DATA PROTECTION AND MALWARE MITIGATION SOLUTION DESIGN
3111 Coronado Drive, Santa Clara, California 95054, USA | 1.866.463.6256 (Toll-free, U.S. and Canada) | [email protected] | www.infoblox.com | © Infoblox Inc. All rights reserved. 1704
Authoritative IP and DNS/DHCP management as a single pane of glass and a “hub” for sharing actionable intelligence and data enrichment with the security ecosystem.
Advanced DHCP service that �ngerprints endpoints to provide context and lease history.
Infoblox Internal DNS (recursive and authoritative) with security capabilities based on reputation, signatures, and behavioral analysis. Can be deployed in public or private cloud infrastructure.
Recursive Infoblox DNS (for Internet name resolution) with security capabilities based on reputation, signatures, and behavioral analysis.
Infoblox provides consistent, high-quality threat intelligence information and feeds for consumption not only by Infoblox products, but by any components that form part of your security ecosystem. For Data Protection and Malware Mitigation, this will focus on reputation, signatures, and heuristics that disrupt the kill chain.
ActiveTrust® Cloud provides an advanced cloud-based DNS resolution service that incorporates threat intelligence, reputation, and behavioral analytics.
DNS Traf�c
Good DNS Traf�c
Bad Traf�c
Roaming Clients
X
6
1
2
InternetAuthoritative DNS
Cloud Infrastructuree.g. AWS/Azure
3Secure
Internal DNS
1
4
External Perimeter
InternalPerimeter
1
3
Secure Recursive/Caching DNS 4
4
Proxies andSecure Gateways
X3
Internal DNS(e.g., Microsoft)
SecureInternal DNS
DHCP
Authoritative IPAMDNS/DHCP Management
Single Pane of Glass
X
3
1
X
4
2
3
2
11
4
1
Network Infrastructure(Physical, Virtual, SDN)
Internal Clients
1
2
X
SIEM
VulnerabilityScanner
NAC
Active DirectoryAuthentication Events
EndpointSecurity
APT/MalwareDetection
Security Ecosystem
3
1
2
3
4
5
6
Threat Intelligence
Threat intelligence—implemented as RPZ feeds, DNS protection signature updates and threat analytics module updates
Cloud service used for threat intelligence
Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc.
Advanced threat data from ATP/Malware detection
2
3
4
1
Actionable Intelligence
Security events with context such as syslog messages and outbound API noti�cations
1
Data Enrichment
Authenticated user data (from NAC and AD)
DNS name of malicious client
DHCP �ngerprinting, MAC, etc.
Contextual network data (including DNS, DHCP, IP, L2/L3, and User Data) via APIs
2
3
4
1
X
Infoblox Solutions
Communication Flow
Network Discovery
Discovery of switches, routers
Discovery of attached endpoints
Discovery of virtual infrastructure
2
3
1
3
4
5
Threat Intelligence
Cloud-based Recursive/Caching (ActiveTrust® Cloud)
Firewall