Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

Infoblox

infoblocks

Cloud-based DNS security "BloxOne Threat Defense"

What is BloxOne Threat Defense?

Cloud service of "DNS Firewall" provided by Infoblox. Block outbound DNS-based communication by malware to prevent connections with botnets and C&C servers.

BloxOne Threat Defense Key Features

  • Monitor and block DNS queries to malicious domains
  • Block malicious DNS queries (DNS tunneling) with behavioral detection
  • Obtain IP address, MAC address, user name, and device information as user information

BloxOne Threat Defense installation image

  • BloxOne Threat Defense installation image

Defense with 14 different feeds

feed name detail
Base
(base.rpz.infoblox.local)		 A blacklist consisting of host names (FQDN) of malicious sites such as APTs, botnets, infected hosts/domains, exploit kits, abused DNS servers, bogon IP address sinkholes, etc.
Anti-Malware
(antimalware.rpz.infoblox.local)		 A blacklist consisting of host names (FQDN) of threatened servers such as C&C servers, malware distribution sites, and active phishing sites
Ransomeware
(ransomware.rpz.infoblox.local)		 A blacklist consisting of the host name (FQDN) of the ransomware (ransomware) connection destination or distribution site
Bogon
(bogon.rpz.infoblox.local)		 In Internet routing control, route information that should not appear in the blacklist* routing table consisting of address blocks (IP addresses/subnets) that are not registered as advertiseable addresses is called a "bogon route." It includes unallocated IP addresses that have not been allocated by IANA, private IP addresses, and IP addresses reserved by IANA.
DHS_AIS_IP
(dhs-ais-ip.rpz.infoblox.local)		 A blacklist composed of IPs shared with participating partners as cyber threat information in the U.S. Department of Homeland Security (DHS) AIS (Automated Indicator Sharing) program
DHS_AIS_Domain
(dhs-ais-domain.rpz.infoblox.local)		 A blacklist consisting of host names (FQDN) shared as cyber threat information with partners participating in the U.S. Department of Homeland Security (DHS) AIS (Automated Indicator Sharing) program
AntiMalware_IP
(antimalware-ip.rpz.infoblox.local)		 A blacklist consisting of IP addresses of threatening servers such as C&C servers, malware distribution sites, and active phishing sites
Bot_IP
(bot-ip.rpz.infoblox.local)		 A blacklist consisting of IP addresses of bots used by malware to spread infection
Exploit Kit_IP
(exploitkit-ip.rpz.infoblox.local)		 A blacklist consisting of IP addresses of malware distribution sites containing malicious programs to infect
Malware_DGA
(malware-dga.rpz.infoblox.local)		 A blacklist consisting of domain names that can be used as C&C servers generated by the malware's Domain Generation Algorithm (DGA)
TOR_Exit_Node_IP
(tor-exit-node-ip.rpz.infoblox.local)		 Blacklist configured by Tor exit node IP addresses *Tor exit nodes are gateways through which encrypted Tor traffic is routed to the Internet.
SURBL_Multi
(multi-domain.surbl.rpz.infoblox.local)		 Malicious domain blacklist with up-to-date information on active malware, phishing, botnets and spam domains provided by partner company SURBL
SURBL_Fresh
(fresh-domain.surbl.rpz.infoblox.local)		 Blacklist of newly observed domains with malicious activity provided by partner company SURBL
SURBL_Multi_Lite
(surbl-lite.rpz.infoblox.local)		 A blacklist focused on only the latest and completely malicious sites so that the SURBL_Multi feed can be used on a low spec model

Behavior detection function -Threat Insight-based defense

Data leakage prevention

  • New Threats from DNS Tunneling
    1. DNS cache servers are being abused as springboards to steal sensitive data

Infoblox exclusive patented technology

  • Infoblox DNS Data Exfiltration
    1. Detect and block sensitive data leakage in real time by detecting behavior by DNS query
Behavior detection function -Threat Insight-based defense

Features of BloxOne Threat Defense

Block DNS-based malware

1. Block DNS-based malware

By exploiting name resolution and using DNS cache servers as stepping stones, malware bypasses the defense-in-depth of existing security measures. By blocking malicious DNS queries against these attacks, it is possible to block information leaks due to targeted attacks on a DNS basis.

Immediately available by simply installing the agent on the client

2. Immediate use by simply installing an agent on the client

You can use the service without changing the existing network configuration. In addition, by installing an agent, it becomes possible to identify the terminal, and centrally manage the client's activity from the web GUI management screen.

Enhanced security in remote access environments

3. Enhanced security in remote access environments

Even if you have thorough security measures within your company, are there many cases where measures against access from terminals taken out of the company are not adequately implemented? BloxOne Threat Defense blocks unauthorized communications outside the company that were previously uncontrollable.

Seamless integration with on-prem solutions

Integrated policy management, visualization, reporting and analysis

Seamless integration with on-prem solutions
  • Configurable individual or common policies for each on-prem and remote user
  • Data Connector can be used to send on-premises Infoblox data to the Cloud for integrated analysis of DNS security.
  • It is possible to check the history, etc., of each user/device's traffic between the on-premises LAN environment and the remote environment.
  • Visualize user information such as MAC address, device information, DHCP lease history, and physical location (building, base)
BloxOne Threat Defense

Inquiry/Document request

Macnica Infoblox

inquiry Document request

Mon-Fri 8:45-17:30