After you define your network scope, they are automatically protected by intelligence threat feeds that come with BloxOne Threat Defense based on your subscription level. You can now set up a few security components such as custom lists, filters, security policies, and redirects.
If you are running the DNS forwarding proxy service on your NIOS Grid, you can configure on-prem DNS firewall to distribute threat intelligence feeds to protect your on-premises networks.
The following sections describe the security components and their usage.
Security Policies
A security policy is a set of rules and actions that you define to balance access and constraints, so you can mitigate malicious attacks and provide security for your networks. BloxOne Threat Defense provides a default global policy that gives you a head start in protecting your networks. You can review the default global policy and decide whether you want to add or remove some of the rules based on your business requirements.
In addition to the default global policy, you can add new security policies from scratch or clone an existing policy to complement the default policy. When you create a new security policy, you must first define a network scope to which you add external networks, user groups, DNS forwarding proxies, DDI IPAM, and Endpoint groups. BloxOne Threat Defense applies the security policy to all the network entities that you include in the network scope. After you define the network scope, you can add policy rules and specify actions and their precedence order.
For information on setting up and configuring security policies, see Configuring Security Policies.Active Thread Feeds
BloxOne Threat Defense provides thread feeds based on your subscription level. For information, see Viewing Active Thread Feeds and Threat Insight.
Custom Lists
You can create custom lists containing domains and IP addresses to define allow lists and bock lists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. You can also add a custom list to multiple security policies or multiple custom lists to one security policy based on your business needs. When using your own threat intelligence feeds with BloxOne Threat Defense Cloud, allow lists and block lists, you can apply your own security policies. Each custom list can contain as many as 50,000 records, and BloxOne Thread Defense supports up to 500,000 records across al customer lists.
For information on setting up and configuring custom lists, see Custom Lists.
Filters
BloxOne Threat Defense provides two types of filters you can use to control internet content for users: category and application filters. Category filters are content categorization rules that BloxOne Threat Defense uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content. Application filters are rules that BloxOne Threat Defense Cloud uses to allow or deny specific applications, such as email, video conferencing, and others.
For information on setting up and configuring filters, see Using Filters.
Default and Custom Redirects
You can configure BloxOne Threat Defense to redirect traffic to display the default or custom redirect page. If you want to redirect traffic to a custom destination, you must first add the redirect IP or domain to the Redirect page.
For information on setting up and configuring redirects, see Defining the Redirect Page.
On-Prem DNS Firewall
Infoblox on-prem DNS firewall employs DNS RPZs (Response Policy Zones), a technology developed by the ISC (Internet System Consortium). DNS RPZs enable reputable sources to dynamically communicate domain name reputation, and this helps you implement policy controls for DNS lookups. You configure on-prem DNS firewall so your NIOS Grid can receive threat feeds offered by BloxOne Threat Defense.
For information on how to configure on-prem DNS firewall for your NIOS networks, see Configuring On-Prem DNS Firewall.
Intelligence Threat Feeds
BloxOne Threat Defense provides threat feeds based on your subscription level. For information, see Licensing and Subscriptions.
For more information, see the following: