Subscribe
  • Home
  • /
  • TechForum
  • /
  • Introducing the Infoblox Threat Intelligence to Enhance your Security Infrastructure

Introducing the Infoblox Threat Intelligence to Enhance your Security Infrastructure

Infoblox Threat Intelligence Data Exchange is a cost-effective solution to simplify and consolidate management of threat intel data, says Prakash Nagpal, Community Manager, Infoblox.


Johannesburg, 25 Jan 2017

You probably already protect your network at the DNS level. But it can be time- and resource-intensive because as your network has grown, you've inherited a patchwork of siloed security solutions. Many times, the threat intelligence data you've purchased with a security system can't be used elsewhere or you can't customise how you want to deploy threat intel across your infrastructure, says Prakash Nagpal, Community Manager, Infoblox.

Even more frustrating are the multiple views of intelligence data from your multiple systems. Instead of being able to use more data to provide context and a clearer insight into potential threats, you have to spend time going between security solutions to manually interpret what's going on. This can result in slow response times and gaps in your threat coverage.

Obviously this is not an efficient or confidence-inspiring way to protect against cyber threats. There is a need for a cost-effective solution to simplify and consolidate management of threat intel data, which is why Infoblox is launching the Infoblox Threat Intelligence Data Exchange (TIDE) which integrates into the DDI environment (DNS, DHCP and IP address management). This is critical as we're all seeing an increase in malicious activity at the DNS level - in fact, Infoblox's Threat Index hit an all-time high in the first quarter of 2016.

Infoblox TIDE provides three levels of service that focus on solving key pain points to make your job easier and your security more effective. With Infoblox TIDE, you can:

* Get the data you need: Easily create threat intelligence data feeds to combine Infoblox's high-quality data with data in which you've already invested.
* Easily deploy data: Obtain, manage and distribute threat data to a broad range of infrastructure from a centralised point.
* Prevent malicious activity:Deploy threat intelligence directly within Infoblox DNS Firewall and other security technologies.

1. Get the data you need

Infoblox TIDE is a one-stop-shop when it comes to threat intel data. Infoblox distils data from many sources, processes and services. Also, is 24/7 Threat Operations team works to verify threat indicators and curate machine-readable threat intelligence (MRTI) to output an enhanced, accurate, up-to-date intelligence data feed (based on Infoblox's own data and also vetting of third-party/market feed data, including hostnames, URLs, IP addresses).

It also works with several premium data providers, including SURBL, CrowdStrike, Cyren, Emerging Threats, Farsight Security, iSight Partners, OpenPhish,ThreatTrack Security and ThreatWave to create an in-solution third-party threat indicator feed data marketplace. SURBL is a top provider of high-quality, actionable intelligence specifically designed and used for variety of blocking solutions like Infoblox DNS Firewall. In addition to data from these providers, Infoblox TIDE enables you to easily integrate with almost any vendor's data for use.

2. Easily deploy threat intelligence data

Infoblox TIDE is system-agnostic and designed to simplify threat intel deployment, distributing data across a diverse range of security platforms (e.g., DNS Firewall, perimeter firewall, Web proxy, IPS, SIEM). Infoblox TIDE makes creating custom API feeds built for specific attacks quick and easy, regardless of how many feeds you need to blend (e.g., hostnames, IPs, URLs) or the types of data you need to adjust for (e.g., JSON, STIX, CSV, TSV, CEF).

In addition, Infoblox TIDE allows you to manage and share internally sourced threat intelligence, upload and manage internally discovered threat intelligence, and put data governance policies in place to easily control and distribute intelligence to other internal stakeholders, business partners and other external parties.

3. Prevent malicious activity and data breaches

Because Infoblox TIDE enables you to deploy trusted threat intelligence directly within Infoblox DNS Firewall and other security technologies, you can detect security breaches before they occur and limit damage from infected devices. Also, Infoblox TIDE deployment of threat intel data across the infrastructure serves to help strengthen all of your systems' defences.

For more information about how Infoblox TIDE can streamline your threat intelligence and help you get more value from existing security infrastructure and threat intelligence data investments, read the Solution Note and contact Infoblox.

Share

Editorial contacts