Infoblox BloxOne Threat Defense Review

Improved the way that we look at data as it comes in and out

What is our primary use case?

Our primary use case is for all security-type query activities. So, if somebody is trying to hack or infiltrate us, that is why we use Threat Defense in the cloud. We use it to monitor queries coming in and out of our company.

How has it helped my organization?

It is a great solution. Infoblox provides all the needed algorithms. When queries come in and out of this solution, which come in and out of our company, they are able to look at every query and determine whether it is a good or bad actor. So, it can determine if we are being DDoS attacked or somebody is trying to infiltrate us by utilizing all kinds of different tunneling methods. Then, it gives you an idea of all the different threats around the country. The platform is aware of all those threats, so I don't have to try to manage every one of those threats as they come in. The system will automatically determine what to do with those threats when they come.

Infoblox has helped us improve in the way that we look at data as it comes in and out. We monitor and manage queries from every device that sits inside our company, e.g., every user, every laptop, and every query. When you type something into the web, Infoblox will scan or manage that. If it is going somewhere bad, then it will block them. From a metrics perspective, it gives us data, letting us go back and find those impacted or infected clients to either clean their devices or remove them from the network.

What is most valuable?

  • All the security features, as far as whitelists and blacklists.
  • All the DNS activity logging.

I have a listing of all the bad domains and different types of IP addresses that are bad. These are just kind of listed in a database so the system can detect as queries are coming in from different IPs and/or domains.

DNS only uses a couple of protocols, e.g., TCP and UDP ports. So, it has the capability to block protocols where needed. 

What needs improvement?

A lot of their documentation needs improvement. 

For how long have I used the solution?

I have been using Infoblox for 15 years, but I have been using the cloud version for about five years.

What do I think about the stability of the solution?

It has been very stable. The network has only gone down once in the time that we have been using it.

Our SecOps and support teams are able to monitor and manage any alerts in the cloud. So, if something goes down, then they are alerted. Administration is done by the data center engineers. This is just a handful of people, maybe 25 people at the most.

What do I think about the scalability of the solution?

Because it is cloud-based, it scales to what we need it for. I don't see any limitations on where we couldn't add more on-prem hosts into this environment. I believe that it can handle anything that we throw at it from a scalability perspective.

There are probably 25,000 users who go through the cloud. They could be anyone: engineers, project managers, and retail store servers as well as network devices. All these types of people and devices go through Threat Defense Cloud.

How are customer service and technical support?

We found the technical support through our Infoblox Support Portal. They are very good. They have been able to resolve almost every issue that we have had when we have had to call them.

We have worked through several bugs that needed to be remediated, but Infoblox does a great job of listening to us and then taking that back to the company to come up with ways to fix some of the things that we see as issues and/or bugs.

Which solution did I use previously and why did I switch?

Infoblox, as a whole, has been able to allow our SecOps teams to better manage data coming in and out of our network. Before, they had to do a lot of that work manually using several different systems to manage that traffic. Now, all traffic is sent to a logging system, then that logging system parses all that data and spits out things that may need attention.

How was the initial setup?

The initial setup is pretty easy and straightforward. All we had to do was just create a device name with an IP address and then allow the firewall to communicate between the cloud and our on-prem hosts, which was pretty straightforward. Then, Threat Defense Cloud does everything else for us.

Overall, it was a pretty big deployment. It took about 30 days. There were a lot of components, like firewall policy, that just can't be done tomorrow. We have 30-plus devices that connect from our on-prem host into the cloud. Going through all the iterations of getting approvals and the normal standard stuff probably took about 30 business days overall. 

What about the implementation team?

I actually did the integration.

Once we understood how the product worked, we relied on Infoblox to help us put together how we would implement this solution into our network.

What was our ROI?

Threat Defense has helped protect data from being stolen or lost. Since I have been managing this, there has not been any kind of outages where we have lost data because of threats from a DNS perspective. So, our return on investment has been very good because we have been protected.

The solution has reduced the amount of effort involved for our SecOps teams when investigating events. Obviously, there are other solutions, as a company, that we use, but Infoblox has probably helped clean up about 35% to 40% of the time that our SecOps team has to spend tracking down bad actors since the system will automatically take care of it for them.

What's my experience with pricing, setup cost, and licensing?

We negotiated a three-year subscription. I believe they only do yearly subscriptions.

When you buy the subscription, there are no additional costs to add any additional buttons.

Which other solutions did I evaluate?

We have not evaluated other solutions. We would end up having to go to another company and replace everything. We didn't see that as being feasible.

We have been using Infoblox, as a whole, for over 20 years. When they add new things to their portfolio, because we are already standardized in Infoblox, it is easier for us just to evaluate what they are offering versus trying to start over again. Most are add-on things that can be added to our existing Infoblox. 

What other advice do I have?

Build it out in your live environment, then just test every aspect of the product to make sure it fits your needs.

You need a DNS solution. I don't know anyone who would want to manage DNS-type activity, whether it is IPAM or DDI via a next-gen firewall. We don't use a lot of next-gen firewalls, so it is really hard for me to speak to whatever their capabilities are. I just know that throughout our company, as a whole, we use DNS everywhere possible. To say that a next-gen firewall could replace a DNS/DDI solution, I would say that I'm not aware that a next-gen firewall has that capability.

DNS uses standard protocols. As far as how it works, transmits, and receives, this is not super important to our SecOps teams because those protocols have to be used at all times in order for it to work.

We are using about 25% of the features within the product. We have five to seven different product add-ons of theirs. Some are good and some are bad, but we definitely were interested in their cloud environment to help scalability and control risks. That was one of the primary reasons for implementing it.

I would give it an eight out of 10.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?


Which version of this solution are you currently using?

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Infoblox BloxOne Threat Defense reviews from users
...who work at a Comms Service Provider
...who compared it with BlueCat DNS Edge
Learn what your peers think about Infoblox BloxOne Threat Defense. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,057 professionals have used our research since 2012.
Add a Comment
ITCS user