BloxOne Threat Defense integrates threat intelligence feeds, rules, custom lists, category and application filters, and advanced analytics to strengthen your network’s security and protect you from escalating cyber threats that can adversely affect your business. BloxOne Threat Defense combines secure DNS resolution in the cloud with advanced analytics tools for detecting and preventing a broad range of threats, such as DGA families, data exfiltration, lookalike domains, and fast flux. These tools consist of reports, active indicators, Threat Lab, Dossier research, and TIDE (Threat Intelligence Data Exchange) and are based on machine learning, highly accurate and aggregated threat intelligence, and automation. All these features work together to provide insight into your network’s security and into infected and compromised devices.
To begin protecting your network with BloxOne Threat Defense, use the Cloud Services Portal to define a network scope to which you will apply security configuration. The network scope can include your company's public networks, roaming end users, and on-premise networks (including the NIOS Grid). Next, configure custom lists, add filters, and apply security policies to the network scope. Based on your subscription level, BloxOne Threat Defense will automatically apply threat intelligence feeds to your defined networks.
The following illustration describes the high-level workflow for deploying BloxOne Threat Defense:
.png?version=1&modificationDate=1725606132669&cacheVersion=1&api=v2&width=1000&height=411)
To deploy BloxOne Threat Defense, complete the following steps:
- Use the Cloud Service Portal to define the scope of the networks you would like to protect from malicious attacks:
- For your company's public networks, see Configuring External Networks.
- For roaming end users, see BloxOne Endpoint or BloxOne Mobile Endpoint.
- For on-premise networks (including the NIOS Grid), see Configuring DNS Forwarding Proxy.
- Set up the initial security configuration on the defined network scope. For details on:
- Setting up custom lists, see Creating Custom Lists.
- Applying category or application filters, see Using Filters.
- Viewing the threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level, see Viewing Threat Intelligence Feeds.
- Configure security rules and policies, or point your networks to a redirect page. For details on:
- Applying security policies to the networks you have defined, see Configuring Security Policies.
- Using the default redirect page or configuring custom redirects, see Defining the Redirect Page.
- Use the reports, dashboards, Infoblox Threat Lab, Dossier, and TIDE to analyze your security policies and take appropriate actions. BloxOne Threat Defense uses advanced analytics to provide reports that will help you analyze DNS traffic and monitor the effectiveness of your security configuration. For details on:
- Viewing the reports provided by BloxOne, see Viewing Reports.
- Viewing high-level statistics, see Viewing the Dashboards.
In addition to reporting, you can use Dossier research, active indicators, and Infoblox Threat Lab to investigate suspicious domains and decide what action you might want to take. For more information:
About Dossier, see Infoblox Dossier.
About active indicators, see Active Indicators Search Tool.
About threat lab, see Infoblox Threat Lab.
Optionally, you can do the following to enhance security in your network infrastructure:
- Configure an on-prem DNS firewall for your NIOS Grid to receive feeds from BloxOne Cloud. For details, see Configuring On-Prem DNS Firewall.
- View threat intelligence feeds that BloxOne Threat Defense offers based on your subscription level. For details, see Viewing Threat Intelligence Feeds.
For more information about BloxOne Threat Defense, see the following: