Document toolboxDocument toolbox

Getting Started with Infoblox Threat Defense

Owned by Gary Leicht
Last updated: Sept 06, 2024
3 min read

Infoblox Threat Defense integrates threat intelligence feeds, rules, custom lists, category and application filters, and advanced analytics to strengthen your network’s security and protect you from escalating cyber threats that can adversely affect your business. Infoblox Threat Defense combines secure DNS resolution in the cloud with advanced analytics tools for detecting and preventing a broad range of threats, such as DGA families, data exfiltration, lookalike domains, and fast flux. These tools consist of reports, active indicators, Threat Lab, Dossier research, and TIDE (Threat Intelligence Data Exchange) and are based on machine learning, highly accurate and aggregated threat intelligence, and automation. All these features work together to provide insight into your network’s security and into infected and compromised devices.

To begin protecting your network with Infoblox Threat Defense, use the Infoblox Portal to define a network scope to which you will apply security configuration. The network scope can include your company's public networks, roaming end users, and on-premise networks (including the NIOS Grid). Next, configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, Infoblox Threat Defense will automatically apply threat intelligence feeds to your defined networks.

The following illustration describes the high-level workflow for deploying Infoblox Threat Defense:

The high-level workflow for deploying BloxOne Threat Defense includes the initial setup of the system, defining the scope of the network, configuring specific security policies, and concludes with analyzing and researching the outcomes and security data.

Diagram: The high-level workflow for deploying Infoblox Threat Defense includes the initial setup of the system, defining the scope of the network, configuring specific security policies, and concludes with analyzing and researching the outcomes and security data.

To deploy Infoblox Threat Defense, complete the following steps:

  1. Use the Infoblox Portal to define the scope of the networks you would like to protect from malicious attacks:
  2. Set up the initial security configuration on the defined network scope. For details on:
  3. Configure security rules and policies, or point your networks to a redirect page. For details on:
  4. Use the reports, dashboards, Infoblox Threat Lab, Dossier, and TIDE to analyze your security policies and take appropriate actions. Infoblox Threat Defense uses advanced analytics to provide reports that will help you analyze DNS traffic and monitor the effectiveness of your security configuration. For details on:
    • Viewing the reports provided by Infoblox, see Viewing Reports.
    • Viewing high-level statistics, see Viewing the Dashboards.

      In addition to reporting, you can use Dossier research, active indicators, and Infoblox Threat Lab to investigate suspicious domains and decide what action you might want to take. For more information:

Optionally, you can do the following to enhance security in your network infrastructure:

  1. Configure an on-prem DNS firewall for your NIOS Grid to receive feeds from Infoblox Platform. For details, see Configuring On-Prem DNS Firewall.
  2. View threat intelligence feeds that Infoblox Threat Defense offers based on your subscription level. For details, see Viewing Threat Intelligence Feeds.

For more information about Infoblox Threat Defense, see the following: