Infoblox BloxOne Threat Defense Reviews

I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense for the government, but I'm not sure if I can provide much information about that because it's secret-related.

What is valuable about the Infoblox BloxOne Threat Defense is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM is very valuable for getting DNS query analytics, and this is very important.

The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.

We use the solution for DNS security.

The solution provides insights into what’s happening on the network. It enriches the information internally.

The solution can be used for DNS security. We sold it to a bank.

The product is stable. It’s the best DNS solution.

It looks at all our DNS queries and activity going out of the company. Anytime that someone is looking up CNN or something like that, this cloud solution looks at it and decides if it's a known spam, malware, virus, or phishing site. If it is any of those things, it will just simply not allow the DNS query. So, it is a great addition to our firewall and network security. It is just another layer. 

Why let the PC go to the bad website or access the bad IP address when it can just block it right there in the DNS? That is basically what it is doing. What makes it fancy is its updates and live algorithm. It can continually stop all our DNS queries that we don't want.

We do everything in the cloud. We send all our information to their cloud solution, then it does all our filtering and protection.

We had an employee get a phone call on her cell phone that said, "Your computer has been hacked. You need to go to this website, log in, put in your credentials and your credit card information." Unfortunately, the employee did that, thus breaching our environment by going to this website and putting in her credentials. We immediately powered off her machine, but before we could get a stop to it, it had reached out and emailed several hundred users. 

We sent out a mass communication, saying, "Do not click on this email. Don't do it."  Unfortunately, due to the timeline, people will click on it and make another decision. Approximately 37 people clicked on it and put in their credentials. Finally, the security team was able to diagnose and block it in the firewall. It didn't matter then who clicked on it, the firewall had finally shut the site down. 

If we had been able to do this on the DNS side, it would have been a lot more instantaneous, because it flags, "All these people are going to the site that they don't normally go to," which is a lot more of an AI type of deal. It would have figured it out. Plus we could have blocked it a lot faster. So, if we had it in there, we would have been able to plug the hole a little faster, if it even allowed it. If that site was a known site, it would have just blocked the DNS immediately. 

The solution is not the be all end all. It would never replace a firewall. It would never replace your network security. It is just another layer that is very good and current. DNS filtering is how it has helped us. When we log into our console, we can see how many thousands of addresses, entries, and requests have been blocked as well as that there is a lower level of spam, phishing, etc.

We use this product as our intermediate between our internal DNS servers and the split-brain model and the internet so that queries don't appear to come directly from inside our network. They're filtered through BloxOne.

BloxOne has been excellent at helping to detect DNS threats, such as data exfiltration attempts. We're surprised at some of the things that it catches.

This product integrates with other security solutions, such as vulnerability scanners, and we're working to leverage those more fully. The integration gives us a single pane of glass, where it brings together all of the information into a single platform where we can view and evaluate it. This is important because it gives our InfoSec team a better handle of what's going on and where problems might be, and how to address them.

It seems to have reduced the effort required by our SecOps team because it gives them additional information that they didn't have access to before.

BloxOne has positively affected our monitoring and detection response processes because it gives us a clearer picture of what's happening in our environment and it simplifies forensics.

In general, we have benefitted from this product because it's allowed us to more rapidly identify and respond to potential issues that our other security tools haven't discovered, or discovered later. It has given us a better security posture than we would have, using only the other tools that we have.

BloxOne is the first layer of the onion. The first layer is DNS, which is the easiest place to block something. That's what the CSP does. We have a couple of block lists with domains to screen out. The simplest way to stop a TLS tunnel from your organization is to prevent them from resolving the IP address. If they honestly try to make a TLS connection to an IP address, it's going to get bucked straight away. It's a cloud service. We don't have an agent. Our on-prem DNS servers reach out to the CSP.

Because we have an onion-layer approach, it's obvious when somebody is resolving something that we don't want them to resolve. BloxOne filters out the noise, and we have more filters down the line on the other side. It does its job.

They were offering all these fancy features, and I just wanted the single sign-on. I don't need role-based access control because I have five guys logging into it, not 500. I have fewer requirements, but I only wanted to use passwords. That integration was good, though. 

I can't say it decreased the amount of work we do. It almost increased demand because it's so good at blocking. For example, it might accidentally block a content delivery network. The CDN might be the third or fourth resolved domain. It will resolve a few tests before it finally gets to cdn.com. You might have blocked cdn.com, but it's hard to attribute it to the first resolved domain. It isn't easy to attribute it all the way along. It's doing its job, but it's just a little more difficult to attribute when something doesn't work.

You need to be kind of careful. It's very powerful, but it's almost too powerful because you can shoot yourself in the foot. That's good and bad. It's blocking everything on the whole network. You can't get around it. 

If someone told me they didn't need DNS protection, I would say they don't understand security architecture very well. There's a reason why we set it up as a layered system rather than having one system controlling everything. If that system fails, it's going to be spectacular. The proxy will do a certain amount of filtering, and the DNS will do some. The end-point will do some filtering or popping, and all those layers combine to provide an in-depth defense. You're doomed to fail if you do everything all in one place.

BloxOne is for DNS protection. We point our local domain name servers to it and it has a feed for "bad character" domain names. We protect our end-users that way. The way we're using it, that's all it does. It fits in somewhere in the middle of our security stack. DNS is the most important part of networking. Not so many people see it that way, but if you can't resolve, say, "cnn.com", nothing works. If your DNS doesn't work correctly, nothing is going to work correctly on your network. It is one of the first layers that comes into play when going to a website or using email.

It's a SaaS solution, a service that InfoBlox provides. All the systems are run by them and they maintain it.

It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.

BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.

Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.