Infoblox Threat Defense

My main use case for Infoblox BloxOne Threat Defense  is for DNS security. I generally use this for threat defense, which mostly comes under DNS itself. So, it's DNS security and protective DNS platforms.

For DNS security issues like phishing-related issues, I use Infoblox BloxOne Threat Defense  when some endpoints try to resolve the domain via DNS. Something suspicious reaches the endpoint with respect to DNS, so Infoblox BloxOne Threat Defense interrupts the process. For an endpoint, it tries to resolve the domains via DNS and it establishes the connections.

The use case is specific. Typically, the attack flow and troubleshooting are generally used with Infoblox BloxOne Threat Defense. So, suppose one user clicks on a phishing link. Then the endpoint tries to resolve the domain via DNS, and then DNS returns the IP, and then the connection is established. Security products attempt the detection, and Infoblox BloxOne Threat Defense interrupts the process on the endpoint itself, making it helpful for phishing, ransomware, C2 communication, and DNS tunneling.

The best features Infoblox BloxOne Threat Defense offers include the core strength being the DNS-centric security expertise. This is the main feature, which includes better DNS visibility, advanced DNS attack detection capability, and strong DNS policy controls.

Beyond that, threat intelligence is also one of the core strengths of Infoblox BloxOne Threat Defense. The platform focuses on malicious domains, host infrastructure, and DNS patterns, rather than waiting for endpoint detection. Furthermore, I think we can add the DNS exfiltration detection capability, along with hybrid cloud coverage as well.

Positively, Infoblox BloxOne Threat Defense impacts my organization. We already used Infoblox DDI , DNS, DHCP, and IPAM. Infoblox BloxOne Threat Defense becomes even more valuable because it provides a rich context around devices, DNS activity, and threat intelligence.

The policy in Infoblox BloxOne Threat Defense is something complex. That needs to be simpler because it's difficult for someone without a high skill level to understand. The interface is fine, but when the policy is created inside, it is very complex. It's too expensive compared to other solutions like Cisco Umbrella  and Palo Alto Networks.

I feel it's not a complete SaaS platform with Infoblox BloxOne Threat Defense. The threat defense is outstanding at the DNS security side, but it's not a complete SaaS platform.

Regarding Infoblox BloxOne Threat Defense's AI capabilities, governance, and security, I think DDI  integration is excellent, but I don't see anything related to the governance side, maybe the user attribution or other governance features.

I'm using Infoblox BloxOne Threat Defense for the last four years.

Infoblox BloxOne Threat Defense is stable.

Regarding scalability, I think Infoblox BloxOne Threat Defense's scalability is excellent.

Customer support for Infoblox BloxOne Threat Defense is also excellent. Whenever we raise a ticket or we need to engage with support, the SLA is also good.

I used Cisco Umbrella  previously, but that was in my past organization. Here , the organization-level business sense led them to move with Infoblox BloxOne Threat Defense.

Regarding a return on investment, I think we invested in DNS-centric security coverage with Infoblox BloxOne Threat Defense. So, we get good results in the DNS visibility side, DNS analytics side, and DNS attack detection side, along with threat intelligence. It's a good return on money.

Regarding pricing, setup cost, and licensing, Infoblox BloxOne Threat Defense is costly compared to other tools such as Cisco Umbrella and Palo Alto DNS security and DNS filter.

Before choosing Infoblox BloxOne Threat Defense, we evaluated other options including Umbrella , Cisco Umbrella, Palo Alto DNS, and DNS filter.

In day-to-day operations, generally, our SOC team uses Infoblox BloxOne Threat Defense. In the morning, they review the dashboard. One engineer can see how the blocked DNS requests are handled by this particular product and how the most targeted users can be viewed in the dashboard. Suspicious domains' activities can also be tracked, and threat categories can be seen in the dashboard, along with the geographic distribution of threats that can be utilized in the morning dashboard if they want to review. Then they can start the incident investigations by asking whether malware executed. This product itself tells who tried to communicate with malicious infrastructure. So, it can be utilized for threat hunting, and security teams can directly search the historical DNS requests to identify infected devices. They can trace the command and control traffic better.

Infoblox BloxOne Threat Defense provides the best dashboard review. Analysts can see everything in the dashboard visualized in an effective way, such as blocked DNS requests, the most targeted users, suspicious domains list, and threat categories. The report part, the executive report summary, is also fantastic.

My advice for others looking into using Infoblox BloxOne Threat Defense is that if your comparison is specific for DNS threat intelligence, then I think you have a good choice. You can go with Infoblox BloxOne. Ease  of deployment and integration are also good. While the cost is high, you get the other features with that, so I think it's good. I would rate this product a seven out of ten.

Our main use case for Infoblox BloxOne Threat Defense  is blocking malicious domains over the internet for our customers.

A specific example of how we use Infoblox BloxOne Threat Defense  to block malicious domains is that we have DNS firewall policies which inspect all DNS queries from end users in different locations, blocking any malicious DNS queries that match our DNS firewall policy to prevent users from reaching harmful sites.

We majorly interact with Infoblox BloxOne Threat Defense for on-prem users as well as roaming users using Infoblox agents.

Infoblox BloxOne Threat Defense has positively impacted our organization by effectively preventing any kind of DNS attack or zero-day attack that users are not aware of.

Since using Infoblox BloxOne Threat Defense, we have seen a significant number of malicious domains getting blocked, and we have sent this data to our security analysis team to check the trend of user behavior.

We have saved a lot of time by not digging into multiple tools for DNS threats because Infoblox BloxOne Threat Defense can log malicious queries on its own and send them to a security SIEM  tool, which then triggers an incident, improving our timing on detecting malicious DNS queries in the environment.

Infoblox BloxOne Threat Defense offers a wide range of security feeds including malware, ransomware, domain generation algorithms, and many more types of feeds, along with security over category blocking of domains.

A unique feature in Infoblox BloxOne Threat Defense is the ability to identify look-alike domains, where we can input our own domains and public domains that may confuse users.

Security feeds such as malware, ransomware, and domain generation algorithms have helped our organization when an end user received a spam email containing a non-secure URL or a malicious domain, which was successfully blocked by Infoblox BloxOne Threat Defense, protecting our assets.

If I had to think of an area of improvement for Infoblox BloxOne Threat Defense, it would be for the support team to be more proactive, as normal questions could often be answered by a level one support team more effectively, given that they usually take a lot of time to respond to certain queries.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

I have been using Infoblox BloxOne Threat Defense for three years.

Infoblox BloxOne Threat Defense is a very stable solution.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Customer support is good, but sometimes there is a lack of clarity that the technical assistant team struggles to deliver, leading us to escalate cases for a more in-depth understanding of the tool.

We previously used the open DNS security features from Cloudflare , but it was not a paid subscription, so we could not maximize the benefits, which is why we switched to Infoblox BloxOne Threat Defense.

The licensing subscriptions come based on our usage, and we are using the BloxOne Threat Defense Advanced license to enable the best security standards for our enterprise, and the setup process was easy and smooth since it is subscription-based.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI  and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

We did not evaluate any other options before choosing Infoblox BloxOne Threat Defense; it was our first and final product that we implemented.

Infoblox BloxOne Threat Defense is deployed in our organization in the public cloud.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI  and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

I have not noticed any use case where Infoblox BloxOne Threat Defense needs improvement; it is a very robust tool with all the good features built in from the vendor.

My advice for others looking into using Infoblox BloxOne Threat Defense is that it is a powerful tool, and they should take a demo from the vendor to understand their own use cases; the overall implementation is easy and accurate, and once you have hands-on knowledge, day-to-day management on BloxOne Threat Defense becomes straightforward.

Overall, Infoblox BloxOne Threat Defense is a wonderful tool—one of the best we have used for DNS security, and if any enterprise needs such a solution, they should definitely consider this product to find value in the platform. I give this product a rating of 10 out of 10.

I have not integrated Infoblox BloxOne Threat Defense  with other security tools, but recently, I believe I have integrated it with a SIEM  solution.

I find all the features of Infoblox BloxOne Threat Defense , including asset discovery as well as DNS security, most valuable. Most importantly, they are introducing universal DDI  and NIOSx. These are all very beneficial for organizations looking for DDI  solutions.

The real-time analytics feature of Infoblox BloxOne Threat Defense is a good one as well.

The threat intelligence feature, specifically predictive threat intelligence, is one of the core selling features of Infoblox BloxOne Threat Defense. The automated policy enforcement in minimizing human error is quite easy as well. However, I would like to mention that if you block those lists which are whitelisted in your organization by mistake, then nobody is going to access that because it is working on the DNS layer.

I believe that blacklisting in Infoblox BloxOne Threat Defense cannot be simplified. From the perspective of what I can modify, there is nothing and no improvement needs to be required. You need to be cautious when you are deploying the policy. Otherwise, it is quite easy to deploy. With just a single click, you can deploy it, and with just a single click you can set whether you are allowing the traffic or blocking it.

I have been dealing with Infoblox BloxOne Threat Defense for more than a year.

I rate my experience with their technical support above ten. They are really good at it.

Integrating Infoblox BloxOne Threat Defense was quite easy. You just need to deploy a single VM and you need to start a service on it and then you are good to go.

I find the pricing of Infoblox BloxOne Threat Defense reasonable. They have recently changed the pricing model and shifted to a token-based system. I believe that this is a more modern method being utilized by all the security vendors nowadays.

I believe that there is no improvement needed for Infoblox BloxOne Threat Defense. I believe that it is a really up-to-date product. Regarding additional features in the future to make Infoblox BloxOne Threat Defense even better, we contact Infoblox regarding different features. Looking at their labs feature, they are introducing those features as well. You can now discover new assets regarding Oracle as well. You can integrate your vulnerability assessment tools with it. There are a lot of things that are coming up in Infoblox, so I believe there is nothing that I would add at this moment. I rate this product 9.5 out of 10.

I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense  for the government, but I'm not sure if I can provide much information about that because it's secret-related.

What is valuable about the Infoblox BloxOne Threat Defense  is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM  is very valuable for getting DNS query analytics, and this is very important.

The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.

Many things can be improved with the Infoblox BloxOne Threat Defense. I don't have specific improvements in mind, but there are many tools that can be enhanced.

I can give you an example: having too many restrictions in a platform is not a good thing for the developers.

I have had 4 years of experience with the Infoblox BloxOne Threat Defense.

I would rate their customer service or technical support as not always good. You can be fortunate if you meet someone knowledgeable because most people try and get you to a certain point. It depends on your level of technical expertise. From my perspective, I would say it's not good. From my experience, it seems to vary, and it's less relevant from an objective perspective.

The main differences between BlueCat and Infoblox BloxOne depend on your licensing, and there are various aspects to consider.

I think the pricing for the Infoblox BloxOne Threat Defense is very expensive. I believe the competitor, BlueCat, offers better prices.

I know that the Infoblox BloxOne Threat Defense supposedly has AI integrated according to suppliers, but personally, I don't use any AI tool to work with it. That being said, it's a black box, and it's not a Linux machine that you can add features to at will.

Overall, I would rate the Infoblox BloxOne Threat Defense as 8.5 out of 10.