1
THREAT CONTAINMENT AND OPERATIONS SOLUTION DESIGN 3111 Coronado Drive, Santa Clara, California 95054, USA | 1.866.463.6256 (Toll-free, U.S. and Canada) | [email protected] | www.infoblox.com | © Infoblox Inc. All rights reserved. 1704 Infoblox provides consistent, high-quality threat intelligence information and feeds for consumption, not only by Infoblox products, but by any components that form part of your security ecosystem. This includes perimeter security such as NGFW and web proxies, as well as enrichment of your SIEM. ActiveTrust ® Cloud provides an advanced cloud-based DNS resolution service providing security capabilities based on threat intelligence, reputation, and behavioral analytics. Infoblox DDI is our industry-leading, integrated, and centrally managed approach to delivering enterprise-grade DDI. It uses our patented Infoblox Grid ™ technology to ensure high availability DNS, DHCP, and IPAM services throughout your distributed network. Infoblox DDI makes it easier for you to support your current and evolving needs, while achieving the highest standards for security, service uptime, and operational efficiencies. DNS Traffic Good DNS Traffic Bad Traffic Roaming Clients X 1 Perimeter Security, F/W, IDS/IPS, etc. 4 Network Infrastructure (Switches, Routers, Firewalls, Load-balancers, etc.) Internal Clients 1 2 X SIEM Vulnerability Scanner NAC Endpoint Security APT/Malware Detection Security Ecosystem 1 2 3 Threat Intelligence Information on current cyber threat landscape Cyber threat indicators, context and intelligence Threat indicators from security partners Cloud-based DNS Firewall and tunnelling detection enriches Infoblox Threat Intelligence by leveraging machine learning, big data, and behavioural analysis Customer threat intelligence can be shared via the platform for use within the organization, or to be shared with other chosen parties Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc. Threat data feeds for use across the security ecosystem, including SIEM, NGFW, proxies, etc. APIs allow automation of data feeds in multiple formats (CSV, JSON, CEF, etc.) Security researchers use our platform to understand and prioritize security incidents. APIs allow automation of this process 2 3 4 5 6 7 8 1 Actionable Intelligence Security events with context such as syslog messages and outbound API notifications 1 Data Enrichment IP information in the security ecosystem can be enriched from the authoritative IPAM to provide data such as switch port and user information 1 X Infoblox Solutions Communication Flow Network Discovery Infoblox can discover the network infrastructure devices and associated interfaces Endpoints attached to the network can be discovered, including their location on the network to enrich IPAM data 2 1 DNS, DHCP, and IPAM 3 1 Threat Intelligence Data Exchange Partner Threat Intel Infoblox Threat Intel Infoblox Research Partner Research Customer Generated Threat Intelligence Security and Research Automation 2 3 5 8 6 7 6 1 1 5 DNS Cloud-based Recursive/Caching (ActiveTrust ® Cloud) 2 Firewall
