If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand.

Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production.

The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient.

I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.

This type of DNS-specific tool is an important part of a security solution that is not covered by other security tools, such as a next-generation firewall. If somebody suggested otherwise then I would tell them to test it out on some of the tools and do a head-to-head comparison.

My advice for anybody who is looking into implementing BloxOne is to do a comparison against some of the tools internally and see for yourself the value that it can provide. Then, work with Infoblox on the development and work with the security team on customizing and personalizing the rules so that you can allow the traffic that you need and block the traffic that you don't want. 

The biggest lesson that I have learned from using this product is that there is always room to improve your security posture.

I would rate this solution a nine out of ten.

Build it out in your live environment, then just test every aspect of the product to make sure it fits your needs.

You need a DNS solution. I don't know anyone who would want to manage DNS-type activity, whether it is IPAM or DDI via a next-gen firewall. We don't use a lot of next-gen firewalls, so it is really hard for me to speak to whatever their capabilities are. I just know that throughout our company, as a whole, we use DNS everywhere possible. To say that a next-gen firewall could replace a DNS/DDI solution, I would say that I'm not aware that a next-gen firewall has that capability.

DNS uses standard protocols. As far as how it works, transmits, and receives, this is not super important to our SecOps teams because those protocols have to be used at all times in order for it to work.

We are using about 25% of the features within the product. We have five to seven different product add-ons of theirs. Some are good and some are bad, but we definitely were interested in their cloud environment to help scalability and control risks. That was one of the primary reasons for implementing it.

I would give it an eight out of 10.

I would recommend the solution to others. If someone has the budget, it’s a very good product. Overall, I rate the tool an eight out of ten.

I recommend the solution for extra insights and protection.

Overall, I rate the solution a nine out of ten.

We love BloxOne Threat Defense.

Working with your in-house firewall can be challenging. You need to make sure you have all your ports and rules open. So, you need to be fully prepared for that.

If someone says that they don't need a DNS-specific security solution, then they would need to have something equivalent to it, and it would have to be just as good. Saying you don't need it is absolutely untrue. DNS filtering is a no-brainer. If you don't have DNS protection, you are allowing anybody to look up whatever they want, hoping the firewall will get it.

I would rate this product as a solid nine out of 10.

I would advise understanding what problem you are trying to solve. That's the key. Overall, I would rate it an eight out of ten. 

With the assistance of professional services, it is very simple to install. It is mainly time-consuming. I would advise getting a good, clear view of how your network works before implementing anything.

We are not heavily using it to detect DNS threats such as data exfiltration, Domain Generation Algorithms (DGAs), Fast Flux, lookalike domains, and fileless malware. We may use these features in the future. We have also not yet integrated it with security systems such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. Similarly, we don't use BloxOne DDI for policy settings based on IPAM and DNS data.

It hasn't substantially reduced the amount of effort involved for our SecOps teams when investigating events. It has given us another tool to look at, but it hasn't been a major change. It has also not detected threats that cannot be detected by other security tools. Sometimes, there are faster options.

To a colleague who says that their next-gen firewall and other security tools mean that they don’t need a DNS-specific security solution, I would probably advise looking at some of the DNS-related issues where firewalls aren't going to be that helpful, such as data exfiltration.

The biggest lesson that I have learned from using this solution is to keep an eye on what your devices are actually doing. We've seen a lot of traffic issues with Infoblox where the root cause of an issue is actually the underlying hardware it is on, and there is nothing you can really do about that, unfortunately.

I would rate BloxOne a seven out of 10.

Due to the changes in general technology, everybody is moving out of their on-premise environments to the cloud, which has completely different threats. Look at your spam folder in your mailbox. There are a lot of emails claiming to be from a trusted platform, when in fact, they are not. For example, all these phishing emails and domain names written with different letter letters, like the Cyrillic alphabet or Arabic letters. They look alphabetic, when in fact, they are completely different. All these things are caught by buying Infoblox.

Hopefully, they don't extract any data from our data streams. But to a certain degree, they need to take a look at the data that is actually transferred so they can find malicious content.

We are still in the adoption phase and simply don't have the time to dig or dive into all the possibilities this product gives us.

I would rate it as a nine out of 10.

Our on-sight Infoblox DNS DHCP appliances, which there are about 30 of them around the world, there's one screen of information where you put in the Infoblox cloud IP address, answer a few questions, then that triggers DNS forwarding to the Infoblox cloud portal. So when we send our DNS traffic out to the internet it goes to Infoblox first in order to get inspected. If for some reason a particular office or a particular appliance is unable to communicate with Infoblox at a particular time at that cloud IP, they're still able to forward DNS traffic directly to the internet as a backup. That can happen for normal communication disruption. It doesn't happen a lot, but at least our DNS queries don't stop completely if there's an interruption somewhere out on the internet. Which, again, doesn't happen often, but it's good to have available.

We do some configuration on our Infoblox appliances. On the user side of the portal, there are options for reporting and monitoring that get set up by the customer, but Infoblox sets up sessions with us whenever we ask. Initially, when we became a portal customer we received training from Infoblox, and if we want a refresher or we have somebody new who we want to go through the training they'll assist. What they usually do is have the local Infoblox team in Boston assist with that kind of training as well. 

It's not protocol agnostic. It's specifically analyzing DNS traffic. Now, if there's data inside the DNS traffic that is being used for non-DNS purposes, that's different. They are not analyzing other protocols, they are just analyzing DNS. So we use other tools to analyze other protocols, primarily firewalls.

I would rate Infoblox an eight out of ten. 

I rate BloxOne four out of 10. We have problems with the agents, and they randomly blocked me from Google and Frankfurt. There's also the upgrade problem.

My advice is to be careful. I tried to install the agent remotely on my laptop about a year and a half ago. It didn't play well with our other products on our company laptops, and it almost broke my computer. I would've bricked my laptop and had to come into the office. I also tried to implement BloxOne on the MDM mobiles. That was horrendous. They're planning to touch the agent again and see if it'll have another go at it.

Half the reason could be Apple's forcing them in one direction or the other, but it's pathetic. I gave up. I tried to do a whole task with the MDM phones and use Infoblox as the first layer, but it absolutely would not work to save its life.

This is a solution that I recommend.

I would rate this solution a nine out of ten.

I would highly recommend this solution. I am basically doing the pre-sales of Infoblox, so I highly recommended this solution. If you talk about competitors like F5, BlueCat, no solution is comparable to Infoblox BloxOne Threat Defense. Infoblox is doing VDI and selling VDI solutions for more than a decade. They are experts at the solution.

I would rate Infoblox BloxOne Threat Defense a nine out of ten. It needs tight integration and better support. 

We use the on-premises deployment model.

I would advise others to take the whole DNS Firewall subscription because it will add value to their solution.

I would rate the solution at nine out of ten.