Application Discovery

Infoblox Application Discovery provides organizations with visibility into the applications associated with a higher risk of data loss and malware activity. This includes cloud storage, email, and VPN applications, as well as applications that help profile protected assets. Infoblox Application Discovery also monitors "Shadow IT" applications, which are consumer and enterprise applications that are not managed by the organization but may still pose a risk of data loss or security threats. By monitoring these applications, organizations can identify potential threats and take the necessary steps to protect their network. The Application Discovery report also provides organizations with the ability to drill down into specific applications and view detailed information about their usage, allowing organizations to create appropriate security and organizational policies to address any potential threats.

The Application Discovery report provides organizations with the ability to view details about their applications, including the software manufacturer and the protected asset that generated the application traffic. It also allows organizations to filter and drill down to the specific application or protected device, and then export the data if needed. This report provides organizations with detailed information about their application traffic. This information can then be used to identify potential threats and take the necessary steps to protect their network. By using this report, organizations can gain a better understanding of the application activity on their network and take the necessary steps to protect it.

Application Discovery uses detection signatures to determine when an application is one of the following:

Associated to a remote host: You can observe the remote host using Dossier.
Auditable: Infoblox is highly confident in its detection accuracy.
Blockable: Infoblox is confident in its detection accuracy and has identified associated, unique, blockable hosts.

Application Discovery, which is accessed from Monitor > Reports > Application Discovery, provides a means of detecting and managing the types and numbers of all applications on your organization's network: those approved and supported, awaiting review and approval, and not approved. Application Discovery is available to Infoblox Threat Defense Advanced subscribers.

The Application Discovery dashboard provides an overview of application usage within an organization.

Image: The Application Discovery dashboard provides an overview of application usage within an organization.

Application Discovery makes it is possible to identify and track applications running on your network and to determine what activities each application is engaged in. By default, each application is assigned a status of Need Review. Based on the information obtained from Application Discovery, a system administrator will assign each application a status of Approved or Unapproved. If Application Discovery indicates that an application is safe, the system administrator will assign it a status of Approved; otherwise, the system administrator will assign it a status of Unapproved. An application's status can be revised and updated at any time.

Approved and Unapproved Applications

Application Discovery allows you to specify if a detected application is an “Approved” application based on your organization’s policy. In most organizations, blocking applications can be disruptive and lead to user dissatisfaction. Instead, tracking approved and nonapproved applications allows you to monitor and decide the best action to take, such as user education or requesting approval for the variance.

Image: A detail view of the Application Discovery dashboard showing three status indicators for applications within an organization: "NEEDS REVIEW", "APPROVED", and "UNAPPROVED".

The tracking of approved and unapproved applications on your network is important. Security and Compliance best practices call for maintaining an accurate inventory of applications in your organization. Additionally, it provides protection for your organization from threats includes the protection of legitimate software used in inappropriate ways that might include a user storing sensitive customer data in unmanaged cloud storage, or malware that utilizes a consumer email to exfiltrate stolen data from the enterprise.

Application Discovery is available to subscribers of Infoblox Threat Defense Advanced.

For information on Application Discovery reports, see the following: