Post on 11-Mar-2020
transcript
THREAT CONTAINMENT AND OPERATIONS SOLUTION DESIGN
3111 Coronado Drive, Santa Clara, California 95054, USA | 1.866.463.6256 (Toll-free, U.S. and Canada) | sales@infoblox.com | www.infoblox.com | © Infoblox Inc. All rights reserved. 1704
Infoblox provides consistent, high-quality threat intelligence information and feeds for consumption, not only by Infoblox products, but by any components that form part of your security ecosystem. This includes perimeter security such as NGFW and web proxies, as well as enrichment of your SIEM.
ActiveTrust® Cloud provides an advanced cloud-based DNS resolution service providing security capabilities based on threat intelligence, reputation, and behavioral analytics.
Infoblox DDI is our industry-leading, integrated, and centrally managed approach to delivering enterprise-grade DDI. It uses our patented Infoblox Grid™ technology to ensure high availability DNS, DHCP, and IPAM services throughout your distributed network. Infoblox DDI makes it easier for you to support your current and evolving needs, while achieving the highest standards for security, service uptime, and operational ef�ciencies.
DNS Traf�c
Good DNS Traf�c
Bad Traf�c Roaming Clients
X
1
Perimeter Security, F/W, IDS/IPS, etc.
4
Network Infrastructure(Switches, Routers, Firewalls, Load-balancers, etc.)
Internal Clients
1
2
X
SIEM
VulnerabilityScanner
NAC
EndpointSecurity
APT/MalwareDetection
Security Ecosystem
1
2
3
Threat Intelligence
Information on current cyber threat landscape
Cyber threat indicators, context and intelligence
Threat indicators from security partners
Cloud-based DNS Firewall and tunnelling detection enriches Infoblox Threat Intelligence by leveraging machine learning, big data, and behavioural analysis
Customer threat intelligence can be shared viathe platform for use within the organization,or to be shared with other chosen parties
Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc.
Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc. APIs allow automation of data feeds in multiple formats (CSV, JSON, CEF, etc.)
Security researchers use our platform to understand and prioritize security incidents. APIs allow automation of this process
2
3
4
5
6
7
8
1
Actionable Intelligence
Security events with context such as syslog messages and outbound API noti�cations
1
Data Enrichment
IP information in the security ecosystem can be enriched from the authoritative IPAM to provide data such as switch port and user information
1
X
Infoblox Solutions
Communication Flow
Network Discovery
Infoblox can discover the network infrastructure devices and associated interfaces
Endpoints attached to the network can be discovered, including their location on the network to enrich IPAM data
2
1
DNS, DHCP, and IPAM
3
1
Threat Intelligence Data Exchange
Partner Threat Intel
InfobloxThreat Intel
InfobloxResearch
PartnerResearch
Customer Generated Threat
Intelligence
Security and Research
Automation
2 3
5
8
6
7
6
1
1
5
DNS
Cloud-based Recursive/Caching(ActiveTrust® Cloud)
2
Firewall