For all the security analysts and architects in the world, and for all the risk analysts, risk assessment and risk management folks, and for everyone else in the security field, there is a single purpose that unites all of us together. That is: to create a safer, more secured environment, whether that’s for the organization as a whole or for specific individual departments or different partitions of the network. Each of us has a specific task and each of us can use any number of platforms and third-party software to help increase our production and throughput. However, the proposed question is how can we know that what we are doing is actually giving us a return on our investments?
Most companies can answer this simply as it’s a standard in most security frameworks such as ISO 27001, NIST, COBIT and many more. I’m of course talking about a security baseline. With security baselines, organizations can quickly and efficiently determine if the new product that they implemented improved their overall security posture or not by looking to compare their security baseline they had before the implementation of a new resource to the new results after the implementation.
How we get that security baseline and what resources we use to create that security baseline and how the security baseline is used is all together another story and it’s different between each framework. However, let’s all agree about one thing, there is an astronomical number of events, many of which are junk, and too many potential threats for any security team to handle on their own, no matter the size, without some tools to help them out. As such, many organizations use tools to help produce these events and then use tools such as a security incident and event management (SIEM) system to help alleviate the burden of looking though all the events and organizing all the events into one place.
Now this begs the question for security teams. How do they get the data into their SIEM, or other platform, to organize their data and keep their organization compliant for their security framework or how to get that data to simply improve their security posture? Unfortunately, many companies force you to use their product’s own built-in reporting and analytics to view the data. And if you want to take that data out and organize it into a consolidated view, with a reporting system you’re experienced with, you need to go through loops and hoops to transfer it. That’s if the tool you bought even allows you to take the data out. So, wouldn’t it be nice if the companies you bought products from gave you a way to manage the data however you’d like and treated your data as if it was yours and not theirs?
Infoblox Cloud Data Connector (CDC) is one such device that allows you and your organization to more quickly transfer your data so you can rapidly evaluate if the changes you’re making at the DDI level are actually improving or hurting the situation. Although Infoblox has amazing reporting and analytics, Infoblox understands that it’s not enough to just give organizations the reporting and analytics that are relevant for today inside their platforms. With Infoblox CDC you don’t need to go through the loops of forcing your data out of your products that you already spent your money on.
CDC is a device that is designed to be deployed anywhere to collect DNS query and response data and security logs from your choice of Infoblox products. It gives you the ability to easily filter the data before sending it to your chosen locations (such as an SIEM) so that you don’t waste your resources by filling your SIEM platform with junk. This saves your organization and teams resources in both the cost of data retention and the personnel time needed to find ways to transfer the data out and into your own data pools.
No matter if you are a security team trying to stay ahead of the game by responding to the correct incidents, an operations team that needs to keep the business up 24/7, or a compliance team handling all the pesky regulatory regimes, the CDC will help feed your SIEM or other platforms and keep you ahead of the game.
So how does CDC work?
Five simple steps:
Download the Software
Infoblox provides the CDC in simple downloadable files that can be loaded as a VM or as a simple Docker container or a hardware appliance that just needs to be plugged in, which then automatically starts working without having to lift a finger.
Choose Input and Output
No matter if you’re pulling the data from our on-premise solutions, private or public cloud solutions, our SaaS solutions or all of the above, you can send the data to any location, whether that be between Infoblox devices, your SIEM or any other device that you want to hold data in.
Set Filters
CDC makes sure not to send any duplicate or irrelevant data and provides you the ability to take advantage of regex filtering that helps send wanted data to the sources you want. CDC is flexible and allows you to take data from any number of Infoblox products and send it and filter it to any location that is desired.
Connect Everything
Once you’ve set up the last three steps, it’s time to select which CDC software or hardware appliance you want to assign to manage it all. Although it’s all managed from a single point in the cloud, you still need a way to grab and push the data to your appliance to hold the data (like an SIEM), and the CDC is your “man on the ground” working for you.
Sit Back and Relax
Really there are only four steps, but now you can also sit back and relax as the data from Infoblox devices are easily managed and placed anywhere you like, as all your data is easily collected and shared to any other products or systems that you have. Infoblox is here to help make life easier and bring next level networking to you. This is just another step Infoblox has taken to make sure that organizations own their data.
