What is our primary use case?
BloxOne is for DNS protection. We point our local domain name servers to it and it has a feed for "bad character" domain names. We protect our end-users that way. The way we're using it, that's all it does. It fits in somewhere in the middle of our security stack. DNS is the most important part of networking. Not so many people see it that way, but if you can't resolve, say, "cnn.com", nothing works. If your DNS doesn't work correctly, nothing is going to work correctly on your network. It is one of the first layers that comes into play when going to a website or using email.
It's a SaaS solution, a service that InfoBlox provides. All the systems are run by them and they maintain it.
How has it helped my organization?
It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.
BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.
Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.
What is most valuable?
The GUI has been improved a lot. It's easy to use and intuitive to navigate and to do whatever it is that you want to do with the system. Ease of use is one of the top features.
When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters.
What needs improvement?
The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood.
For how long have I used the solution?
I have been using Infoblox BloxOne Threat Defense for a year and a half.
What do I think about the stability of the solution?
We have not had any service outages with BloxOne. It has been very stable.
What do I think about the scalability of the solution?
We have scaled it as far as we need to, and I have not seen any issues in that regard.
BloxOne gets used with every device in our enterprise that does DNS. As the number of devices grows, usage goes up. It is something that gets used without people even noticing that it's there. Almost the entire enterprise is using it.
As for increasing the use of its features, such as the integrations, we have talked about it, but we have way too many other projects and that has been put on the back burner.
How are customer service and support?
The only time we contacted them for support was during the initial setup, and that's how we got our SE to help us with the categories. On a scale of one to 10, their support is a 12.
We have been using InfoBlox as a company for more than 10 years. Their support team is well-versed in their products. They know their stuff. And if they don't know something, or there is something they haven't worked with, they are very quick to bring in somebody who knows the environment better. They don't drag you along while they're trying to learn, and that is something I really like.
Which solution did I use previously and why did I switch?
We used something else that does almost the same thing. It provided us with the ability to block DNS. We have been doing this for the past 20 years or so. We switched to BloxOne because it's cloud-based. Logging is easier. With all of the previous systems that we had, we had to sacrifice on the logging feature, reduce the logging, because we couldn't maintain that size of a log. With BloxOne, logging is in the cloud and it's not limited. Also, somebody else is maintaining it, which we like.
How was the initial setup?
The initial setup was "in-between." It wasn't so complex, but it also was not so easy that anybody could do it. It had a learning curve, but the learning curve was not that bad. I tackled the learning curve by asking questions of my SE. He was able to give me directions about the best way to configure it.
The kinds of things I asked about were best practices around which categories to enable. I needed to better understand what all the categories were, and what they mean. The default settings were too rigid and we had to make some changes. The SE helped us to understand all the categories, which categories were redundant and which categories should be more relaxed.
We had a PoC deployment and then production. All together, they took about two to three working days.
Our implementation strategy was to set it up the way we believed it should be set up. We put it in a test environment and then realized that some of the categories were too restricted. We got on the phone and then made some changes to those categories. After a couple of weeks of testing, we put it into production. All the settings that needed to be enabled were enabled at that point.
The team that logs in, in administrative roles, includes about eight people, and I don't think they're in there that often. We're usually in there if there's a report of domains being blocked that shouldn't be blocked. For all intents and purposes, it is set-it-and-forget-it. It has been that simple. We don't go in there unless there is a very specific reason for taking a look at something.
For deployment, it was the networking team, so that everybody was aware of how it was set up. BloxOne doesn't require any maintenance because it's in the cloud and Infoblox is maintaining it.
Which other solutions did I evaluate?
We looked at BlueCat and Umbrella. We went with BloxOne because it integrates better with our system. The functionality also looked a little bit better than that of the other two products.
What other advice do I have?
If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand.
Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production.
The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient.
I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.
*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.