DATASHEET

BloxOne® Threat Defense Advanced

Strengthen and optimize your security
posture from the foundation

THE NEED FOR FOUNDATIONAL SECURITY AT SCALE

The traditional security model is inadequate in today’s world of digital
transformations. KEY CAPABILITIES
• Threats are growing in speed and complexity, with MFA attacks, smishing,
• Detect and block emerging and
lookalike domains and spear phishing leading the chart when it comes to top targeted attacks, including phishing,
attacks targeting enterprises in recent months. ransomware, suspicious domains,
spear phishing and other modern
• The perimeter has shifted, and your users directly access cloud-based
threats using Infoblox Threat Intel
applications from everywhere.
• Protect users and devices,
• IoT leads to an explosion of devices that do not accept traditional endpoint regardless of platform or OS, at the
technologies for protection. DNS layer, including BYOD, IoT, and
ICS
• Most security systems use a malware and website content-centric approach,
• Discover high-risk applications and
which is reactive. manage your Shadow IT, Insider,
What organizations need is a scalable, simple and proactive security solution Compliance and other risks
that identifies and disrupts cybercrime pre-incident. • Prevent data exfiltration
techniques with machine learning/
AI analytics, including DNS-
INFOBLOX PROVIDES A SCALABLE PLATFORM THAT MAXIMIZES based data exfiltration, DGA, and
DNSMessenger
YOUR EXISTING THREAT DEFENSE INVESTMENT
• Detect and block Zero Day DNS™
Infoblox BloxOne Threat Defense Advanced, a comprehensive DNS Detection attacks within minutes of a
and Response (DNSDR) solution, detects threat activity that other solutions malicious domain getting registered
miss and stops attacks before they occur with hunted, pre-campaign DNS and used
threat intel to disrupt attacker supply chains. Intelligent ecosystem integrations • Restrict user access to
and automation reduce manual effort, while Infoblox’s unique AI-driven inappropriate or unwanted web
analytics focus analysts on what matters most and provide insights that reduce content and track activity
MTTR, raise the ROI of existing security tools, and elevate overall SecOps • Protect your brand with Lookalike
efficiency. Domain Monitoring for your most
valuable internet properties

SOC Insights
• Accelerate investigations 3X and
streamline threat response and
DNS Firewall Threat Insight
Email Filter
threat-hunting activities
Threat feeds

• Enhance visibility: Get precise

IPS
Cloud
Dossier TIDE

visibility “and rich network context”

Roaming clients/
Firewall

Endpoint
(with Roaming Client)
Threat
Intelligence
by integrating with IPAM asset
metadata for optimum event
Platform (TIP)

SIEM
On-Premises
Forwarder
understanding and correlation
Network and security Vulnerability

• SOC Insights lets you jump-start

events with context; Scanner
On-Premises DNS data; user information
On-Premises

investigation and response on the

Data Connector DNS Firewall NAC

Endpoint Figure 1: Infoblox hybrid threats that matter most and reduce
architecture enables protection
Security
Ecosystem On-Premises
Threat Insight
APT/Malware
everywhere and deployment
MTTR with AI-driven insights
Detection

anywhere
BLOXONE® THREAT DEFENSE ADVANCED. STRENGTHEN AND
OPTIMIZE YOUR SECURITY POSTURE FROM THE FOUNDATION

MAXIMIZE SECURITY OPERATION CENTER EFFICIENCY

In this day and age
Reduce Incident Response Time there is way too much
• Automatically block malicious activity and provide the threat data to the rest of ransomware, spyware, and
your security ecosystem for investigation, quarantine and remediation
adware coming in over links
• Optimize your SOAR solution using contextual network and DNS threat intel opened by Internet users.
data and Infoblox ecosystem integrations (a critical enabler of SOAR)-reduce
The Infoblox cloud security
threat response time and OPEX
solution helps block users from
• Use Infoblox SOC Insights capabilities to know which events matter most redirects that take them to bad
with the AI-driven analytics that go beyond simple malware risk-ranked
dashboards sites, keeps machines from
becoming infected, and keeps
Unify Security Policy with Threat Intel Portability users safer.”
• Distribute Infoblox Threat Intel and partner feeds to existing security systems
• Reduce cost of threat feeds while improving effectiveness of threat intel Senior System Administrator and
Network Engineer,
across entire security stack
City University of Seattle

Faster Threat Investigation and Hunting

• Jump-start investigation and response on the threats that matter most and
reduce MTTR with AI-driven insights that go beyond simple malware risk-
ranked dashboards
• Makes your threat analysts team 3x more productive by empowering security
analysts with automated threat investigation, insights into related threats and
additional research perspectives from expert cyber sources to make quick,
accurate decisions on threats

Advanced
Threat
SOAR
Detection

Threat Network
Intelligence Access Control
Platform (NAC)

ITSM/ITOMa
SIEM /
Security
DNS Detection and Operations
Response

Next-Gen
Endpoint Web
Security Gateway

Next-Gen
Firewall Vulnerability
(NGFW) Management

Figure 2: BloxOne Threat Defense integrates with the entire cybersecurity ecosystem
BLOXONE® THREAT DEFENSE ADVANCED. STRENGTHEN AND
OPTIMIZE YOUR SECURITY POSTURE FROM THE FOUNDATION

HYBRID APPROACH PROTECTS WHEREVER YOU ARE DEPLOYED

THE ROI OF INFOBLOX
Anal cs in Threat Intel Full Integra n Remote
SECURITY
the Cloud Scaling with On-premises Survivability
Ecosystem Offload strained security
devices
• Decrease the burden on strained
perimeter security devices such as
firewalls, IPS, and web proxies by
using your already available DNS
•Detect more threats •Apply more threat •Enable faster response •C ue to protect
servers as the first line of defense
in the cloud and intel in the cloud •Achieve network wide and service clients
enforce anywhere without limita ns of n even if connec • Up to 60 times reduction in traffic
appliance to internet is down sent to NGFWs*
Improve ROI on existing
investments
• Get more value out of adjacent/
Analytics in the Cloud complementary products by
bi-directionally sharing threat and
• Leverage greater processing capabilities of the cloud to detect a wider attacker information
range of threats, including data exfiltration, domain generation algorithm
• If sending DNS data to SIEM,
(DGA), fast flux, fileless malware, Dictionary DGA and more, using machine reduce the cost of SIEM solutions
learning-based analytics by sending only suspicious DNS
• Detect threats in the cloud and enforce anywhere to protect HQ, data center, data to these platforms
remote offices or roaming devices Automation
• Reduce cost of human touch/error
Threat Intelligence Scaling using automation
• Apply comprehensive intelligence from Infoblox Threat Intel and partner • Overcome lack of skilled resources
feeds to enforce policies on-premises or in the cloud and automatically - 60% less demand on your team
distribute it to the rest of the security infrastructure to implement (configure in hours
instead of months) and operate for
• Apply more threat intel in the cloud without huge investments into more both skills and cost
security appliances for every site • Make your threat analysts 3x more
productive with an easy-to-use,
Powerful integrations with your security ecosystem single console
• Enables full integration with on-premises Infoblox and third-party security
technologies, enabling network-wide remediation and improving the ROI of *Based on real customer data

those technologies

Remote survivability/resiliency
• If there is ever a disruption in your Internet connectivity, the on-premises
Infoblox can continue to secure the network

To learn more about the ways that BloxOne Threat Defense secures your data
and infrastructure, please visit: https://www.infoblox.com/products/bloxone-
threat-defense

Infoblox unites networking and security to deliver unmatched Corporate Headquarters

performance and protection. Trusted by Fortune 100 companies and 2390 Mission College Blvd, Ste. 501
emerging innovators, we provide real-time visibility and control over who Santa Clara, CA 95054
and what connects to your network, so your organization runs faster and
stops threats earlier. +1.408.986.4000
www.infoblox.com

© 2024 Infoblox, Inc. All rights reserved. Infoblox logo, and other marks appearing herein are property of Infoblox, Inc.
All other marks are the property of their respective owner(s).

Version: 20240415v2