | ✔ | ✔ | ||
| DNS Activity Report | ✔ | ✔ | ||
| DNS Firewall | Per Member | Grid Wide | Grid Wide | |
| DNS Security Report | ✔ | ✔ | ||
| Cloud-based DNS Firewall | ✔ | ✔ | ||
| Lookalike Domain Tool (detection for phishing, malware, other threats) | ✔ | |||
| DGA Detections (feed-based) DGA | ✔ | ✔ | ✔ | |
DNS Forwarding Proxy (DFP) | ✔ | ✔ | ||
| DNS Resolver (in the cloud) | ✔ | ✔ | ||
| DNS Anycast for DFP | ✔ | ✔ | ||
| DNS over HTTPS risk management (feed) | ✔ | ✔ | ✔ | ✔ |
| Dossier for contextual & detailed threat intelligence (queries per year) | 32,000 | 32,000 | 64,000 | |
| Local DNS Break-Out with Infoblox DDI | ✔ | ✔ | ||
| Security ecosystem (data sharing and response automation) | Available via a SKU or standalone | Grid Wide | Data Connector Only | Grid Wide |
| Summary Reports (Executive Summary and Comprehensive Security reports) | ✔ | ✔ | ||
| Threat feeds in DNS RPZ format | ✔ | ✔ | ✔ | |
| Threat Insight based DGA and DDGA | ✔ | ✔ | ||
| Threat Lookup to research attacker data | ✔ | |||
| TIDE (Ingest & Distribute custom feeds) | ✔ | |||
| Web Content Filtering | ✔ | ✔ | ||
Predefined Reports: Predefined reports are available based on your license package. For information on the reports available in the Infoblox Portal, see Viewing Reports. | ||||
Threat Intelligence Feeds
The following table details the threat intelligence feeds and features available with each license package:
| Feed | Indicator Type | Essentials | Business On-Premises | Business Cloud | Advanced |
|---|---|---|---|---|---|
| Infoblox Base | FQDN | ✔ | ✔ | ✔ | ✔ |
| Infoblox Base IP | IP Addresses | ✔ | ✔ | ✔ | |
| Infoblox High Risk | FQDN | ✔ | |||
| Infoblox Medium Risk | FQDN | ✔ | |||
| Infoblox Low Risk | FQDN | ✔ | |||
| Infoblox Informational | FQDN | ✔ | ✔ | ✔ | |
Bogon | IP addresses | ✔ | ✔ | ✔ | ✔ |
Cryptocurrency | FQDN | ✔ | ✔ | ✔ | |
| DHS AIS Domains | FQDN | ✔ | ✔ | ✔ | ✔ |
| DHS AIS IP | IP addresses | ✔ | ✔ | ✔ | ✔ |
| DOH Public Hostnames | FQDN | ✔ | ✔ | ✔ | ✔ |
| DOH Public IPs | IP addresses | ✔ | ✔ | ✔ | ✔ |
| EECN IPs | IP addresses | ✔ | ✔ | ✔ | |
TOR Exit Node IPs | IP Addresses | ✔ | ✔ | ✔ | |
| Threat Insight - Data Exfiltration | FQDN | ✔ | ✔ | ✔ | |
| Threat Insight - Notional Data Exfiltration | FQDN | ✔ | ✔ | ✔ | |
| Threat Insight - DGA | FQDN | ✔ | ✔ | ||
| Threat Insight - Messenger | FQDN | ✔ | ✔ | ✔ | |
| Threat Insight - Fast Flux | FQDN | ✔ | ✔ | ✔ | |
US OFAC Sanctions IP Embargoed IPs | IP Addresses | ✔ | ✔ | ✔ | |
US OFAC Sanctions High IPs | IP Addresses | ✔ | ✔ | ✔ | |
US OFAC Sanctions Med IPs | IP Addresses | ✔ | ✔ | ✔ |
Add-ons and Third-party Threat Indicator Feeds
The following add-ons and third-party threat indicator feeds are not included in any subscription package but can be purchased via a SKU or standalone:
| Item | Type | Description | Subscription |
|---|---|---|---|
| SOC Insights ASEC | Add-on | SOC Reporting add-on |
|
| Farsight Security Newly Observed Domains | Third-party Feed | NOD and RPZ data | Not subscription based but can be purchased via a SKU oras a standalone. |
For more information on Threat Intelligence Feeds, see Threat Intelligence Solution Note (PDF).
For descriptions of all available feeds, see Viewing Active Threat Feeds and Threat Insight.
For information on RPZ feeds and what RPZ feeds are included based on subscription level, see RPZ Feeds.
For information on SOC Insights, see SOC Insights.
For additional information on Infoblox Threat Defense license packages, see the following:
- Infoblox Threat Defense Business On-Premises, see BloxOne Threat Defense Business On-Premises Datasheet (PDF).
- Infoblox Threat Defense Business Cloud, see BloxOne Threat Defense Business Cloud Datasheet (PDF).
- Infoblox Threat Defense Advanced, see BloxOne Threat Defense Advanced Datasheet (PDF).