Infoblox BloxOne Threat Defense Reviews

Our main use case for Infoblox BloxOne Threat Defense is blocking malicious domains over the internet for our customers.

A specific example of how we use Infoblox BloxOne Threat Defense to block malicious domains is that we have DNS firewall policies which inspect all DNS queries from end users in different locations, blocking any malicious DNS queries that match our DNS firewall policy to prevent users from reaching harmful sites.

We majorly interact with Infoblox BloxOne Threat Defense for on-prem users as well as roaming users using Infoblox agents.

Infoblox BloxOne Threat Defense has positively impacted our organization by effectively preventing any kind of DNS attack or zero-day attack that users are not aware of.

Since using Infoblox BloxOne Threat Defense, we have seen a significant number of malicious domains getting blocked, and we have sent this data to our security analysis team to check the trend of user behavior.

We have saved a lot of time by not digging into multiple tools for DNS threats because Infoblox BloxOne Threat Defense can log malicious queries on its own and send them to a security SIEM tool, which then triggers an incident, improving our timing on detecting malicious DNS queries in the environment.

Infoblox BloxOne Threat Defense offers a wide range of security feeds including malware, ransomware, domain generation algorithms, and many more types of feeds, along with security over category blocking of domains.

A unique feature in Infoblox BloxOne Threat Defense is the ability to identify look-alike domains, where we can input our own domains and public domains that may confuse users.

Security feeds such as malware, ransomware, and domain generation algorithms have helped our organization when an end user received a spam email containing a non-secure URL or a malicious domain, which was successfully blocked by Infoblox BloxOne Threat Defense, protecting our assets.

If I had to think of an area of improvement for Infoblox BloxOne Threat Defense, it would be for the support team to be more proactive, as normal questions could often be answered by a level one support team more effectively, given that they usually take a lot of time to respond to certain queries.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

I have been using Infoblox BloxOne Threat Defense for three years.

Infoblox BloxOne Threat Defense is a very stable solution.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Customer support is good, but sometimes there is a lack of clarity that the technical assistant team struggles to deliver, leading us to escalate cases for a more in-depth understanding of the tool.

We previously used the open DNS security features from Cloudflare, but it was not a paid subscription, so we could not maximize the benefits, which is why we switched to Infoblox BloxOne Threat Defense.

The licensing subscriptions come based on our usage, and we are using the BloxOne Threat Defense Advanced license to enable the best security standards for our enterprise, and the setup process was easy and smooth since it is subscription-based.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

We did not evaluate any other options before choosing Infoblox BloxOne Threat Defense; it was our first and final product that we implemented.

Infoblox BloxOne Threat Defense is deployed in our organization in the public cloud.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

I have not noticed any use case where Infoblox BloxOne Threat Defense needs improvement; it is a very robust tool with all the good features built in from the vendor.

My advice for others looking into using Infoblox BloxOne Threat Defense is that it is a powerful tool, and they should take a demo from the vendor to understand their own use cases; the overall implementation is easy and accurate, and once you have hands-on knowledge, day-to-day management on BloxOne Threat Defense becomes straightforward.

Overall, Infoblox BloxOne Threat Defense is a wonderful tool—one of the best we have used for DNS security, and if any enterprise needs such a solution, they should definitely consider this product to find value in the platform. I give this product a rating of 10 out of 10.

My main use case for Infoblox BloxOne Threat Defense is for DNS security. I generally use this for threat defense, which mostly comes under DNS itself. So, it's DNS security and protective DNS platforms.

For DNS security issues like phishing-related issues, I use Infoblox BloxOne Threat Defense when some endpoints try to resolve the domain via DNS. Something suspicious reaches the endpoint with respect to DNS, so Infoblox BloxOne Threat Defense interrupts the process. For an endpoint, it tries to resolve the domains via DNS and it establishes the connections.

The use case is specific. Typically, the attack flow and troubleshooting are generally used with Infoblox BloxOne Threat Defense. So, suppose one user clicks on a phishing link. Then the endpoint tries to resolve the domain via DNS, and then DNS returns the IP, and then the connection is established. Security products attempt the detection, and Infoblox BloxOne Threat Defense interrupts the process on the endpoint itself, making it helpful for phishing, ransomware, C2 communication, and DNS tunneling.

The best features Infoblox BloxOne Threat Defense offers include the core strength being the DNS-centric security expertise. This is the main feature, which includes better DNS visibility, advanced DNS attack detection capability, and strong DNS policy controls.

Beyond that, threat intelligence is also one of the core strengths of Infoblox BloxOne Threat Defense. The platform focuses on malicious domains, host infrastructure, and DNS patterns, rather than waiting for endpoint detection. Furthermore, I think we can add the DNS exfiltration detection capability, along with hybrid cloud coverage as well.

Positively, Infoblox BloxOne Threat Defense impacts my organization. We already used Infoblox DDI, DNS, DHCP, and IPAM. Infoblox BloxOne Threat Defense becomes even more valuable because it provides a rich context around devices, DNS activity, and threat intelligence.

The policy in Infoblox BloxOne Threat Defense is something complex. That needs to be simpler because it's difficult for someone without a high skill level to understand. The interface is fine, but when the policy is created inside, it is very complex. It's too expensive compared to other solutions like Cisco Umbrella and Palo Alto Networks.

I feel it's not a complete SaaS platform with Infoblox BloxOne Threat Defense. The threat defense is outstanding at the DNS security side, but it's not a complete SaaS platform.

Regarding Infoblox BloxOne Threat Defense's AI capabilities, governance, and security, I think DDI integration is excellent, but I don't see anything related to the governance side, maybe the user attribution or other governance features.

I'm using Infoblox BloxOne Threat Defense for the last four years.

Infoblox BloxOne Threat Defense is stable.

Regarding scalability, I think Infoblox BloxOne Threat Defense's scalability is excellent.

Customer support for Infoblox BloxOne Threat Defense is also excellent. Whenever we raise a ticket or we need to engage with support, the SLA is also good.

I used Cisco Umbrella previously, but that was in my past organization. Here, the organization-level business sense led them to move with Infoblox BloxOne Threat Defense.

Regarding a return on investment, I think we invested in DNS-centric security coverage with Infoblox BloxOne Threat Defense. So, we get good results in the DNS visibility side, DNS analytics side, and DNS attack detection side, along with threat intelligence. It's a good return on money.

Regarding pricing, setup cost, and licensing, Infoblox BloxOne Threat Defense is costly compared to other tools such as Cisco Umbrella and Palo Alto DNS security and DNS filter.

Before choosing Infoblox BloxOne Threat Defense, we evaluated other options including Umbrella, Cisco Umbrella, Palo Alto DNS, and DNS filter.

In day-to-day operations, generally, our SOC team uses Infoblox BloxOne Threat Defense. In the morning, they review the dashboard. One engineer can see how the blocked DNS requests are handled by this particular product and how the most targeted users can be viewed in the dashboard. Suspicious domains' activities can also be tracked, and threat categories can be seen in the dashboard, along with the geographic distribution of threats that can be utilized in the morning dashboard if they want to review. Then they can start the incident investigations by asking whether malware executed. This product itself tells who tried to communicate with malicious infrastructure. So, it can be utilized for threat hunting, and security teams can directly search the historical DNS requests to identify infected devices. They can trace the command and control traffic better.

Infoblox BloxOne Threat Defense provides the best dashboard review. Analysts can see everything in the dashboard visualized in an effective way, such as blocked DNS requests, the most targeted users, suspicious domains list, and threat categories. The report part, the executive report summary, is also fantastic.

My advice for others looking into using Infoblox BloxOne Threat Defense is that if your comparison is specific for DNS threat intelligence, then I think you have a good choice. You can go with Infoblox BloxOne. Ease of deployment and integration are also good. While the cost is high, you get the other features with that, so I think it's good. I would rate this product a seven out of ten.

I have not integrated Infoblox BloxOne Threat Defense with other security tools, but recently, I believe I have integrated it with a SIEM solution.

I find all the features of Infoblox BloxOne Threat Defense, including asset discovery as well as DNS security, most valuable. Most importantly, they are introducing universal DDI and NIOSx. These are all very beneficial for organizations looking for DDI solutions.

The real-time analytics feature of Infoblox BloxOne Threat Defense is a good one as well.

The threat intelligence feature, specifically predictive threat intelligence, is one of the core selling features of Infoblox BloxOne Threat Defense. The automated policy enforcement in minimizing human error is quite easy as well. However, I would like to mention that if you block those lists which are whitelisted in your organization by mistake, then nobody is going to access that because it is working on the DNS layer.

I believe that blacklisting in Infoblox BloxOne Threat Defense cannot be simplified. From the perspective of what I can modify, there is nothing and no improvement needs to be required. You need to be cautious when you are deploying the policy. Otherwise, it is quite easy to deploy. With just a single click, you can deploy it, and with just a single click you can set whether you are allowing the traffic or blocking it.

I have been dealing with Infoblox BloxOne Threat Defense for more than a year.

I rate my experience with their technical support above ten. They are really good at it.

Integrating Infoblox BloxOne Threat Defense was quite easy. You just need to deploy a single VM and you need to start a service on it and then you are good to go.

I find the pricing of Infoblox BloxOne Threat Defense reasonable. They have recently changed the pricing model and shifted to a token-based system. I believe that this is a more modern method being utilized by all the security vendors nowadays.

I believe that there is no improvement needed for Infoblox BloxOne Threat Defense. I believe that it is a really up-to-date product. Regarding additional features in the future to make Infoblox BloxOne Threat Defense even better, we contact Infoblox regarding different features. Looking at their labs feature, they are introducing those features as well. You can now discover new assets regarding Oracle as well. You can integrate your vulnerability assessment tools with it. There are a lot of things that are coming up in Infoblox, so I believe there is nothing that I would add at this moment. I rate this product 9.5 out of 10.

I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense for the government, but I'm not sure if I can provide much information about that because it's secret-related.

What is valuable about the Infoblox BloxOne Threat Defense is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM is very valuable for getting DNS query analytics, and this is very important.

The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.

Many things can be improved with the Infoblox BloxOne Threat Defense. I don't have specific improvements in mind, but there are many tools that can be enhanced.

I can give you an example: having too many restrictions in a platform is not a good thing for the developers.

I have had 4 years of experience with the Infoblox BloxOne Threat Defense.

I would rate their customer service or technical support as not always good. You can be fortunate if you meet someone knowledgeable because most people try and get you to a certain point. It depends on your level of technical expertise. From my perspective, I would say it's not good. From my experience, it seems to vary, and it's less relevant from an objective perspective.

Positive

The main differences between BlueCat and Infoblox BloxOne depend on your licensing, and there are various aspects to consider.

I think the pricing for the Infoblox BloxOne Threat Defense is very expensive. I believe the competitor, BlueCat, offers better prices.

I know that the Infoblox BloxOne Threat Defense supposedly has AI integrated according to suppliers, but personally, I don't use any AI tool to work with it. That being said, it's a black box, and it's not a Linux machine that you can add features to at will.

Overall, I would rate the Infoblox BloxOne Threat Defense as 8.5 out of 10.

Positive

We use the solution for DNS security.

The solution provides insights into what’s happening on the network. It enriches the information internally.

The most valuable feature is policy redirecting and security reports. It detects threats and blocks them. Also, it offers DNS handling and data extraction. It provides a centralized view of connected users and incoming data sources. It is integrated via the API to different monitoring systems that send out alerts. We haven't had any false positives due to this solution.

The product could be cheaper.

I have been using Infoblox BloxOne Threat Defense as a consultant. We are using the latest version of the solution.

The product is very stable.

I rate the solution’s stability a ten out of ten.

We have no issues with the scalability. 10-15 users are using this solution. It is suitable for medium and enterprise users.

I rate the solution’s scalability a ten out of ten.

Technical support is very good.

Positive

Cisco Umbrella is more flexible and a very good competitor.

The initial setup is very straightforward. It is a SaaS solution designed for cloud security. The on-premises part is easily implemented. It facilitates a complete migration for comprehensive use cases. It takes about a month to get everything migrated, with fine-tuning and thorough testing.

Deployment involves planning, testing scenarios, defining acceptance policies, and then gradually migrating small network parts to utilize them effectively.

I rate the initial setup a nine out of ten, where one is difficult and ten is easy.

The product is expensive depending on all features.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

I recommend the solution for extra insights and protection.

Overall, I rate the solution a nine out of ten.

BloxOne is the first layer of the onion. The first layer is DNS, which is the easiest place to block something. That's what the CSP does. We have a couple of block lists with domains to screen out. The simplest way to stop a TLS tunnel from your organization is to prevent them from resolving the IP address. If they honestly try to make a TLS connection to an IP address, it's going to get bucked straight away. It's a cloud service. We don't have an agent. Our on-prem DNS servers reach out to the CSP.

Because we have an onion-layer approach, it's obvious when somebody is resolving something that we don't want them to resolve. BloxOne filters out the noise, and we have more filters down the line on the other side. It does its job.

They were offering all these fancy features, and I just wanted the single sign-on. I don't need role-based access control because I have five guys logging into it, not 500. I have fewer requirements, but I only wanted to use passwords. That integration was good, though. 

I can't say it decreased the amount of work we do. It almost increased demand because it's so good at blocking. For example, it might accidentally block a content delivery network. The CDN might be the third or fourth resolved domain. It will resolve a few tests before it finally gets to cdn.com. You might have blocked cdn.com, but it's hard to attribute it to the first resolved domain. It isn't easy to attribute it all the way along. It's doing its job, but it's just a little more difficult to attribute when something doesn't work.

You need to be kind of careful. It's very powerful, but it's almost too powerful because you can shoot yourself in the foot. That's good and bad. It's blocking everything on the whole network. You can't get around it. 

If someone told me they didn't need DNS protection, I would say they don't understand security architecture very well. There's a reason why we set it up as a layered system rather than having one system controlling everything. If that system fails, it's going to be spectacular. The proxy will do a certain amount of filtering, and the DNS will do some. The end-point will do some filtering or popping, and all those layers combine to provide an in-depth defense. You're doomed to fail if you do everything all in one place.

The most valuable feature is the blocklisting. It's good at what I like to describe as the "silly side cases." We have this annoying security architecture that says we must do this, that, and the other, so we try to make it easier on ourselves. 

We install the agent somewhere and implement a policy that says you can't resolve anything unless I put it on an allow list. It's flipped instead of the average user experience that lets you go anywhere except for what's on the blocklist. When you have these silly side cases that only affect a couple of users, you can make a policy specifically for those users and then flip it. You block everything except for specific factors. That's powerful and a good use case for flexibility.

I was a happy customer until last week. Last week, I tried to go to Google, and it didn't work. It didn't resolve. Eventually, we discovered it was a server issue where BloxOne wouldn't fix anything Google-related. You couldn't access Google, YouTube, or anything like that.

We hacked it so that it worked,  but we had more issues the next day. Whatever they've done in the last week is an absolute mess, which has harmed our trust in the product. Before that, I never had a single problem. Unfortunately, they dented my trust in it by breaking something in the Frankfurt Data Center. I don't know how they managed to do such a lousy job. 

I have been using BloxOne for three or four years.

BloxOne works 99 percent of the time, but 1 percent can be a significant problem. The solution is in such a privileged position within our security architecture that it will be an issue when it fails, however rarely.

I'd rate Infoblox support five out of 10 because I can't remember my support experience well. It was good that they fixed the problem with the upgrade. I haven't had to interact with the support that much, which is a good thing.

Neutral

We previously had Windows DNS. It wasn't robust enough. I don't know the specifics of why it wasn't that good, but I know it didn't work for us.

The setup was horrible. About a year ago, Infoblox made us re-enroll all our on-prem DNS servers by a set date to a specific version, or it would stop working. I told my colleague, "Oh, here, we have to upgrade the servers and reconnect them to the CSP." That did not go well at all. 

That went so horribly wrong that we had to have three sessions with Infoblox support and start again. The overall upgrade experience was awful. That problem took us about a week or two to fix.

We have a consultant to work on implementations, but I don't think he was involved in the upgrade because Infoblox told us that the upgrade needs to be done in-house. 

My parent company and its subsidiaries were already on Infoblox, so we're an Infoblox family now.

I rate BloxOne four out of 10. We have problems with the agents, and they randomly blocked me from Google and Frankfurt. There's also the upgrade problem.

My advice is to be careful. I tried to install the agent remotely on my laptop about a year and a half ago. It didn't play well with our other products on our company laptops, and it almost broke my computer. I would've bricked my laptop and had to come into the office. I also tried to implement BloxOne on the MDM mobiles. That was horrendous. They're planning to touch the agent again and see if it'll have another go at it.

Half the reason could be Apple's forcing them in one direction or the other, but it's pathetic. I gave up. I tried to do a whole task with the MDM phones and use Infoblox as the first layer, but it absolutely would not work to save its life.

From an Infoblox perspective, it's interesting because it is pretty much about dedicated security-focused customers who are looking for advanced technology. It wouldn't be suitable for a customer who hasn't addressed their web security or firewall needs. 

So it's mainly targeted toward larger enterprise customers, and there are only a handful of the customers who are for Infoblox in New Zealand.

Picking the most valuable feature is like asking what your favorite color is. It depends on what problem you're trying to solve for a customer. If a customer has a specific requirement regarding DNS security, then they would consider Infoblox BloxOne Threat Defense. If they are looking for a data lake, they might explore other options. It really depends on the exact needs of the customer. It's all dependent on the customer's requirements and the specific use case.

You wouldn't sell it to a customer who only has five to ten users. It's meant for customers with a large IP base and a strong cybersecurity posture. Infoblox BloxOne Threat Defense furthers the existing security posture rather than replacing or trying to replace any existing products. It supplements what you already have. You can't supplement something that you don't have in the first place. It's going to integrate with your existing systems, such as your security tools, data sources, and firewalls.

From a technical perspective, it's a good product. It performs its intended functions well. 

However, from a channel perspective, it would be beneficial to have a scaled-down version for partners or customers who may not have the enterprise-level scale but still want to enjoy the benefits of the solution.

I have been working with it hands-on since about September last year. I use the latest version.

From what I understand, it is fairly stable. I haven't heard any complaints about it.

From a scalability perspective, it scales high, so I would rate it a ten. However, it doesn't scale down well; that's a problem. I work with businesses of all sizes, depending on their needs.

The initial setup is not a simple "click-click-next" installation. It requires some level of experience and technical know-how. So the installation process is quite challenging. 

The time taken to install the solution could be days because it is a project-based installation. So it's not like a firewall where you can simply set it up and start monitoring. It would involve several days or even professional services consulting, depending on the specific requirements of the customer.

From my perspective, I have two engineers dedicated to the implementation process. But the number of engineers required can vary. It depends on the complexity and size of the project. It could take longer if you have a larger team working on it.

When it comes to maintenance, from an advanced enterprise perspective, you would typically have an entire team dedicated to your security posture. So you would have a team behind the maintenance of the solution.

It's a pricey solution because it's for the advanced kind of customer. It's not gonna be cheap. I would rate the pricing a seven out of ten, where one is cheap and ten is expensive. The pricing model is on an annual basis. There are additional costs for support.

I would advise understanding what problem you are trying to solve. That's the key. Overall, I would rate it an eight out of ten. 

It looks at all our DNS queries and activity going out of the company. Anytime that someone is looking up CNN or something like that, this cloud solution looks at it and decides if it's a known spam, malware, virus, or phishing site. If it is any of those things, it will just simply not allow the DNS query. So, it is a great addition to our firewall and network security. It is just another layer. 

Why let the PC go to the bad website or access the bad IP address when it can just block it right there in the DNS? That is basically what it is doing. What makes it fancy is its updates and live algorithm. It can continually stop all our DNS queries that we don't want.

We do everything in the cloud. We send all our information to their cloud solution, then it does all our filtering and protection.

We had an employee get a phone call on her cell phone that said, "Your computer has been hacked. You need to go to this website, log in, put in your credentials and your credit card information." Unfortunately, the employee did that, thus breaching our environment by going to this website and putting in her credentials. We immediately powered off her machine, but before we could get a stop to it, it had reached out and emailed several hundred users. 

We sent out a mass communication, saying, "Do not click on this email. Don't do it."  Unfortunately, due to the timeline, people will click on it and make another decision. Approximately 37 people clicked on it and put in their credentials. Finally, the security team was able to diagnose and block it in the firewall. It didn't matter then who clicked on it, the firewall had finally shut the site down. 

If we had been able to do this on the DNS side, it would have been a lot more instantaneous, because it flags, "All these people are going to the site that they don't normally go to," which is a lot more of an AI type of deal. It would have figured it out. Plus we could have blocked it a lot faster. So, if we had it in there, we would have been able to plug the hole a little faster, if it even allowed it. If that site was a known site, it would have just blocked the DNS immediately. 

The solution is not the be all end all. It would never replace a firewall. It would never replace your network security. It is just another layer that is very good and current. DNS filtering is how it has helped us. When we log into our console, we can see how many thousands of addresses, entries, and requests have been blocked as well as that there is a lower level of spam, phishing, etc.

They offer a client, which is pretty neat, where we can go to our Threat Defense website and install this client on our mobile laptops. This client forwards all the DNS queries from those laptops to the DNS servers, no matter where somebody is the protection of their laptops is going with them.

Using the reporting, we can tell that we have gained an extra layer of protection. Just by looking at it, we can see what is being blocked before it even makes it to the firewall. It is definitely working.

The solution is “protocol-agnostic” when it comes to blocking at the DNS level. It doesn't care. This is important to us, in terms of our security environment.

They could work on the UI of their website and make their website more user-friendly.

I have been using the BloxOne Threat Defense product for a year, but I have had Infoblox for three or four years.

The stability is absolutely rock-solid.

Two people are required to maintain the solution: One role is network and the other is security.

It is cloud-based, so it can infinitely grow.

We have 18 hospitals and thousands of clinics. We are always growing. We plan to implement the solution in more locations going forward.

We use the technical support sometimes (not often). They are good.

Previously, we were just using Palo Alto Firewalls, but we weren't doing any DNS filtering. scanning, or protection with it.

We got BloxOne Threat Defense because we really wanted the layer that Infoblox offered and integrated. We were already using Infoblox DNS, so adding Infoblox DNS Security was simple.

The initial setup was fairly straightforward. It took us a day to deploy because we have 18 hospitals, each with their own setup. Each setup probably took around 30 to 45 minutes.

The deployment was done in-house with Infobox.

We have seen ROI based on speed, management, and protection.

The solution has absolutely reduced the amount of effort involved for our SecOps teams when investigating events. It has definitely given us another tool and helped. It is another layer that we are able to see, so I'm sure it saves time and money.

It has definitely made us more aware of our environment. We have a much better response time on threats.

If you only wanted the DNS filtering and none of the other products built into Threat Defense, it would be nicer if they could do that a la carte since we are not really using a lot of the solution.

We wanted to go with BloxOne Threat Defense because it was a simple integration. Instead of an installation, it was just something that we turned on.

At this point, we haven't really utilized the integrations with security systems, such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. We don't use a lot of the vulnerability scanners because we have in-house products for that, like Carbon Black.

We love BloxOne Threat Defense.

Working with your in-house firewall can be challenging. You need to make sure you have all your ports and rules open. So, you need to be fully prepared for that.

If someone says that they don't need a DNS-specific security solution, then they would need to have something equivalent to it, and it would have to be just as good. Saying you don't need it is absolutely untrue. DNS filtering is a no-brainer. If you don't have DNS protection, you are allowing anybody to look up whatever they want, hoping the firewall will get it.

I would rate this product as a solid nine out of 10.

We were already an Infoblox customer for IP address management, DNS, and DHCP and we decided to beef up our security in another avenue as far as the company and its network. So this is one area we got into with Infoblox because of their DNS security. I previously worked for another company in Boston that was an Infoblox customer, and on DNS security originally you had to set up a connection with Infoblox. The threat feeds that analyze the traffic, the customer had to receive those feeds. This is some years back when they first got into this.

So now, with Pegasystems we're doing the same thing, however, Infoblox is doing this in the cloud, which is infinitely better for a customer like us, meaning that they take in all the threat information and analyze our traffic. All we have to do is set up normal connections to the internet. It's like talking to another website. There's firewall security involved, but that's the most important thing for analyzing Infoblox, the fact that they provide this service out on the internet, in the cloud, is huge for us because they have the ability to synthesize a number of different sources for DNS security, put it in their secret sauce in their portal, and all we have to do is communicate with it and then they inspect our traffic. That is the most important thing for us as a customer. 

I realize that other companies do that as well, but because Infoblox is an important part of our network infrastructure it makes a lot of sense to do our DNS security with Infoblox. We're also a Palo Alto Firewall customer, and we have traffic that goes out to the internet. All of our traffic going out to the internet gets inspected by Palo Alto firewalls. They have a similar service, but we chose to partner with Infoblox because they're already in the DNS arena and have been for a number of years.

Our ability to detect data exfiltration was minimal before Infoblox and the cloud portal was instituted for us. In terms of DNS security as a whole, we had some capability with our firewalls, but this is a lot more specialized because we're sending all of our DNS requests to Infoblox. I'd say we improved 100%.

The actual communications that go on between our DNS appliances and the threat engines in the cloud, that traffic get logged by Infoblox, so that information is available in the cloud, and we also export logs to, we have a Splunk system. So in terms of data exfiltration, Infoblox does a good job of identifying any threats in that arena. Now, if something like that comes up and gets logged, it gets flagged by our Splunk system. I work in the network operations team, we have a security knock. If some kind of alert in that realm was logged, they would be alerted, meaning our security folks. Then if we need to take action on someone's machine or a server then it gets triggered from our security, security operations. I would rate the identification of data exfiltration with a high mark.

Our primary interoperability is with Splunk. The log feed into Splunk got set up right after we signed up for the portal. They go hand in hand. It's because our security team uses Splunk to analyze data. This means they get information from the portal, and they also get information from our individual appliances in the various offices as well.

BloxOne Threat Defense reduced the amount of effort involved in our SecOps teams when investigating events.

Our security staff has been added to significantly in the last few years. I started with Pega in 2017 when there were only a handful of security people, but we were a 5,000 employee company. I think we're probably around 6,000 now.  It wasn't just tools, they didn't have enough people to manage the security posture the way they are now. They basically created a whole new department. This platform is just one of many things that they receive data from.

Our monitoring and detection capability was minimal before we got into BloxOne. Now it's an improvement.

There's reporting and monitoring in the portal itself, and what customers can view. Additionally there are add-on programs specifically for Infoblox programs that go with Splunk. There are several tools available that add extra visibility.

Some of the tools that are involved with Splunk, Infoblox can be consulted on to help identify specific pieces of data that our security team is looking for. That's a plus because in this arena there's a lot of data that gets produced and making sense of it is the whole ballgame. Even though Splunk is not an Infoblox product, it's Splunk, but when our security folks receive data from Infoblox and they're not sure exactly how to massage it, there are content folks at Infoblox who help sort through stuff like that. The way that works is that we set up a call or a Webex/Zoom and just hash out with our security team exactly what they're trying to do.

If we had to take a look at where we are right now, Palo Alto is trying to get more business with us and at some point, we will probably take a look at what they offer in this space, which is just to get educated on the marketplace. The fact that we're a Palo Alto customer, we look to them to add value as well. I'm not saying we're changing anything right now, I'm just saying in our company because we're a big Palo Alto customer, we'll be looking at things they're going to be doing in the future as well.

We're using BloxOne strictly on the cloud version, but there are threat defense options that can be done with our onsite appliances into what Infoblox calls "the Grid". The Grid is just the collection of appliances that we have in the various offices, and there's a central management tool called the Grid Master where you can set up additional threat defense options, meaning you can inspect traffic even before it leaves the network. That's something we're going to be looking at as well. We're not doing it, but we're going to be looking at it.

Our initial activation in this arena, because it was so straightforward to just forward traffic right to the portal, which can be done in just a few minutes and actually have it inspect traffic in the first hour. It's not that we've precluded the onsite, but it's just something that we're looking at as a follow-up. We don't feel that we're at a major detriment, but it could improve some of the things we're doing if we do it onsite even before it gets to the cloud. Before they had the cloud portal you had to take in the threat feeds that they use or are available on the internet, and feed them into your own network, which makes it a lot more complicated.

That's still available. People will still do that, but we choose to use Infoblox and let them synthesize the threat feeds that they have access to.

This is not just Infoblox, this could be any portal provider, cloud provider, sometimes they change the look of the customer-facing options and it's not completely clear why they make the change.

It's not just cosmetic. I'll find things that they've moved around after they've done an upgrade. That's a valid criticism of any portal app because they don't poll every user to ask how you want to see the menu options. Everybody gets the same thing.

I have been using Infoblox since 2019.

I would rate their technical support an eight out of ten. 

Positive

The initial setup was straightforward. The options for the appliances were clearly documented. The onsite logging is actually a virtual host in our network. The setup for that was pretty straightforward as well. There was good documentation.

It took basically one day to start communicating with the portal and verify that all the appliances were actually, in fact, sending data to the portal and their traffic was being inspected. It didn't take a whole day to set that up, most of the time was just, it was a few hours of setup and several hours of monitoring, just learning what to look for. But it was pretty straightforward.

Our on-sight Infoblox DNS DHCP appliances, which there are about 30 of them around the world, there's one screen of information where you put in the Infoblox cloud IP address, answer a few questions, then that triggers DNS forwarding to the Infoblox cloud portal. So when we send our DNS traffic out to the internet it goes to Infoblox first in order to get inspected. If for some reason a particular office or a particular appliance is unable to communicate with Infoblox at a particular time at that cloud IP, they're still able to forward DNS traffic directly to the internet as a backup. That can happen for normal communication disruption. It doesn't happen a lot, but at least our DNS queries don't stop completely if there's an interruption somewhere out on the internet. Which, again, doesn't happen often, but it's good to have available.

We do some configuration on our Infoblox appliances. On the user side of the portal, there are options for reporting and monitoring that get set up by the customer, but Infoblox sets up sessions with us whenever we ask. Initially, when we became a portal customer we received training from Infoblox, and if we want a refresher or we have somebody new who we want to go through the training they'll assist. What they usually do is have the local Infoblox team in Boston assist with that kind of training as well. 

It's not protocol agnostic. It's specifically analyzing DNS traffic. Now, if there's data inside the DNS traffic that is being used for non-DNS purposes, that's different. They are not analyzing other protocols, they are just analyzing DNS. So we use other tools to analyze other protocols, primarily firewalls.

I would rate Infoblox an eight out of ten.