Infoblox BloxOne Threat Defense Valuable Features

BB
Senior Network Architect at a university with 10,001+ employees

The GUI has been improved a lot. It's easy to use and intuitive to navigate and to do whatever it is that you want to do with the system. Ease of use is one of the top features.

When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters.

View full review »
LL
DNS Guru at a healthcare company with 10,001+ employees

The most valuable feature is the security aspect, which is why we bought it

The reporting ability is helpful. It allows us to control what our users are able to resolve, and then be able to see reports on that. As a healthcare company, we're a potentially high-value target, and this helps provide an extra layer of security, especially with people working from home, where we can help prevent them from accidentally or intentionally reaching some of the malicious sites, and either having their machines compromised or being part of data exfiltration and infiltration attempt.

BloxOne is protocol-agnostic when it comes to the web traffic that it blocks. For example, it finds purely DNS traffic that's in a lot of cases, missed by firewalls. This is important because it gives us another layer of protection. It's another vector for us to implement our security policies so that we're not reliant on a single technology or a single vendor.

View full review »
EK
Principal Engineer at T-Mobile
  • All the security features, as far as whitelists and blacklists.
  • All the DNS activity logging.

I have a listing of all the bad domains and different types of IP addresses that are bad. These are just kind of listed in a database so the system can detect as queries are coming in from different IPs and/or domains.

DNS only uses a couple of protocols, e.g., TCP and UDP ports. So, it has the capability to block protocols where needed. 

View full review »
Buyer's Guide
Domain Name System (DNS) Security
March 2024
Find out what your peers are saying about Infoblox, Cisco, Palo Alto Networks and others in Domain Name System (DNS) Security. Updated: March 2024.
765,386 professionals have used our research since 2012.
Ahmed Hesham - PeerSpot reviewer
Network Security Engineer at Raya Integration

The product is stable. It’s the best DNS solution.

View full review »
JB
Virtualization/Datacenter Engineer at a healthcare company with 10,001+ employees

They offer a client, which is pretty neat, where we can go to our Threat Defense website and install this client on our mobile laptops. This client forwards all the DNS queries from those laptops to the DNS servers, no matter where somebody is the protection of their laptops is going with them.

Using the reporting, we can tell that we have gained an extra layer of protection. Just by looking at it, we can see what is being blocked before it even makes it to the firewall. It is definitely working.

The solution is “protocol-agnostic” when it comes to blocking at the DNS level. It doesn't care. This is important to us, in terms of our security environment.

View full review »
DonovanOlsen - PeerSpot reviewer
Channel Account Manager at Exclusive Networks

Picking the most valuable feature is like asking what your favorite color is. It depends on what problem you're trying to solve for a customer. If a customer has a specific requirement regarding DNS security, then they would consider Infoblox BloxOne Threat Defense. If they are looking for a data lake, they might explore other options. It really depends on the exact needs of the customer. It's all dependent on the customer's requirements and the specific use case.

You wouldn't sell it to a customer who only has five to ten users. It's meant for customers with a large IP base and a strong cybersecurity posture. Infoblox BloxOne Threat Defense furthers the existing security posture rather than replacing or trying to replace any existing products. It supplements what you already have. You can't supplement something that you don't have in the first place. It's going to integrate with your existing systems, such as your security tools, data sources, and firewalls.

View full review »
BD
Network Engineer at a recruiting/HR firm with 10,001+ employees

The automatic blocklists are most valuable. A box can maintain several lists from which we can choose if we need to block more or less. We don't have to manually manage the lists ourselves. They're automatically updated.

The automatic sharing of network context data helps to provide real-time threat intelligence.

View full review »
PS
IT Infrastructure Specialist Infrastructure Applications at a transportation company with 10,001+ employees

DNS and DHCP are essential. Threat Defense is a very good feature. We use all of them and are very satisfied.

BloxOne is very good at helping to detect DNS threats. We are using it on a daily basis. It has helped us identifying possible data exfiltration events already. We detected a possible data exfiltration attempt, which Infoblox BloxOne helped us to identify. We came to the conclusion that this is normal behavior. Now, we are actively blocking certain web pages with improper content, like porn sites. 

We are using Infoblox DDI for IPAM, DNS and DHCP stuff. There is a certain policy in place when it comes to DNS resolution. DDI affects our network and operations in a very positive way. With Threat Defense, we are controlling the DNS traffic. We can make sure that certain DNS domains are resolved only over our internal DNS service. Others are using public DNS servers. We are separating traffic on our VPN networks this way. It is not actually fine-graded, but we are starting to implement more detailed policies.

It is using just the DNS resolution. Regardless of which protocol is then used after the DNS resolution has occurred, the possible block of accessing that resource is already in place. So, it doesn't matter which protocol you are using afterwards.

View full review »
TN
Principal Network Engineer at Pegasystems

There's reporting and monitoring in the portal itself, and what customers can view. Additionally there are add-on programs specifically for Infoblox programs that go with Splunk. There are several tools available that add extra visibility.

Some of the tools that are involved with Splunk, Infoblox can be consulted on to help identify specific pieces of data that our security team is looking for. That's a plus because in this arena there's a lot of data that gets produced and making sense of it is the whole ballgame. Even though Splunk is not an Infoblox product, it's Splunk, but when our security folks receive data from Infoblox and they're not sure exactly how to massage it, there are content folks at Infoblox who help sort through stuff like that. The way that works is that we set up a call or a Webex/Zoom and just hash out with our security team exactly what they're trying to do.

If we had to take a look at where we are right now, Palo Alto is trying to get more business with us and at some point, we will probably take a look at what they offer in this space, which is just to get educated on the marketplace. The fact that we're a Palo Alto customer, we look to them to add value as well. I'm not saying we're changing anything right now, I'm just saying in our company because we're a big Palo Alto customer, we'll be looking at things they're going to be doing in the future as well.

We're using BloxOne strictly on the cloud version, but there are threat defense options that can be done with our onsite appliances into what Infoblox calls "the Grid". The Grid is just the collection of appliances that we have in the various offices, and there's a central management tool called the Grid Master where you can set up additional threat defense options, meaning you can inspect traffic even before it leaves the network. That's something we're going to be looking at as well. We're not doing it, but we're going to be looking at it.

Our initial activation in this arena, because it was so straightforward to just forward traffic right to the portal, which can be done in just a few minutes and actually have it inspect traffic in the first hour. It's not that we've precluded the onsite, but it's just something that we're looking at as a follow-up. We don't feel that we're at a major detriment, but it could improve some of the things we're doing if we do it onsite even before it gets to the cloud. Before they had the cloud portal you had to take in the threat feeds that they use or are available on the internet, and feed them into your own network, which makes it a lot more complicated.

That's still available. People will still do that, but we choose to use Infoblox and let them synthesize the threat feeds that they have access to.

View full review »
BW
Security Engineer at a energy/utilities company with 501-1,000 employees

The most valuable feature is the blocklisting. It's good at what I like to describe as the "silly side cases." We have this annoying security architecture that says we must do this, that, and the other, so we try to make it easier on ourselves. 

We install the agent somewhere and implement a policy that says you can't resolve anything unless I put it on an allow list. It's flipped instead of the average user experience that lets you go anywhere except for what's on the blocklist. When you have these silly side cases that only affect a couple of users, you can make a policy specifically for those users and then flip it. You block everything except for specific factors. That's powerful and a good use case for flexibility.

View full review »
it_user1149558 - PeerSpot reviewer
Network Architect at a retailer with 201-500 employees

The most valuable feature of this solution is the granularity for which you can categorize what you want to block versus what you don't want to block.

You have a direct connection with Infoblox support for everything that they're hosting at the in the bloxonecloud at the moment. You don't have to go through a partner.

This solution integrates with the Infoblox appliances, so you don't need Excel sheets or external databases to administer what you've got deployed. All of the IP addresses are known.

View full review »
HI
Senior Pre-sales consultant at a tech services company with 11-50 employees

The dossier feature is perfect for starting an investigation.

View full review »
MO
Presales Consultant at a tech services company with 51-200 employees

DNS Firewall can protect the DNS from DNS exploitation.

View full review »
GC
Network Engineer at a tech services company with 1,001-5,000 employees

The most important features for us are preventing DDOS DNS attacks.

View full review »
Buyer's Guide
Domain Name System (DNS) Security
March 2024
Find out what your peers are saying about Infoblox, Cisco, Palo Alto Networks and others in Domain Name System (DNS) Security. Updated: March 2024.
765,386 professionals have used our research since 2012.