It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.

BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.

Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.

BloxOne has been excellent at helping to detect DNS threats, such as data exfiltration attempts. We're surprised at some of the things that it catches.

This product integrates with other security solutions, such as vulnerability scanners, and we're working to leverage those more fully. The integration gives us a single pane of glass, where it brings together all of the information into a single platform where we can view and evaluate it. This is important because it gives our InfoSec team a better handle of what's going on and where problems might be, and how to address them.

It seems to have reduced the effort required by our SecOps team because it gives them additional information that they didn't have access to before.

BloxOne has positively affected our monitoring and detection response processes because it gives us a clearer picture of what's happening in our environment and it simplifies forensics.

In general, we have benefitted from this product because it's allowed us to more rapidly identify and respond to potential issues that our other security tools haven't discovered, or discovered later. It has given us a better security posture than we would have, using only the other tools that we have.

It is a great solution. Infoblox provides all the needed algorithms. When queries come in and out of this solution, which come in and out of our company, they are able to look at every query and determine whether it is a good or bad actor. So, it can determine if we are being DDoS attacked or somebody is trying to infiltrate us by utilizing all kinds of different tunneling methods. Then, it gives you an idea of all the different threats around the country. The platform is aware of all those threats, so I don't have to try to manage every one of those threats as they come in. The system will automatically determine what to do with those threats when they come.

Infoblox has helped us improve in the way that we look at data as it comes in and out. We monitor and manage queries from every device that sits inside our company, e.g., every user, every laptop, and every query. When you type something into the web, Infoblox will scan or manage that. If it is going somewhere bad, then it will block them. From a metrics perspective, it gives us data, letting us go back and find those impacted or infected clients to either clean their devices or remove them from the network.

The solution provides insights into what’s happening on the network. It enriches the information internally.

We had an employee get a phone call on her cell phone that said, "Your computer has been hacked. You need to go to this website, log in, put in your credentials and your credit card information." Unfortunately, the employee did that, thus breaching our environment by going to this website and putting in her credentials. We immediately powered off her machine, but before we could get a stop to it, it had reached out and emailed several hundred users. 

We sent out a mass communication, saying, "Do not click on this email. Don't do it."  Unfortunately, due to the timeline, people will click on it and make another decision. Approximately 37 people clicked on it and put in their credentials. Finally, the security team was able to diagnose and block it in the firewall. It didn't matter then who clicked on it, the firewall had finally shut the site down. 

If we had been able to do this on the DNS side, it would have been a lot more instantaneous, because it flags, "All these people are going to the site that they don't normally go to," which is a lot more of an AI type of deal. It would have figured it out. Plus we could have blocked it a lot faster. So, if we had it in there, we would have been able to plug the hole a little faster, if it even allowed it. If that site was a known site, it would have just blocked the DNS immediately. 

The solution is not the be all end all. It would never replace a firewall. It would never replace your network security. It is just another layer that is very good and current. DNS filtering is how it has helped us. When we log into our console, we can see how many thousands of addresses, entries, and requests have been blocked as well as that there is a lower level of spam, phishing, etc.

I don't have any metrics, but we have had some instances where a domain was compromised, and BloxOne blocked the traffic before our firewall vendor did it on their side.

BloxOne’s security system integrations provide automatic sharing of network context data. It has improved some of the things a bit. We don't have everything turned up all the way, but for what we do have, it does give another data point. So, if two or more sources are saying that there is a problem, it helps identify that we definitely need to treat a destination as a problem.

BloxOne is protocol-agnostic when it comes to blocking at the DNS level. It is not a huge feature for us, but it is definitely a concern. We have a lot of different applications that we support for various reasons, and it is definitely important that all of them be considered. We have a pretty wide footprint of things we need to support.

We are currently in the phase of planning and integration with Azure Sentinel. We are also using a BloxOne Threat Defense client on each of our computers to actively block malicious websites.

BloxOne provides automatic sharing of network context data, which affects our speed of threat response and provides real-time threat intelligence. Our security operation team needs this to do their work. It makes us feel safer.

We have more visibility, granularity, and contextual information about threats.

Our ability to detect data exfiltration was minimal before Infoblox and the cloud portal was instituted for us. In terms of DNS security as a whole, we had some capability with our firewalls, but this is a lot more specialized because we're sending all of our DNS requests to Infoblox. I'd say we improved 100%.

The actual communications that go on between our DNS appliances and the threat engines in the cloud, that traffic get logged by Infoblox, so that information is available in the cloud, and we also export logs to, we have a Splunk system. So in terms of data exfiltration, Infoblox does a good job of identifying any threats in that arena. Now, if something like that comes up and gets logged, it gets flagged by our Splunk system. I work in the network operations team, we have a security knock. If some kind of alert in that realm was logged, they would be alerted, meaning our security folks. Then if we need to take action on someone's machine or a server then it gets triggered from our security, security operations. I would rate the identification of data exfiltration with a high mark.

Our primary interoperability is with Splunk. The log feed into Splunk got set up right after we signed up for the portal. They go hand in hand. It's because our security team uses Splunk to analyze data. This means they get information from the portal, and they also get information from our individual appliances in the various offices as well.

BloxOne Threat Defense reduced the amount of effort involved in our SecOps teams when investigating events.

Our security staff has been added to significantly in the last few years. I started with Pega in 2017 when there were only a handful of security people, but we were a 5,000 employee company. I think we're probably around 6,000 now.  It wasn't just tools, they didn't have enough people to manage the security posture the way they are now. They basically created a whole new department. This platform is just one of many things that they receive data from.

Our monitoring and detection capability was minimal before we got into BloxOne. Now it's an improvement.

Because we have an onion-layer approach, it's obvious when somebody is resolving something that we don't want them to resolve. BloxOne filters out the noise, and we have more filters down the line on the other side. It does its job.

They were offering all these fancy features, and I just wanted the single sign-on. I don't need role-based access control because I have five guys logging into it, not 500. I have fewer requirements, but I only wanted to use passwords. That integration was good, though. 

I can't say it decreased the amount of work we do. It almost increased demand because it's so good at blocking. For example, it might accidentally block a content delivery network. The CDN might be the third or fourth resolved domain. It will resolve a few tests before it finally gets to cdn.com. You might have blocked cdn.com, but it's hard to attribute it to the first resolved domain. It isn't easy to attribute it all the way along. It's doing its job, but it's just a little more difficult to attribute when something doesn't work.

You need to be kind of careful. It's very powerful, but it's almost too powerful because you can shoot yourself in the foot. That's good and bad. It's blocking everything on the whole network. You can't get around it. 

If someone told me they didn't need DNS protection, I would say they don't understand security architecture very well. There's a reason why we set it up as a layered system rather than having one system controlling everything. If that system fails, it's going to be spectacular. The proxy will do a certain amount of filtering, and the DNS will do some. The end-point will do some filtering or popping, and all those layers combine to provide an in-depth defense. You're doomed to fail if you do everything all in one place.

Infoblox DNS Firewall improved our organization by checking that all traffic came from a proper IP address.