Infoblox
infoblocks
Cloud-based Protective DNS "BloxOne Threat Degense"
What is BloxOne Threat Defense?
Cloud service of "DNS Firewall" provided by Infoblox. Block outbound DNS-based communication by malware to prevent connections with botnets and C&C servers.
BloxOne Threat Defense Key Features
- Monitor and block DNS queries to malicious domains
- Block malicious DNS queries (DNS tunneling) with behavioral detection
- Obtain IP address, MAC address, user name, and device information as user information
BloxOne Threat Defense installation image
Defense with 14 different feeds
| feed name | detail |
|---|---|
| Base (base.rpz.infoblox.local) |
A blacklist consisting of host names (FQDN) of malicious sites such as APTs, botnets, infected hosts/domains, exploit kits, abused DNS servers, bogon IP address sinkholes, etc. |
| Anti-Malware (antimalware.rpz.infoblox.local) |
A blacklist consisting of host names (FQDN) of threatened servers such as C&C servers, malware distribution sites, and active phishing sites |
| Ransomeware (ransomware.rpz.infoblox.local) |
A blacklist consisting of the host name (FQDN) of the ransomware (ransomware) connection destination or distribution site |
| Bogon (bogon.rpz.infoblox.local) |
In Internet routing control, route information that should not appear in the blacklist* routing table consisting of address blocks (IP addresses/subnets) that are not registered as advertiseable addresses is called a "bogon route." It includes unallocated IP addresses that have not been allocated by IANA, private IP addresses, and IP addresses reserved by IANA. |
| DHS_AIS_IP (dhs-ais-ip.rpz.infoblox.local) |
A blacklist composed of IPs shared with participating partners as cyber threat information in the U.S. Department of Homeland Security (DHS) AIS (Automated Indicator Sharing) program |
| DHS_AIS_Domain (dhs-ais-domain.rpz.infoblox.local) |
A blacklist consisting of host names (FQDN) shared as cyber threat information with partners participating in the U.S. Department of Homeland Security (DHS) AIS (Automated Indicator Sharing) program |
| AntiMalware_IP (antimalware-ip.rpz.infoblox.local) |
A blacklist consisting of IP addresses of threatening servers such as C&C servers, malware distribution sites, and active phishing sites |
| Bot_IP (bot-ip.rpz.infoblox.local) |
A blacklist consisting of IP addresses of bots used by malware to spread infection |
| Exploit Kit_IP (exploitkit-ip.rpz.infoblox.local) |
A blacklist consisting of IP addresses of malware distribution sites containing malicious programs to infect |
| Malware_DGA (malware-dga.rpz.infoblox.local) |
A blacklist consisting of domain names that can be used as C&C servers generated by the malware's Domain Generation Algorithm (DGA) |
| TOR_Exit_Node_IP (tor-exit-node-ip.rpz.infoblox.local) |
Blacklist configured by Tor exit node IP addresses *Tor exit nodes are gateways through which encrypted Tor traffic is routed to the Internet. |
| SURBL_Multi (multi-domain.surbl.rpz.infoblox.local) |
Malicious domain blacklist with up-to-date information on active malware, phishing, botnets and spam domains provided by partner company SURBL |
| SURBL_Fresh (fresh-domain.surbl.rpz.infoblox.local) |
Blacklist of newly observed domains with malicious activity provided by partner company SURBL |
| SURBL_Multi_Lite (surbl-lite.rpz.infoblox.local) |
A blacklist focused on only the latest and completely malicious sites so that the SURBL_Multi feed can be used on a low spec model |
Behavior detection function -Threat Insight-based defense
Data leakage prevention
- New Threats from DNS Tunneling
-
- DNS cache servers are being abused as springboards to steal sensitive data
Infoblox exclusive patented technology
- Infoblox DNS Data Exfiltration
-
- Detect and block sensitive data leakage in real time by detecting behavior by DNS query
Features of BloxOne Threat Defense
1. Block DNS-based malware
By exploiting name resolution and using DNS cache servers as stepping stones, malware bypasses the defense-in-depth of existing security measures. By blocking malicious DNS queries against these attacks, it is possible to block information leaks due to targeted attacks on a DNS basis.
2. Immediate use by simply installing an agent on the client
You can use the service without changing the existing network configuration. In addition, by installing an agent, it becomes possible to identify the terminal, and centrally manage the client's activity from the web GUI management screen.
3. Enhanced security in remote access environments
Even if you have thorough security measures within your company, are there many cases where measures against access from terminals taken out of the company are not adequately implemented? BloxOne Threat Defense blocks unauthorized communications outside the company that were previously uncontrollable.
Seamless integration with on-prem solutions
Integrated policy management, visualization, reporting and analysis
- Configurable individual or common policies for each on-prem and remote user
- Data Connector can be used to send on-premises Infoblox data to the Cloud for integrated analysis of DNS security.
- It is possible to check the history, etc., of each user/device's traffic between the on-premises LAN environment and the remote environment.
- Visualize user information such as MAC address, device information, DHCP lease history, and physical location (building, base)
Inquiry/Document request
Macnica Infoblox
- TEL:045-476-2010
- E-mail:infoblox-sales@macnica.co.jp
Weekdays: 9:00-17:00