Infoblox BloxOne Threat Defense OverviewUNIXBusinessApplication

Infoblox BloxOne Threat Defense is the #3 ranked solution in top Domain Name System (DNS) Security tools. PeerSpot users give Infoblox BloxOne Threat Defense an average rating of 8.4 out of 10. Infoblox BloxOne Threat Defense is most commonly compared to Cisco Umbrella: Infoblox BloxOne Threat Defense vs Cisco Umbrella. Infoblox BloxOne Threat Defense is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Infoblox BloxOne Threat Defense Buyer's Guide

Download the Infoblox BloxOne Threat Defense Buyer's Guide including reviews and more. Updated: November 2022

What is Infoblox BloxOne Threat Defense?

Infoblox BloxOne Threat Defense strengthens and optimizes your security posture from the foundation up, giving you the visibility, control and automation to secure the hybrid workplace. Operating at the DNS level, BloxOne Threat Defense uncovers threats that other solutions do not and stops attacks earlier in the threat lifecycle. Through pervasive automation and ecosystem integration, it drives efficiencies in SecOps, increases the effectiveness of the existing security stack, secures digital and work-from-anywhere efforts and lowers the total cost for cybersecurity.

Infoblox BloxOne Threat Defense was previously known as BloxOne Threat Defense, Infoblox ActiveTrust, Infoblox ActiveTrust Cloud.

Infoblox BloxOne Threat Defense Customers

Council Rock School District, EagleView, Schneider Electric, Baptist Memorial Health Care, American University

Infoblox BloxOne Threat Defense Video

Infoblox BloxOne Threat Defense Pricing Advice

What users are saying about Infoblox BloxOne Threat Defense pricing:
  • "When you buy the subscription, there are no additional costs to add any additional buttons."
  • "Infoblox BloxOne offers pretty good documentation. Check its documentation, then do a PoC. Infoblox is very good at providing PoCs."
  • "It is a very expensive system. You need to go over the licensing before purchase to make sure you're getting what is needed, not anything extra."
  • "There is a significant charge for this product but I think that it's worth it when we look at what it's able to prevent."
  • "If you only wanted the DNS filtering and none of the other products built into Threat Defense, it would be nicer if they could do that a la carte since we are not really using a lot of the solution."
  • Infoblox BloxOne Threat Defense Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Principal Network Engineer at Pegasystems
    Real User
    Does a good job of identifying any threats in terms of data exfiltration
    Pros and Cons
    • "Our ability to detect data exfiltration was minimal before Infoblox and the cloud portal was instituted for us. In terms of DNS security as a whole, we had some capability with our firewalls, but this is a lot more specialized because we're sending all of our DNS requests to Infoblox. I'd say we improved 100%."
    • "This is not just Infoblox, this could be any portal provider, cloud provider, sometimes they change the look of the customer-facing options and it's not completely clear why they make the change."

    What is our primary use case?

    We were already an Infoblox customer for IP address management, DNS, and DHCP and we decided to beef up our security in another avenue as far as the company and its network. So this is one area we got into with Infoblox because of their DNS security. I previously worked for another company in Boston that was an Infoblox customer, and on DNS security originally you had to set up a connection with Infoblox. The threat feeds that analyze the traffic, the customer had to receive those feeds. This is some years back when they first got into this.

    So now, with Pegasystems we're doing the same thing, however, Infoblox is doing this in the cloud, which is infinitely better for a customer like us, meaning that they take in all the threat information and analyze our traffic. All we have to do is set up normal connections to the internet. It's like talking to another website. There's firewall security involved, but that's the most important thing for analyzing Infoblox, the fact that they provide this service out on the internet, in the cloud, is huge for us because they have the ability to synthesize a number of different sources for DNS security, put it in their secret sauce in their portal, and all we have to do is communicate with it and then they inspect our traffic. That is the most important thing for us as a customer. 

    I realize that other companies do that as well, but because Infoblox is an important part of our network infrastructure it makes a lot of sense to do our DNS security with Infoblox. We're also a Palo Alto Firewall customer, and we have traffic that goes out to the internet. All of our traffic going out to the internet gets inspected by Palo Alto firewalls. They have a similar service, but we chose to partner with Infoblox because they're already in the DNS arena and have been for a number of years.

    How has it helped my organization?

    Our ability to detect data exfiltration was minimal before Infoblox and the cloud portal was instituted for us. In terms of DNS security as a whole, we had some capability with our firewalls, but this is a lot more specialized because we're sending all of our DNS requests to Infoblox. I'd say we improved 100%.

    The actual communications that go on between our DNS appliances and the threat engines in the cloud, that traffic get logged by Infoblox, so that information is available in the cloud, and we also export logs to, we have a Splunk system. So in terms of data exfiltration, Infoblox does a good job of identifying any threats in that arena. Now, if something like that comes up and gets logged, it gets flagged by our Splunk system. I work in the network operations team, we have a security knock. If some kind of alert in that realm was logged, they would be alerted, meaning our security folks. Then if we need to take action on someone's machine or a server then it gets triggered from our security, security operations. I would rate the identification of data exfiltration with a high mark.

    Our primary interoperability is with Splunk. The log feed into Splunk got set up right after we signed up for the portal. They go hand in hand. It's because our security team uses Splunk to analyze data. This means they get information from the portal, and they also get information from our individual appliances in the various offices as well.

    BloxOne Threat Defense reduced the amount of effort involved in our SecOps teams when investigating events.

    Our security staff has been added to significantly in the last few years. I started with Pega in 2017 when there were only a handful of security people, but we were a 5,000 employee company. I think we're probably around 6,000 now.  It wasn't just tools, they didn't have enough people to manage the security posture the way they are now. They basically created a whole new department. This platform is just one of many things that they receive data from.

    Our monitoring and detection capability was minimal before we got into BloxOne. Now it's an improvement.

    What is most valuable?

    There's reporting and monitoring in the portal itself, and what customers can view. Additionally there are add-on programs specifically for Infoblox programs that go with Splunk. There are several tools available that add extra visibility.

    Some of the tools that are involved with Splunk, Infoblox can be consulted on to help identify specific pieces of data that our security team is looking for. That's a plus because in this arena there's a lot of data that gets produced and making sense of it is the whole ballgame. Even though Splunk is not an Infoblox product, it's Splunk, but when our security folks receive data from Infoblox and they're not sure exactly how to massage it, there are content folks at Infoblox who help sort through stuff like that. The way that works is that we set up a call or a Webex/Zoom and just hash out with our security team exactly what they're trying to do.

    If we had to take a look at where we are right now, Palo Alto is trying to get more business with us and at some point, we will probably take a look at what they offer in this space, which is just to get educated on the marketplace. The fact that we're a Palo Alto customer, we look to them to add value as well. I'm not saying we're changing anything right now, I'm just saying in our company because we're a big Palo Alto customer, we'll be looking at things they're going to be doing in the future as well.

    We're using BloxOne strictly on the cloud version, but there are threat defense options that can be done with our onsite appliances into what Infoblox calls "the Grid". The Grid is just the collection of appliances that we have in the various offices, and there's a central management tool called the Grid Master where you can set up additional threat defense options, meaning you can inspect traffic even before it leaves the network. That's something we're going to be looking at as well. We're not doing it, but we're going to be looking at it.

    Our initial activation in this arena, because it was so straightforward to just forward traffic right to the portal, which can be done in just a few minutes and actually have it inspect traffic in the first hour. It's not that we've precluded the onsite, but it's just something that we're looking at as a follow-up. We don't feel that we're at a major detriment, but it could improve some of the things we're doing if we do it onsite even before it gets to the cloud. Before they had the cloud portal you had to take in the threat feeds that they use or are available on the internet, and feed them into your own network, which makes it a lot more complicated.

    That's still available. People will still do that, but we choose to use Infoblox and let them synthesize the threat feeds that they have access to.

    What needs improvement?

    This is not just Infoblox, this could be any portal provider, cloud provider, sometimes they change the look of the customer-facing options and it's not completely clear why they make the change.

    It's not just cosmetic. I'll find things that they've moved around after they've done an upgrade. That's a valid criticism of any portal app because they don't poll every user to ask how you want to see the menu options. Everybody gets the same thing.

    Buyer's Guide
    Infoblox BloxOne Threat Defense
    November 2022
    Learn what your peers think about Infoblox BloxOne Threat Defense. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    655,711 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using Infoblox since 2019.

    How are customer service and support?

    I would rate their technical support an eight out of ten. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup was straightforward. The options for the appliances were clearly documented. The onsite logging is actually a virtual host in our network. The setup for that was pretty straightforward as well. There was good documentation.

    It took basically one day to start communicating with the portal and verify that all the appliances were actually, in fact, sending data to the portal and their traffic was being inspected. It didn't take a whole day to set that up, most of the time was just, it was a few hours of setup and several hours of monitoring, just learning what to look for. But it was pretty straightforward.

    What other advice do I have?

    Our on-sight Infoblox DNS DHCP appliances, which there are about 30 of them around the world, there's one screen of information where you put in the Infoblox cloud IP address, answer a few questions, then that triggers DNS forwarding to the Infoblox cloud portal. So when we send our DNS traffic out to the internet it goes to Infoblox first in order to get inspected. If for some reason a particular office or a particular appliance is unable to communicate with Infoblox at a particular time at that cloud IP, they're still able to forward DNS traffic directly to the internet as a backup. That can happen for normal communication disruption. It doesn't happen a lot, but at least our DNS queries don't stop completely if there's an interruption somewhere out on the internet. Which, again, doesn't happen often, but it's good to have available.

    We do some configuration on our Infoblox appliances. On the user side of the portal, there are options for reporting and monitoring that get set up by the customer, but Infoblox sets up sessions with us whenever we ask. Initially, when we became a portal customer we received training from Infoblox, and if we want a refresher or we have somebody new who we want to go through the training they'll assist. What they usually do is have the local Infoblox team in Boston assist with that kind of training as well. 

    It's not protocol agnostic. It's specifically analyzing DNS traffic. Now, if there's data inside the DNS traffic that is being used for non-DNS purposes, that's different. They are not analyzing other protocols, they are just analyzing DNS. So we use other tools to analyze other protocols, primarily firewalls.

    I would rate Infoblox an eight out of ten. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Eli Kirtz - PeerSpot reviewer
    Principal Engineer at T-Mobile
    Real User
    Top 10
    Improved the way that we look at data as it comes in and out
    Pros and Cons
    • "Infoblox has helped us improve in the way that we look at data as it comes in and out. We monitor and manage queries from every device that sits inside our company, e.g., every user, every laptop, and every query. When you type something into the web, Infoblox will scan or manage that. If it is going somewhere bad, then it will block them. From a metrics perspective, it gives us data, letting us go back and find those impacted or infected clients to either clean their devices or remove them from the network."
    • "A lot of their documentation needs improvement."

    What is our primary use case?

    Our primary use case is for all security-type query activities. So, if somebody is trying to hack or infiltrate us, that is why we use Threat Defense in the cloud. We use it to monitor queries coming in and out of our company.

    How has it helped my organization?

    It is a great solution. Infoblox provides all the needed algorithms. When queries come in and out of this solution, which come in and out of our company, they are able to look at every query and determine whether it is a good or bad actor. So, it can determine if we are being DDoS attacked or somebody is trying to infiltrate us by utilizing all kinds of different tunneling methods. Then, it gives you an idea of all the different threats around the country. The platform is aware of all those threats, so I don't have to try to manage every one of those threats as they come in. The system will automatically determine what to do with those threats when they come.

    Infoblox has helped us improve in the way that we look at data as it comes in and out. We monitor and manage queries from every device that sits inside our company, e.g., every user, every laptop, and every query. When you type something into the web, Infoblox will scan or manage that. If it is going somewhere bad, then it will block them. From a metrics perspective, it gives us data, letting us go back and find those impacted or infected clients to either clean their devices or remove them from the network.

    What is most valuable?

    • All the security features, as far as whitelists and blacklists.
    • All the DNS activity logging.

    I have a listing of all the bad domains and different types of IP addresses that are bad. These are just kind of listed in a database so the system can detect as queries are coming in from different IPs and/or domains.

    DNS only uses a couple of protocols, e.g., TCP and UDP ports. So, it has the capability to block protocols where needed. 

    What needs improvement?

    A lot of their documentation needs improvement. 

    For how long have I used the solution?

    I have been using Infoblox for 15 years, but I have been using the cloud version for about five years.

    What do I think about the stability of the solution?

    It has been very stable. The network has only gone down once in the time that we have been using it.

    Our SecOps and support teams are able to monitor and manage any alerts in the cloud. So, if something goes down, then they are alerted. Administration is done by the data center engineers. This is just a handful of people, maybe 25 people at the most.

    What do I think about the scalability of the solution?

    Because it is cloud-based, it scales to what we need it for. I don't see any limitations on where we couldn't add more on-prem hosts into this environment. I believe that it can handle anything that we throw at it from a scalability perspective.

    There are probably 25,000 users who go through the cloud. They could be anyone: engineers, project managers, and retail store servers as well as network devices. All these types of people and devices go through Threat Defense Cloud.

    How are customer service and technical support?

    We found the technical support through our Infoblox Support Portal. They are very good. They have been able to resolve almost every issue that we have had when we have had to call them.

    We have worked through several bugs that needed to be remediated, but Infoblox does a great job of listening to us and then taking that back to the company to come up with ways to fix some of the things that we see as issues and/or bugs.

    Which solution did I use previously and why did I switch?

    Infoblox, as a whole, has been able to allow our SecOps teams to better manage data coming in and out of our network. Before, they had to do a lot of that work manually using several different systems to manage that traffic. Now, all traffic is sent to a logging system, then that logging system parses all that data and spits out things that may need attention.

    How was the initial setup?

    The initial setup is pretty easy and straightforward. All we had to do was just create a device name with an IP address and then allow the firewall to communicate between the cloud and our on-prem hosts, which was pretty straightforward. Then, Threat Defense Cloud does everything else for us.

    Overall, it was a pretty big deployment. It took about 30 days. There were a lot of components, like firewall policy, that just can't be done tomorrow. We have 30-plus devices that connect from our on-prem host into the cloud. Going through all the iterations of getting approvals and the normal standard stuff probably took about 30 business days overall. 

    What about the implementation team?

    I actually did the integration.

    Once we understood how the product worked, we relied on Infoblox to help us put together how we would implement this solution into our network.

    What was our ROI?

    Threat Defense has helped protect data from being stolen or lost. Since I have been managing this, there has not been any kind of outages where we have lost data because of threats from a DNS perspective. So, our return on investment has been very good because we have been protected.

    The solution has reduced the amount of effort involved for our SecOps teams when investigating events. Obviously, there are other solutions, as a company, that we use, but Infoblox has probably helped clean up about 35% to 40% of the time that our SecOps team has to spend tracking down bad actors since the system will automatically take care of it for them.

    What's my experience with pricing, setup cost, and licensing?

    We negotiated a three-year subscription. I believe they only do yearly subscriptions.

    When you buy the subscription, there are no additional costs to add any additional buttons.

    Which other solutions did I evaluate?

    We have not evaluated other solutions. We would end up having to go to another company and replace everything. We didn't see that as being feasible.

    We have been using Infoblox, as a whole, for over 20 years. When they add new things to their portfolio, because we are already standardized in Infoblox, it is easier for us just to evaluate what they are offering versus trying to start over again. Most are add-on things that can be added to our existing Infoblox. 

    What other advice do I have?

    Build it out in your live environment, then just test every aspect of the product to make sure it fits your needs.

    You need a DNS solution. I don't know anyone who would want to manage DNS-type activity, whether it is IPAM or DDI via a next-gen firewall. We don't use a lot of next-gen firewalls, so it is really hard for me to speak to whatever their capabilities are. I just know that throughout our company, as a whole, we use DNS everywhere possible. To say that a next-gen firewall could replace a DNS/DDI solution, I would say that I'm not aware that a next-gen firewall has that capability.

    DNS uses standard protocols. As far as how it works, transmits, and receives, this is not super important to our SecOps teams because those protocols have to be used at all times in order for it to work.

    We are using about 25% of the features within the product. We have five to seven different product add-ons of theirs. Some are good and some are bad, but we definitely were interested in their cloud environment to help scalability and control risks. That was one of the primary reasons for implementing it.

    I would give it an eight out of 10.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Infoblox BloxOne Threat Defense
    November 2022
    Learn what your peers think about Infoblox BloxOne Threat Defense. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    655,711 professionals have used our research since 2012.
    IT Infrastructure Specialist Infrastructure Applications at a transportation company with 10,001+ employees
    Real User
    Top 20
    We have more visibility, granularity, and contextual information about threats
    Pros and Cons
    • "BloxOne provides automatic sharing of network context data, which affects our speed of threat response and provide real-time threat intelligence. Our security operations needs this to do their work. It makes us feel safer."
    • "Within the past two years, we discovered certain bugs in their products. The resolution of these bugs took a little too much time, especially if our production environment is down for a certain amount of time, then we are losing money. That is hard to convey to Infoblox support, e.g., we actually need the system up and running again within two or three hours. The awareness of these so-called production down incidents is not really easy to convey."

    What is our primary use case?

    We use it for DNS, DHCP, IPAM in general, and DNS Threat Defense.

    I administrate the DDI feature set.

    We use Azure and AWS as our cloud providers.

    How has it helped my organization?

    We are currently in the phase of planning and integration with Azure Sentinel. We are also using a BloxOne Threat Defense client on each of our computers to actively block malicious websites.

    BloxOne provides automatic sharing of network context data, which affects our speed of threat response and provides real-time threat intelligence. Our security operation team needs this to do their work. It makes us feel safer.

    We have more visibility, granularity, and contextual information about threats.

    What is most valuable?

    DNS and DHCP are essential. Threat Defense is a very good feature. We use all of them and are very satisfied.

    BloxOne is very good at helping to detect DNS threats. We are using it on a daily basis. It has helped us identifying possible data exfiltration events already. We detected a possible data exfiltration attempt, which Infoblox BloxOne helped us to identify. We came to the conclusion that this is normal behavior. Now, we are actively blocking certain web pages with improper content, like porn sites. 

    We are using Infoblox DDI for IPAM, DNS and DHCP stuff. There is a certain policy in place when it comes to DNS resolution. DDI affects our network and operations in a very positive way. With Threat Defense, we are controlling the DNS traffic. We can make sure that certain DNS domains are resolved only over our internal DNS service. Others are using public DNS servers. We are separating traffic on our VPN networks this way. It is not actually fine-graded, but we are starting to implement more detailed policies.

    It is using just the DNS resolution. Regardless of which protocol is then used after the DNS resolution has occurred, the possible block of accessing that resource is already in place. So, it doesn't matter which protocol you are using afterwards.

    What needs improvement?

    The general administration webpage, i.e., their portal, needs improvement. In the past two years, it is much better than it used to be, but there are still some things that would need improvement when it comes to the design of the webpage or finding information. This  may also be due to the way that we are using the web portal. We have a very large network and the way we categorize is a little cumbersome to administer.

    The DDI systems of BloxOne are black boxes to us, which implies that actually we don't see what is going on inside there. We would like to see a little bit more of what is going on inside that box, e.g., monitoring and general feedback of the box. We want to know, "What is the box actually doing right now?" This is part of the solution because it is SaaS. We need to learn that the actual DNS and DHCP server is not our system anymore, because it's actually maintained by a different company, namely Infoblox. So, we either need to rethink this or trust another company to do that stuff for us.

    For how long have I used the solution?

    I have been using it for two years now.

    What do I think about the stability of the solution?

    Now, BloxOne is very stable and good. Two years ago, it was a little flaky.

    What do I think about the scalability of the solution?

    The scalability is very good.

    There are about 100 offices worldwide with about 10,000 people working with the solution. Whenever we need a new system, it is deployed within 30 minutes or so. 

    How are customer service and technical support?

    The technical support used to be better. When it comes to day-to-day work, they are very fast and reliable. Within the past two years, we discovered certain bugs in their products. The resolution of these bugs took a little too much time, especially if our production environment is down for a certain amount of time, then we are losing money. That is hard to convey to Infoblox support, e.g., we actually need the system up and running again within two or three hours. The awareness of these so-called production down incidents is not really easy to convey.

    Which solution did I use previously and why did I switch?

    BloxOne has enabled our monitoring, detection, and response processes. We didn't have such a solution previously. Before using Infoblox, we didn't know.

    When it comes to the DDI side of things, we now can work more granularly. We have a more controlled way of doing DNS resolutions. Before, we used Microsoft DNS and Microsoft DHCP, and those Microsoft products don't have the features that Infoblox has.

    The main benefit of the Microsoft built-in solutions is that they are free of charge because they are part of the operating system. The main con is they don't have the feature set that Infoblox has. 

    Before Infoblox, we used to have a management solution called BlueCat, which worked well but didn't scale like Infoblox. They also didn't have the feature set available. 

    BloxOne can detect threats that cannot be detected by the other security tools that we have evaluated. Previously, we didn't have this threat analysis at all.

    How was the initial setup?

    The DNS and DHCP are actually not that complicated. They make sense. On a scale between one and 10, it is a five in terms of complexity. Since using Infoblox, I came to the conclusion that there is more inside of DNS than simply resolving a name into an IP address and the other way around. These are things that I didn't know before.

    The preparation took us two months or so. The actual implementation was done within two days. We deployed all the DNS and DHCP systems, together with the Threat Defense, in a parallel way. Then, within these two days, we switched over from the old infrastructure to the new infrastructure, and kept the old infrastructure as caching-only systems. We then switched one server after another over to the new systems.

    What about the implementation team?

    We deployed it with the help of a third-party consultant. We were very satisfied with their work. They had the knowledge to help us do a migration for a big-scale environment. While this was a third-party consultant, Infoblox was always reachable. Infoblox knew that we were doing this switch and support was informed. So, we could call Infoblox support and they immediately reacted. Everybody was fully available and aware of this major change for us.

    What's my experience with pricing, setup cost, and licensing?

    As far as I know, Infoblox BloxOne offers pretty good documentation. Check its documentation, then do a PoC. Infoblox is very good at providing PoCs. Take your time to learn the solution before going to production with it.

    Which other solutions did I evaluate?

    We investigated two systems beside Microsoft and BlueCat.

    What other advice do I have?

    Due to the changes in general technology, everybody is moving out of their on-premise environments to the cloud, which has completely different threats. Look at your spam folder in your mailbox. There are a lot of emails claiming to be from a trusted platform, when in fact, they are not. For example, all these phishing emails and domain names written with different letter letters, like the Cyrillic alphabet or Arabic letters. They look alphabetic, when in fact, they are completely different. All these things are caught by buying Infoblox.

    Hopefully, they don't extract any data from our data streams. But to a certain degree, they need to take a look at the data that is actually transferred so they can find malicious content.

    We are still in the adoption phase and simply don't have the time to dig or dive into all the possibilities this product gives us.

    I would rate it as a nine out of 10.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Behzad Barzideh - PeerSpot reviewer
    Senior Network Architect at SUNY at Stony Brook
    Real User
    Top 20
    We don't have to worry about DNS infiltrations and helps ensure that end-users don't visit problematic websites
    Pros and Cons
    • "When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters."
    • "The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood."

    What is our primary use case?

    BloxOne is for DNS protection. We point our local domain name servers to it and it has a feed for "bad character" domain names. We protect our end-users that way. The way we're using it, that's all it does. It fits in somewhere in the middle of our security stack. DNS is the most important part of networking. Not so many people see it that way, but if you can't resolve, say, "cnn.com", nothing works. If your DNS doesn't work correctly, nothing is going to work correctly on your network. It is one of the first layers that comes into play when going to a website or using email.

    It's a SaaS solution, a service that InfoBlox provides. All the systems are run by them and they maintain it.

    How has it helped my organization?

    It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.

    BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.

    Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.

    What is most valuable?

    The GUI has been improved a lot. It's easy to use and intuitive to navigate and to do whatever it is that you want to do with the system. Ease of use is one of the top features.

    When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters.

    What needs improvement?

    The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood.

    For how long have I used the solution?

    I have been using Infoblox BloxOne Threat Defense for a year and a half. 

    What do I think about the stability of the solution?

    We have not had any service outages with BloxOne. It has been very stable.

    What do I think about the scalability of the solution?

    We have scaled it as far as we need to, and I have not seen any issues in that regard.

    BloxOne gets used with every device in our enterprise that does DNS. As the number of devices grows, usage goes up. It is something that gets used without people even noticing that it's there. Almost the entire enterprise is using it.

    As for increasing the use of its features, such as the integrations, we have talked about it, but we have way too many other projects and that has been put on the back burner.

    How are customer service and technical support?

    The only time we contacted them for support was during the initial setup, and that's how we got our SE to help us with the categories. On a scale of one to 10, their support is a 12.

    We have been using InfoBlox as a company for more than 10 years. Their support team is well-versed in their products. They know their stuff. And if they don't know something, or there is something they haven't worked with, they are very quick to bring in somebody who knows the environment better. They don't drag you along while they're trying to learn, and that is something I really like.

    Which solution did I use previously and why did I switch?

    We used something else that does almost the same thing. It provided us with the ability to block DNS. We have been doing this for the past 20 years or so. We switched to BloxOne because it's cloud-based. Logging is easier. With all of the previous systems that we had, we had to sacrifice on the logging feature, reduce the logging, because we couldn't maintain that size of a log. With BloxOne, logging is in the cloud and it's not limited. Also, somebody else is maintaining it, which we like.

    How was the initial setup?

    The initial setup was "in-between." It wasn't so complex, but it also was not so easy that anybody could do it. It had a learning curve, but the learning curve was not that bad. I tackled the learning curve by asking questions of my SE. He was able to give me directions about the best way to configure it.

    The kinds of things I asked about were best practices around which categories to enable. I needed to better understand what all the categories were, and what they mean. The default settings were too rigid and we had to make some changes. The SE helped us to understand all the categories, which categories were redundant and which categories should be more relaxed.

    We had a PoC deployment and then production. All together, they took about two to three working days.

    Our implementation strategy was to set it up the way we believed it should be set up. We put it in a test environment and then realized that some of the categories were too restricted. We got on the phone and then made some changes to those categories. After a couple of weeks of testing, we put it into production. All the settings that needed to be enabled were enabled at that point.

    The team that logs in, in administrative roles, includes about eight people, and I don't think they're in there that often. We're usually in there if there's a report of domains being blocked that shouldn't be blocked. For all intents and purposes, it is set-it-and-forget-it. It has been that simple. We don't go in there unless there is a very specific reason for taking a look at something.

    For deployment, it was the networking team, so that everybody was aware of how it was set up. BloxOne doesn't require any maintenance because it's in the cloud and Infoblox is maintaining it.

    Which other solutions did I evaluate?

    We looked at BlueCat and Umbrella. We went with BloxOne because it integrates better with our system. The functionality also looked a little bit better than that of the other two products.

    What other advice do I have?

    If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand.

    Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production.

    The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient.

    I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Network Engineer at a recruiting/HR firm with 10,001+ employees
    Real User
    Top 20
    Automatically updates the blocklists and intercepts compromised domains even before our firewall, but needs better onboarding and customer service
    Pros and Cons
    • "The automatic blocklists are most valuable. A box can maintain several lists from which we can choose if we need to block more or less. We don't have to manually manage the lists ourselves. They're automatically updated."
    • "The onboarding is a little rough at times, and you need to have some information at hand. It is pretty good, but it would be useful to have a few good examples to set up things like data exfiltration."

    What is our primary use case?

    We use BloxOne for their threat defense product, where basically it acts as a firewall in DNS traffic. So, if a domain has malware on it, it can intercept that even before it gets to our firewall. We don't give any response to dangerous domains.

    It is web-based. So, we have the current version. It connects to their traditional Infoblox application. Those traditional applications have to basically point to forward to request to BloxOne.

    How has it helped my organization?

    I don't have any metrics, but we have had some instances where a domain was compromised, and BloxOne blocked the traffic before our firewall vendor did it on their side.

    BloxOne’s security system integrations provide automatic sharing of network context data. It has improved some of the things a bit. We don't have everything turned up all the way, but for what we do have, it does give another data point. So, if two or more sources are saying that there is a problem, it helps identify that we definitely need to treat a destination as a problem.

    BloxOne is protocol-agnostic when it comes to blocking at the DNS level. It is not a huge feature for us, but it is definitely a concern. We have a lot of different applications that we support for various reasons, and it is definitely important that all of them be considered. We have a pretty wide footprint of things we need to support.

    What is most valuable?

    The automatic blocklists are most valuable. A box can maintain several lists from which we can choose if we need to block more or less. We don't have to manually manage the lists ourselves. They're automatically updated.

    The automatic sharing of network context data helps to provide real-time threat intelligence.

    What needs improvement?

    The onboarding is a little rough at times, and you need to have some information at hand. It is pretty good, but it would be useful to have a few good examples to set up things like data exfiltration.

    The customer service team from Infoblox has been frustrating to deal with a few times.

    For how long have I used the solution?

    I have been using this solution for about a year. We've been using Infoblox for several years, but we moved over to the BloxOne services in the last year.

    What do I think about the stability of the solution?

    I haven't noticed any issues with stability for it. It has been pretty good.

    What do I think about the scalability of the solution?

    I have not seen any issues with scalability. We have probably about a half dozen users. They are network engineers and security administrators.

    We do have plans to increase its usage. It is not used extensively. We have a baseline to look for the biggest threats, and then we hope to increase that usage as time goes by.

    How are customer service and technical support?

    Lately, they have been a six out of 10. They've been very short-staffed due to world events. They've been down a notch.

    Which solution did I use previously and why did I switch?

    We did not use any other solution.

    How was the initial setup?

    We did have to do implementation on our side. We did it with professional services assistance. It was a bit complex. There was some back and forth on it. We had to get some network information, and we had to work around some unusual configurations on our Infoblox setup to integrate properly. There is basically an easy setting that probably works for over half of customers, but we were not able to use that, so we had to go through a more complex alternative procedure.

    The primary deployment took about six to eight hours, which wasn't bad. For adding additional devices, we have a worked-out procedure, and it literally takes 10 to 20 minutes a device.

    We implemented it as part of an overall system upgrade. So, it was basically an add-on to where we were upgrading hardware appliances and VMs onsite, and we did BloxOne as part of that.

    For its maintenance, it is pretty much just me, and it requires very little active maintenance. Once it is set up, it pretty much runs on its own. It is very maintenance-free. It is essentially a web application, so it is run by Infoblox. They basically just check it every now and then.

    What about the implementation team?

    Its implementation was done by Infoblox professional services.

    What was our ROI?

    To my knowledge, our company hasn't done a return on investment for BloxOne. We don't plan to do one at this point. It is just not the highest priority because of a few other projects that are going on.

    What's my experience with pricing, setup cost, and licensing?

    It is a very expensive system. You need to go over the licensing before purchase to make sure you're getting what is needed, not anything extra.

    There are a couple of features at an extra cost, but they are more for Infoblox, not BloxOne. So, I wouldn't really count them. We use other Infoblox products, and BloxOne bills get rolled into them.

    Which other solutions did I evaluate?

    We've briefly looked at some of the solutions. It was integrated with our existing system, so it really didn't make sense to change.

    We may look at alternatives in a few years, but it won't probably happen for two to three years at this point. We would like to keep an eye on what's out there. We have had some issues with not necessarily the support, but the customer service team from Infoblox has been frustrating to deal with a few times. So, we would like to keep our options open.

    What other advice do I have?

    With the assistance of professional services, it is very simple to install. It is mainly time-consuming. I would advise getting a good, clear view of how your network works before implementing anything.

    We are not heavily using it to detect DNS threats such as data exfiltration, Domain Generation Algorithms (DGAs), Fast Flux, lookalike domains, and fileless malware. We may use these features in the future. We have also not yet integrated it with security systems such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. Similarly, we don't use BloxOne DDI for policy settings based on IPAM and DNS data.

    It hasn't substantially reduced the amount of effort involved for our SecOps teams when investigating events. It has given us another tool to look at, but it hasn't been a major change. It has also not detected threats that cannot be detected by other security tools. Sometimes, there are faster options.

    To a colleague who says that their next-gen firewall and other security tools mean that they don’t need a DNS-specific security solution, I would probably advise looking at some of the DNS-related issues where firewalls aren't going to be that helpful, such as data exfiltration.

    The biggest lesson that I have learned from using this solution is to keep an eye on what your devices are actually doing. We've seen a lot of traffic issues with Infoblox where the root cause of an issue is actually the underlying hardware it is on, and there is nothing you can really do about that, unfortunately.

    I would rate BloxOne a seven out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Laura Ling - PeerSpot reviewer
    DNS Guru at a healthcare company with 10,001+ employees
    Real User
    Top 10
    Responsive support, integrates well with other security products, and allows us to more rapidly identify and remediate threats
    Pros and Cons
    • "The reporting ability is helpful. It allows us to control what our users are able to resolve, and then be able to see reports on that."
    • "The documentation needs to be improved because there are a lot of different models that it can be deployed in, and it's somewhat confusing determining what you need and how to set it up to best cover your use cases."

    What is our primary use case?

    We use this product as our intermediate between our internal DNS servers and the split-brain model and the internet so that queries don't appear to come directly from inside our network. They're filtered through BloxOne.

    How has it helped my organization?

    BloxOne has been excellent at helping to detect DNS threats, such as data exfiltration attempts. We're surprised at some of the things that it catches.

    This product integrates with other security solutions, such as vulnerability scanners, and we're working to leverage those more fully. The integration gives us a single pane of glass, where it brings together all of the information into a single platform where we can view and evaluate it. This is important because it gives our InfoSec team a better handle of what's going on and where problems might be, and how to address them.

    It seems to have reduced the effort required by our SecOps team because it gives them additional information that they didn't have access to before.

    BloxOne has positively affected our monitoring and detection response processes because it gives us a clearer picture of what's happening in our environment and it simplifies forensics.

    In general, we have benefitted from this product because it's allowed us to more rapidly identify and respond to potential issues that our other security tools haven't discovered, or discovered later. It has given us a better security posture than we would have, using only the other tools that we have.

    What is most valuable?

    The most valuable feature is the security aspect, which is why we bought it

    The reporting ability is helpful. It allows us to control what our users are able to resolve, and then be able to see reports on that. As a healthcare company, we're a potentially high-value target, and this helps provide an extra layer of security, especially with people working from home, where we can help prevent them from accidentally or intentionally reaching some of the malicious sites, and either having their machines compromised or being part of data exfiltration and infiltration attempt.

    BloxOne is protocol-agnostic when it comes to the web traffic that it blocks. For example, it finds purely DNS traffic that's in a lot of cases, missed by firewalls. This is important because it gives us another layer of protection. It's another vector for us to implement our security policies so that we're not reliant on a single technology or a single vendor.

    What needs improvement?

    The documentation needs to be improved because there are a lot of different models that it can be deployed in, and it's somewhat confusing determining what you need and how to set it up to best cover your use cases.

    The interface needs to be a tad more streamlined, in that some of the menu options are not as clear as they could be.

    For how long have I used the solution?

    We deployed Infoblox BloxOne Threat Defense approximately one year ago.

    What do I think about the stability of the solution?

    This solution has been very stable for us. We receive notifications whenever connectivity is disrupted between our on-premises infrastructure and the cloud, and we only get those when there is actually an issue, which isn't very frequent.

    What do I think about the scalability of the solution?

    We've only implemented it in the US and scalability-wise, it has been more than sufficient for our needs. It's a cloud-based solution so there are multiple entry points. We are planning to go global with it in the near future and I don't foresee any problem.

    How are customer service and technical support?

    The technical support is responsive to our needs when there are issues with the help desk. They are good when it comes to getting problems resolved and implementing improvements.

    Essentially, they are good to start with, and they're responsive to any of the complaints that we've raised.

    Which solution did I use previously and why did I switch?

    At this company, we did not switch to this product from another solution. We implemented it to simplify our architecture and to obtain the security features.

    The closest thing that I have experience with is OpenDNS, which is Cisco's Umbrella, and they're not really comparable once you get past being able to resolve DNS. I have not done a head-to-head comparison between these products so I don't know whether BloxOne detects threats that Cisco Umbrella cannot. However, I know that BloxOne finds threats that our firewalls are not able to register.

    How was the initial setup?

    The initial setup was fairly complex. We have a bit of a non-standard deployment and it was suggested that we take training prior to it when we're able to. So, part of that's self-inflicted, but going back to the documentation, some things are not as clear as they could be either.

    Our implementation was done in a phased approach that started with a pilot that ran for a couple of months. In total, it took us approximately three months to deploy.

    At the time, we were doing a hardware refresh so we implemented the BloxOne Threat Defense along with the new servers and ran it on them until they were rolled into the architecture of our NIOS implementation. 

    What about the implementation team?

    Our in-house team was responsible for deployment. It was primarily me, and I'm a network engineer. We did have supporting people on-site because we have a physical implementation, although it was essentially a software switch that we turned on.

    What was our ROI?

    We have seen a return on our investment in that it prevents malware and data exfiltration. We have some high-value information that we don't want leaking out, and we know from the reports that there have been events that we were protected against by using BloxOne.

    What's my experience with pricing, setup cost, and licensing?

    There is a significant charge for this product but I think that it's worth it when we look at what it's able to prevent.

    Which other solutions did I evaluate?

    We did not evaluate other options before selecting BloxOne.

    What other advice do I have?

    This type of DNS-specific tool is an important part of a security solution that is not covered by other security tools, such as a next-generation firewall. If somebody suggested otherwise then I would tell them to test it out on some of the tools and do a head-to-head comparison.

    My advice for anybody who is looking into implementing BloxOne is to do a comparison against some of the tools internally and see for yourself the value that it can provide. Then, work with Infoblox on the development and work with the security team on customizing and personalizing the rules so that you can allow the traffic that you need and block the traffic that you don't want. 

    The biggest lesson that I have learned from using this product is that there is always room to improve your security posture.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Jared Baker - PeerSpot reviewer
    Virtualization/Datacenter Engineer at a healthcare company with 10,001+ employees
    Real User
    Top 10
    We can see what is being blocked before it even makes it to the firewall
    Pros and Cons
    • "Using the reporting, we can tell that we have gained an extra layer of protection. Just by looking at it, we can see what is being blocked before it even makes it to the firewall. It is definitely working."
    • "They could work on the UI of their website and make their website more user-friendly."

    What is our primary use case?

    It looks at all our DNS queries and activity going out of the company. Anytime that someone is looking up CNN or something like that, this cloud solution looks at it and decides if it's a known spam, malware, virus, or phishing site. If it is any of those things, it will just simply not allow the DNS query. So, it is a great addition to our firewall and network security. It is just another layer. 

    Why let the PC go to the bad website or access the bad IP address when it can just block it right there in the DNS? That is basically what it is doing. What makes it fancy is its updates and live algorithm. It can continually stop all our DNS queries that we don't want.

    We do everything in the cloud. We send all our information to their cloud solution, then it does all our filtering and protection.

    How has it helped my organization?

    We had an employee get a phone call on her cell phone that said, "Your computer has been hacked. You need to go to this website, log in, put in your credentials and your credit card information." Unfortunately, the employee did that, thus breaching our environment by going to this website and putting in her credentials. We immediately powered off her machine, but before we could get a stop to it, it had reached out and emailed several hundred users. 

    We sent out a mass communication, saying, "Do not click on this email. Don't do it."  Unfortunately, due to the timeline, people will click on it and make another decision. Approximately 37 people clicked on it and put in their credentials. Finally, the security team was able to diagnose and block it in the firewall. It didn't matter then who clicked on it, the firewall had finally shut the site down. 

    If we had been able to do this on the DNS side, it would have been a lot more instantaneous, because it flags, "All these people are going to the site that they don't normally go to," which is a lot more of an AI type of deal. It would have figured it out. Plus we could have blocked it a lot faster. So, if we had it in there, we would have been able to plug the hole a little faster, if it even allowed it. If that site was a known site, it would have just blocked the DNS immediately. 

    The solution is not the be all end all. It would never replace a firewall. It would never replace your network security. It is just another layer that is very good and current. DNS filtering is how it has helped us. When we log into our console, we can see how many thousands of addresses, entries, and requests have been blocked as well as that there is a lower level of spam, phishing, etc.

    What is most valuable?

    They offer a client, which is pretty neat, where we can go to our Threat Defense website and install this client on our mobile laptops. This client forwards all the DNS queries from those laptops to the DNS security. So, no matter where somebody is, the protection of the laptop goes with them. 

    Using the reporting, we can tell that we have gained an extra layer of protection. Just by looking at it, we can see what is being blocked before it even makes it to the firewall. It is definitely working.

    The solution is “protocol-agnostic” when it comes to blocking at the DNS level. It doesn't care. This is important to us, in terms of our security environment.

    What needs improvement?

    They could work on the UI of their website and make their website more user-friendly.

    For how long have I used the solution?

    I have been using the BloxOne Threat Defense product for a year, but I have had Infoblox for three or four years.

    What do I think about the stability of the solution?

    The stability is absolutely rock-solid.

    Two people are required to maintain the solution: One role is network and the other is security.

    What do I think about the scalability of the solution?

    It is cloud-based, so it can infinitely grow.

    We have 18 hospitals and thousands of clinics. We are always growing. We plan to implement the solution in more locations going forward.

    How are customer service and support?

    We use the technical support sometimes (not often). They are good.

    Which solution did I use previously and why did I switch?

    Previously, we were just using Palo Alto Firewalls, but we weren't doing any DNS filtering. scanning, or protection with it.

    We got BloxOne Threat Defense because we really wanted the layer that Infoblox offered and integrated. We were already using Infoblox DNS, so adding Infoblox DNS Security was simple.

    How was the initial setup?

    The initial setup was fairly straightforward. It took us a day to deploy because we have 18 hospitals, each with their own setup. Each setup probably took around 30 to 45 minutes.

    What about the implementation team?

    The deployment was done in-house with Infobox.

    What was our ROI?

    We have seen ROI based on speed, management, and protection.

    The solution has absolutely reduced the amount of effort involved for our SecOps teams when investigating events. It has definitely given us another tool and helped. It is another layer that we are able to see, so I'm sure it saves time and money.

    It has definitely made us more aware of our environment. We have a much better response time on threats.

    What's my experience with pricing, setup cost, and licensing?

    If you only wanted the DNS filtering and none of the other products built into Threat Defense, it would be nicer if they could do that a la carte since we are not really using a lot of the solution.

    Which other solutions did I evaluate?

    We wanted to go with BloxOne Threat Defense because it was a simple integration. Instead of an installation, it was just something that we turned on.

    At this point, we haven't really utilized the integrations with security systems, such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. We don't use a lot of the vulnerability scanners because we have in-house products for that, like Carbon Black.

    What other advice do I have?

    We love BloxOne Threat Defense.

    Working with your in-house firewall can be challenging. You need to make sure you have all your ports and rules open. So, you need to be fully prepared for that.

    If someone says that they don't need a DNS-specific security solution, then they would need to have something equivalent to it, and it would have to be just as good. Saying you don't need it is absolutely untrue. DNS filtering is a no-brainer. If you don't have DNS protection, you are allowing anybody to look up whatever they want, hoping the firewall will get it.

    I would rate this product as a solid nine out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free Infoblox BloxOne Threat Defense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free Infoblox BloxOne Threat Defense Report and get advice and tips from experienced pros sharing their opinions.