Infoblox BloxOne Threat Defense Review

We have more visibility, granularity, and contextual information about threats

What is our primary use case?

We use it for DNS, DHCP, IPAM in general, and DNS Threat Defense.

I administrate the DDI feature set.

We use Azure and AWS as our cloud providers.

How has it helped my organization?

We are currently in the phase of planning and integration with Azure Sentinel. We are also using a BloxOne Threat Defense client on each of our computers to actively block malicious websites.

BloxOne provides automatic sharing of network context data, which affects our speed of threat response and provides real-time threat intelligence. Our security operation team needs this to do their work. It makes us feel safer.

We have more visibility, granularity, and contextual information about threats.

What is most valuable?

DNS and DHCP are essential. Threat Defense is a very good feature. We use all of them and are very satisfied.

BloxOne is very good at helping to detect DNS threats. We are using it on a daily basis. It has helped us identifying possible data exfiltration events already. We detected a possible data exfiltration attempt, which Infoblox BloxOne helped us to identify. We came to the conclusion that this is normal behavior. Now, we are actively blocking certain web pages with improper content, like porn sites. 

We are using Infoblox DDI for IPAM, DNS and DHCP stuff. There is a certain policy in place when it comes to DNS resolution. DDI affects our network and operations in a very positive way. With Threat Defense, we are controlling the DNS traffic. We can make sure that certain DNS domains are resolved only over our internal DNS service. Others are using public DNS servers. We are separating traffic on our VPN networks this way. It is not actually fine-graded, but we are starting to implement more detailed policies.

It is using just the DNS resolution. Regardless of which protocol is then used after the DNS resolution has occurred, the possible block of accessing that resource is already in place. So, it doesn't matter which protocol you are using afterwards.

What needs improvement?

The general administration webpage, i.e., their portal, needs improvement. In the past two years, it is much better than it used to be, but there are still some things that would need improvement when it comes to the design of the webpage or finding information. This  may also be due to the way that we are using the web portal. We have a very large network and the way we categorize is a little cumbersome to administer.

The DDI systems of BloxOne are black boxes to us, which implies that actually we don't see what is going on inside there. We would like to see a little bit more of what is going on inside that box, e.g., monitoring and general feedback of the box. We want to know, "What is the box actually doing right now?" This is part of the solution because it is SaaS. We need to learn that the actual DNS and DHCP server is not our system anymore, because it's actually maintained by a different company, namely Infoblox. So, we either need to rethink this or trust another company to do that stuff for us.

For how long have I used the solution?

I have been using it for two years now.

What do I think about the stability of the solution?

Now, BloxOne is very stable and good. Two years ago, it was a little flaky.

What do I think about the scalability of the solution?

The scalability is very good.

There are about 100 offices worldwide with about 10,000 people working with the solution. Whenever we need a new system, it is deployed within 30 minutes or so. 

How are customer service and technical support?

The technical support used to be better. When it comes to day-to-day work, they are very fast and reliable. Within the past two years, we discovered certain bugs in their products. The resolution of these bugs took a little too much time, especially if our production environment is down for a certain amount of time, then we are losing money. That is hard to convey to Infoblox support, e.g., we actually need the system up and running again within two or three hours. The awareness of these so-called production down incidents is not really easy to convey.

Which solution did I use previously and why did I switch?

BloxOne has enabled our monitoring, detection, and response processes. We didn't have such a solution previously. Before using Infoblox, we didn't know.

When it comes to the DDI side of things, we now can work more granularly. We have a more controlled way of doing DNS resolutions. Before, we used Microsoft DNS and Microsoft DHCP, and those Microsoft products don't have the features that Infoblox has.

The main benefit of the Microsoft built-in solutions is that they are free of charge because they are part of the operating system. The main con is they don't have the feature set that Infoblox has. 

Before Infoblox, we used to have a management solution called BlueCat, which worked well but didn't scale like Infoblox. They also didn't have the feature set available. 

BloxOne can detect threats that cannot be detected by the other security tools that we have evaluated. Previously, we didn't have this threat analysis at all.

How was the initial setup?

The DNS and DHCP are actually not that complicated. They make sense. On a scale between one and 10, it is a five in terms of complexity. Since using Infoblox, I came to the conclusion that there is more inside of DNS than simply resolving a name into an IP address and the other way around. These are things that I didn't know before.

The preparation took us two months or so. The actual implementation was done within two days. We deployed all the DNS and DHCP systems, together with the Threat Defense, in a parallel way. Then, within these two days, we switched over from the old infrastructure to the new infrastructure, and kept the old infrastructure as caching-only systems. We then switched one server after another over to the new systems.

What about the implementation team?

We deployed it with the help of a third-party consultant. We were very satisfied with their work. They had the knowledge to help us do a migration for a big-scale environment. While this was a third-party consultant, Infoblox was always reachable. Infoblox knew that we were doing this switch and support was informed. So, we could call Infoblox support and they immediately reacted. Everybody was fully available and aware of this major change for us.

What's my experience with pricing, setup cost, and licensing?

As far as I know, Infoblox BloxOne offers pretty good documentation. Check its documentation, then do a PoC. Infoblox is very good at providing PoCs. Take your time to learn the solution before going to production with it.

Which other solutions did I evaluate?

We investigated two systems beside Microsoft and BlueCat.

What other advice do I have?

Due to the changes in general technology, everybody is moving out of their on-premise environments to the cloud, which has completely different threats. Look at your spam folder in your mailbox. There are a lot of emails claiming to be from a trusted platform, when in fact, they are not. For example, all these phishing emails and domain names written with different letter letters, like the Cyrillic alphabet or Arabic letters. They look alphabetic, when in fact, they are completely different. All these things are caught by buying Infoblox.

Hopefully, they don't extract any data from our data streams. But to a certain degree, they need to take a look at the data that is actually transferred so they can find malicious content.

We are still in the adoption phase and simply don't have the time to dig or dive into all the possibilities this product gives us.

I would rate it as a nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

Which version of this solution are you currently using?

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Infoblox BloxOne Threat Defense reviews from users
...who work at a Comms Service Provider
...who compared it with BlueCat DNS Edge
Learn what your peers think about Infoblox BloxOne Threat Defense. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,057 professionals have used our research since 2012.
Add a Comment
ITCS user