If you were talking to someone whose organization is considering Infoblox BloxOne Threat Defense, what would you say?
How would you rate it and why? Any other tips or advice?
With the assistance of professional services, it is very simple to install. It is mainly time-consuming. I would advise getting a good, clear view of how your network works before implementing anything. We are not heavily using it to detect DNS threats such as data exfiltration, Domain Generation Algorithms (DGAs), Fast Flux, lookalike domains, and fileless malware. We may use these features in the future. We have also not yet integrated it with security systems such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. Similarly, we don't use BloxOne DDI for policy settings based on IPAM and DNS data. It hasn't substantially reduced the amount of effort involved for our SecOps teams when investigating events. It has given us another tool to look at, but it hasn't been a major change. It has also not detected threats that cannot be detected by other security tools. Sometimes, there are faster options. To a colleague who says that their next-gen firewall and other security tools mean that they don’t need a DNS-specific security solution, I would probably advise looking at some of the DNS-related issues where firewalls aren't going to be that helpful, such as data exfiltration. The biggest lesson that I have learned from using this solution is to keep an eye on what your devices are actually doing. We've seen a lot of traffic issues with Infoblox where the root cause of an issue is actually the underlying hardware it is on, and there is nothing you can really do about that, unfortunately. I would rate BloxOne a seven out of 10.
If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand. Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production. The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient. I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.
This type of DNS-specific tool is an important part of a security solution that is not covered by other security tools, such as a next-generation firewall. If somebody suggested otherwise then I would tell them to test it out on some of the tools and do a head-to-head comparison. My advice for anybody who is looking into implementing BloxOne is to do a comparison against some of the tools internally and see for yourself the value that it can provide. Then, work with Infoblox on the development and work with the security team on customizing and personalizing the rules so that you can allow the traffic that you need and block the traffic that you don't want. The biggest lesson that I have learned from using this product is that there is always room to improve your security posture. I would rate this solution a nine out of ten.
Due to the changes in general technology, everybody is moving out of their on-premise environments to the cloud, which has completely different threats. Look at your spam folder in your mailbox. There are a lot of emails claiming to be from a trusted platform, when in fact, they are not. For example, all these phishing emails and domain names written with different letter letters, like the Cyrillic alphabet or Arabic letters. They look alphabetic, when in fact, they are completely different. All these things are caught by buying Infoblox. Hopefully, they don't extract any data from our data streams. But to a certain degree, they need to take a look at the data that is actually transferred so they can find malicious content. We are still in the adoption phase and simply don't have the time to dig or dive into all the possibilities this product gives us. I would rate it as a nine out of 10.
Build it out in your live environment, then just test every aspect of the product to make sure it fits your needs. You need a DNS solution. I don't know anyone who would want to manage DNS-type activity, whether it is IPAM or DDI via a next-gen firewall. We don't use a lot of next-gen firewalls, so it is really hard for me to speak to whatever their capabilities are. I just know that throughout our company, as a whole, we use DNS everywhere possible. To say that a next-gen firewall could replace a DNS/DDI solution, I would say that I'm not aware that a next-gen firewall has that capability. DNS uses standard protocols. As far as how it works, transmits, and receives, this is not super important to our SecOps teams because those protocols have to be used at all times in order for it to work. We are using about 25% of the features within the product. We have five to seven different product add-ons of theirs. Some are good and some are bad, but we definitely were interested in their cloud environment to help scalability and control risks. That was one of the primary reasons for implementing it. I would give it an eight out of 10.
I would highly recommend this solution. I am basically doing the pre-sales of Infoblox, so I highly recommended this solution. If you talk about competitors like F5, BlueCat, no solution is comparable to Infoblox BloxOne Threat Defense. Infoblox is doing VDI and selling VDI solutions for more than a decade. They are experts at the solution. I would rate Infoblox BloxOne Threat Defense a nine out of ten. It needs tight integration and better support.
This is a solution that I recommend. I would rate this solution a nine out of ten.
We use the on-premises deployment model. I would advise others to take the whole DNS Firewall subscription because it will add value to their solution. I would rate the solution at nine out of ten.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.