Infoblox Threat Defense

We have deployed Infoblox BloxOne Threat Defense for a customer. We started as an integrator and reseller of Infoblox BloxOne Threat Defense.

Our use case involved multiple subnets. We had a scenario where the customer required a setup where end users connected to the local internet would have a separate policy restricting access to certain sites. If users connected to their home internet or other external networks, they still needed restrictions on which sites they could access. They wanted to protect end users from accessing any malicious websites.

The second requirement was to manage policies for an educational institution with multiple departments. Each department had students, staff, and faculty. We used IPAM for segmenting the subnets based on user categorization. After implementing the subnet segmentation, we also implemented DNS security and DNS-based caching for certain websites. We integrated our own blacklist and threat feed with the solution. We implemented all of these use cases and they functioned effectively.

Infoblox BloxOne Threat Defense saves time and reduces workforce dependencies. This impacts our ROI by allowing us to minimize the number of employees and their work hours using this solution. Additionally, instead of having a separate DHCP server, a separate DNS server, Windows OS, and separate infrastructure with maintenance costs, those costs are covered within this solution itself.

Infoblox BloxOne Threat Defense includes IPAM capabilities and provides DDI, DNS, and DHCP services within the solution. This offering is unique when compared with other DNS filtering-based security solutions.

The key advantage is that many web proxy solutions are available in the market such as Forcepoint, Trend Micro, Barracuda, and Skyhigh. However, the significant difference is that web proxy solutions only perform filtering when a request from an end user hits that particular server and when it is returning back to the end user. With those solutions, the request has already been sent to the malicious server, and the malicious server is able to identify our IP address or our NATed IP. This leads to blacklisting of IPs and marking our IP as spam by other labs. By using Infoblox BloxOne Threat Defense as a DNS filtering solution, we have addressed those challenges because this solution blocks the request before it goes to the server itself, addressing the challenges of proxy solutions at the DNS level.

Real-time analytics help identify network anomalies. Infoblox BloxOne Threat Defense provides an analytical solution called Dossier within their console where we can analyze URLs. If we are going to whitelist a URL, we can enter the URL in the Dossier to see how that URL is categorized and whether the URL has a risky, medium risk, or low risk level. This allows us to analyze and obtain information before whitelisting a particular URL. The log view and reporting features have logs that are viewable using different filters such as hostname, username, and IP address.

Regarding threat intelligence, Infoblox BloxOne Threat Defense has their own threat intel, and using Dossier provides more visibility on URLs and what risks are associated with them. Infoblox BloxOne Threat Defense provides their own ratings for uncategorized URLs, and these ratings are updated on a routine basis.

We have completed integrations with Active Directory for user-based policies and with SIEM solutions. However, I see these integrations as common because many other solutions offer the same integrations.

Policy enforcement is based on priority. Whichever priority we assign is clear and easy to understand, and the policy we apply first would be applicable based on priority.

I would rate Infoblox BloxOne Threat Defense as helping with breach response around five or six on a scale of ten. The reason is that this is a DNS URL filtering solution that works on DNS-level traffic and is more proactive rather than reactive. Breach response involves what we do after a breach or what we discover after an incident. However, if we have some URL or IP address, we can search for those items in the DNS filtering to determine whether we have any requests sent through Infoblox BloxOne Threat Defense. Beyond that, I do not see many response actions or breach response actions involved with a DNS security solution.

The scheduled report feature for Infoblox BloxOne Threat Defense needs improvement. The scheduled reports are sent with a standardized template from Infoblox. It would be highly beneficial if we had customization options for the scheduled reports. This is a key feature that many enterprise customers would be seeking, especially when they need to present reports to management. The reports should include pie charts or bar graphs indicating what traffic is coming and going through the system. Those chart types and drill-down details are also essential for the IT team. We need more customized reports that can provide different reports for the management team and for the IT team. The current reports are available but are not as helpful as customers need. We are currently dedicating logs manually and doing this as a service for our customers, but this should be handled by Infoblox BloxOne Threat Defense.

Infoblox BloxOne Threat Defense is a bit expensive.

I have been dealing with the product for around two years.

Infoblox BloxOne Threat Defense is a very stable tool. We have not observed any glitches for either of our clients.

Infoblox BloxOne Threat Defense has flexible licensing options, making it feasible to scale.

I would rate customer service for Infoblox BloxOne Threat Defense around seven. They would benefit from improving their response time rate.

I have used other tools such as Appgate and Cisco Umbrella, which are competitors for Infoblox BloxOne Threat Defense. Infoblox BloxOne Threat Defense is actually good when compared to its alternatives in DNS URL filtering. In the past year, Infoblox BloxOne Threat Defense has been recognized as a leader in Gartner reports, though one competitor has been marked as a premier leader.

Infoblox BloxOne Threat Defense is not overly complicated to set up; it is average in difficulty. We need to perform some server installations and configuration setup. If you have experience with those solutions, it would be easy. For a newbie, it might be very difficult to understand.

Infoblox BloxOne Threat Defense saves time and reduces workforce dependencies. The ROI is based on these two factors. It helps reduce workforce dependency, which is one advantage. Additionally, if there is any malicious hit generated from the end-user side, the time taken to resolve it is significantly more advantageous when compared to other proxy solutions being used in today's organizations. The ROI can be calculated based on human efforts, as we can minimize the number of employees and their work hours using this solution. Furthermore, instead of having separate DHCP and DNS servers, separate Windows OS, and separate infrastructure with ongoing maintenance costs, those costs are covered within this solution itself.

Infoblox BloxOne Threat Defense is a bit expensive. They could make improvements to become a ten. The overall review rating for Infoblox BloxOne Threat Defense is eight point five.

My main use case for Infoblox BloxOne Threat Defense is for DNS security. I generally use this for threat defense, which mostly comes under DNS itself. So, it's DNS security and protective DNS platforms.

For DNS security issues like phishing-related issues, I use Infoblox BloxOne Threat Defense when some endpoints try to resolve the domain via DNS. Something suspicious reaches the endpoint with respect to DNS, so Infoblox BloxOne Threat Defense interrupts the process. For an endpoint, it tries to resolve the domains via DNS and it establishes the connections.

The use case is specific. Typically, the attack flow and troubleshooting are generally used with Infoblox BloxOne Threat Defense. So, suppose one user clicks on a phishing link. Then the endpoint tries to resolve the domain via DNS, and then DNS returns the IP, and then the connection is established. Security products attempt the detection, and Infoblox BloxOne Threat Defense interrupts the process on the endpoint itself, making it helpful for phishing, ransomware, C2 communication, and DNS tunneling.

The best features Infoblox BloxOne Threat Defense offers include the core strength being the DNS-centric security expertise. This is the main feature, which includes better DNS visibility, advanced DNS attack detection capability, and strong DNS policy controls.

Beyond that, threat intelligence is also one of the core strengths of Infoblox BloxOne Threat Defense. The platform focuses on malicious domains, host infrastructure, and DNS patterns, rather than waiting for endpoint detection. Furthermore, I think we can add the DNS exfiltration detection capability, along with hybrid cloud coverage as well.

Positively, Infoblox BloxOne Threat Defense impacts my organization. We already used Infoblox DDI, DNS, DHCP, and IPAM. Infoblox BloxOne Threat Defense becomes even more valuable because it provides a rich context around devices, DNS activity, and threat intelligence.

The policy in Infoblox BloxOne Threat Defense is something complex. That needs to be simpler because it's difficult for someone without a high skill level to understand. The interface is fine, but when the policy is created inside, it is very complex. It's too expensive compared to other solutions like Cisco Umbrella and Palo Alto Networks.

I feel it's not a complete SaaS platform with Infoblox BloxOne Threat Defense. The threat defense is outstanding at the DNS security side, but it's not a complete SaaS platform.

Regarding Infoblox BloxOne Threat Defense's AI capabilities, governance, and security, I think DDI integration is excellent, but I don't see anything related to the governance side, maybe the user attribution or other governance features.

I'm using Infoblox BloxOne Threat Defense for the last four years.

Infoblox BloxOne Threat Defense is stable.

Regarding scalability, I think Infoblox BloxOne Threat Defense's scalability is excellent.

Customer support for Infoblox BloxOne Threat Defense is also excellent. Whenever we raise a ticket or we need to engage with support, the SLA is also good.

I used Cisco Umbrella previously, but that was in my past organization. Here, the organization-level business sense led them to move with Infoblox BloxOne Threat Defense.

Regarding a return on investment, I think we invested in DNS-centric security coverage with Infoblox BloxOne Threat Defense. So, we get good results in the DNS visibility side, DNS analytics side, and DNS attack detection side, along with threat intelligence. It's a good return on money.

Regarding pricing, setup cost, and licensing, Infoblox BloxOne Threat Defense is costly compared to other tools such as Cisco Umbrella and Palo Alto DNS security and DNS filter.

Before choosing Infoblox BloxOne Threat Defense, we evaluated other options including Umbrella, Cisco Umbrella, Palo Alto DNS, and DNS filter.

In day-to-day operations, generally, our SOC team uses Infoblox BloxOne Threat Defense. In the morning, they review the dashboard. One engineer can see how the blocked DNS requests are handled by this particular product and how the most targeted users can be viewed in the dashboard. Suspicious domains' activities can also be tracked, and threat categories can be seen in the dashboard, along with the geographic distribution of threats that can be utilized in the morning dashboard if they want to review. Then they can start the incident investigations by asking whether malware executed. This product itself tells who tried to communicate with malicious infrastructure. So, it can be utilized for threat hunting, and security teams can directly search the historical DNS requests to identify infected devices. They can trace the command and control traffic better.

Infoblox BloxOne Threat Defense provides the best dashboard review. Analysts can see everything in the dashboard visualized in an effective way, such as blocked DNS requests, the most targeted users, suspicious domains list, and threat categories. The report part, the executive report summary, is also fantastic.

My advice for others looking into using Infoblox BloxOne Threat Defense is that if your comparison is specific for DNS threat intelligence, then I think you have a good choice. You can go with Infoblox BloxOne. Ease of deployment and integration are also good. While the cost is high, you get the other features with that, so I think it's good. I would rate this product a seven out of ten.

Our main use case for Infoblox BloxOne Threat Defense is blocking malicious domains over the internet for our customers.

A specific example of how we use Infoblox BloxOne Threat Defense to block malicious domains is that we have DNS firewall policies which inspect all DNS queries from end users in different locations, blocking any malicious DNS queries that match our DNS firewall policy to prevent users from reaching harmful sites.

We majorly interact with Infoblox BloxOne Threat Defense for on-prem users as well as roaming users using Infoblox agents.

Infoblox BloxOne Threat Defense has positively impacted our organization by effectively preventing any kind of DNS attack or zero-day attack that users are not aware of.

Since using Infoblox BloxOne Threat Defense, we have seen a significant number of malicious domains getting blocked, and we have sent this data to our security analysis team to check the trend of user behavior.

We have saved a lot of time by not digging into multiple tools for DNS threats because Infoblox BloxOne Threat Defense can log malicious queries on its own and send them to a security SIEM tool, which then triggers an incident, improving our timing on detecting malicious DNS queries in the environment.

Infoblox BloxOne Threat Defense offers a wide range of security feeds including malware, ransomware, domain generation algorithms, and many more types of feeds, along with security over category blocking of domains.

A unique feature in Infoblox BloxOne Threat Defense is the ability to identify look-alike domains, where we can input our own domains and public domains that may confuse users.

Security feeds such as malware, ransomware, and domain generation algorithms have helped our organization when an end user received a spam email containing a non-secure URL or a malicious domain, which was successfully blocked by Infoblox BloxOne Threat Defense, protecting our assets.

If I had to think of an area of improvement for Infoblox BloxOne Threat Defense, it would be for the support team to be more proactive, as normal questions could often be answered by a level one support team more effectively, given that they usually take a lot of time to respond to certain queries.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

I have been using Infoblox BloxOne Threat Defense for three years.

Infoblox BloxOne Threat Defense is a very stable solution.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Customer support is good, but sometimes there is a lack of clarity that the technical assistant team struggles to deliver, leading us to escalate cases for a more in-depth understanding of the tool.

We previously used the open DNS security features from Cloudflare, but it was not a paid subscription, so we could not maximize the benefits, which is why we switched to Infoblox BloxOne Threat Defense.

The licensing subscriptions come based on our usage, and we are using the BloxOne Threat Defense Advanced license to enable the best security standards for our enterprise, and the setup process was easy and smooth since it is subscription-based.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.

We did not evaluate any other options before choosing Infoblox BloxOne Threat Defense; it was our first and final product that we implemented.

Infoblox BloxOne Threat Defense is deployed in our organization in the public cloud.

Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.

Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.

I have not noticed any use case where Infoblox BloxOne Threat Defense needs improvement; it is a very robust tool with all the good features built in from the vendor.

My advice for others looking into using Infoblox BloxOne Threat Defense is that it is a powerful tool, and they should take a demo from the vendor to understand their own use cases; the overall implementation is easy and accurate, and once you have hands-on knowledge, day-to-day management on BloxOne Threat Defense becomes straightforward.

Overall, Infoblox BloxOne Threat Defense is a wonderful tool—one of the best we have used for DNS security, and if any enterprise needs such a solution, they should definitely consider this product to find value in the platform. I give this product a rating of 10 out of 10.

I have not integrated Infoblox BloxOne Threat Defense with other security tools, but recently, I believe I have integrated it with a SIEM solution.

I find all the features of Infoblox BloxOne Threat Defense, including asset discovery as well as DNS security, most valuable. Most importantly, they are introducing universal DDI and NIOSx. These are all very beneficial for organizations looking for DDI solutions.

The real-time analytics feature of Infoblox BloxOne Threat Defense is a good one as well.

The threat intelligence feature, specifically predictive threat intelligence, is one of the core selling features of Infoblox BloxOne Threat Defense. The automated policy enforcement in minimizing human error is quite easy as well. However, I would like to mention that if you block those lists which are whitelisted in your organization by mistake, then nobody is going to access that because it is working on the DNS layer.

I believe that blacklisting in Infoblox BloxOne Threat Defense cannot be simplified. From the perspective of what I can modify, there is nothing and no improvement needs to be required. You need to be cautious when you are deploying the policy. Otherwise, it is quite easy to deploy. With just a single click, you can deploy it, and with just a single click you can set whether you are allowing the traffic or blocking it.

I have been dealing with Infoblox BloxOne Threat Defense for more than a year.

I rate my experience with their technical support above ten. They are really good at it.

Integrating Infoblox BloxOne Threat Defense was quite easy. You just need to deploy a single VM and you need to start a service on it and then you are good to go.

I find the pricing of Infoblox BloxOne Threat Defense reasonable. They have recently changed the pricing model and shifted to a token-based system. I believe that this is a more modern method being utilized by all the security vendors nowadays.

I believe that there is no improvement needed for Infoblox BloxOne Threat Defense. I believe that it is a really up-to-date product. Regarding additional features in the future to make Infoblox BloxOne Threat Defense even better, we contact Infoblox regarding different features. Looking at their labs feature, they are introducing those features as well. You can now discover new assets regarding Oracle as well. You can integrate your vulnerability assessment tools with it. There are a lot of things that are coming up in Infoblox, so I believe there is nothing that I would add at this moment. I rate this product 9.5 out of 10.

I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense for the government, but I'm not sure if I can provide much information about that because it's secret-related.

What is valuable about the Infoblox BloxOne Threat Defense is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM is very valuable for getting DNS query analytics, and this is very important.

The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.

Many things can be improved with the Infoblox BloxOne Threat Defense. I don't have specific improvements in mind, but there are many tools that can be enhanced.

I can give you an example: having too many restrictions in a platform is not a good thing for the developers.

I have had 4 years of experience with the Infoblox BloxOne Threat Defense.

I would rate their customer service or technical support as not always good. You can be fortunate if you meet someone knowledgeable because most people try and get you to a certain point. It depends on your level of technical expertise. From my perspective, I would say it's not good. From my experience, it seems to vary, and it's less relevant from an objective perspective.

The main differences between BlueCat and Infoblox BloxOne depend on your licensing, and there are various aspects to consider.

I think the pricing for the Infoblox BloxOne Threat Defense is very expensive. I believe the competitor, BlueCat, offers better prices.

I know that the Infoblox BloxOne Threat Defense supposedly has AI integrated according to suppliers, but personally, I don't use any AI tool to work with it. That being said, it's a black box, and it's not a Linux machine that you can add features to at will.

Overall, I would rate the Infoblox BloxOne Threat Defense as 8.5 out of 10.