Infoblox released version 4.4 of BloxOne™ Threat Defense on February 25, introducing new capabilities to defend against several high-risk trends as well as enhancements to ecosystem integration and several new reporting features. While highlights have been announced through the press, here is a summary of some key features introduced in this release:
- DNS over HTTPS (DoH) Solution
DNS over HTTPS (DoH) is beginning to be supported by all major browsers, designed to offer increased privacy for some users, at the expense of enterprise security best practices. By enabling DoH, devices will be sending all DNS traffic to an external third-party DNS resolver, bypassing internal enterprise DNS infrastructure. Organizations wishing to utilize internal DNS infrastructure, including the ability to provide security policy enforcement through DNS need to implement controls to block the use of these 3rd party DoH resolvers. The Infoblox Threat Intelligence service includes a feed called “Public-DoH” (public-doh.infoblox.local), which provides a negative response to “DoH Canary” domains (such as use-application-dns.net) and signals compliant browsers that DoH should not be used within the existing environment. Browsers will gracefully fall back to the organization’s managed DNS without interrupting user activity.
- Custom Lookalike Domain Monitoring
Existing lookalike domain defenses, designed to address threats abusing popularly targeted brands, such as “PayPal”, have been extended to allow users to submit their own specific critical domains for lookalike monitoring. You can now submit the company’s own domain, or domains frequently visited by or controlled by the organization, to the Infoblox Cyber Intelligence Unit (CIU) who will determine high-risk lookalike domains for initial assessment and monitoring. Customers are notified of suspicious activity related to these lookalike domains for visibility and as an advanced warning to help the organization potentially avert targeted employee attacks to compromise the network, or threats targeting customers that can damage the organizations’ brand reputation.
Custom Lookalike Domain Monitoring is initially only available for subscribers of BloxOne Threat Defense Advanced.
- Data Connector Enhancements
Data Connector is now enabled to forward DNS Firewall logs (RPZ logs) to Splunk and Infoblox Reporting for easier access to important details that can further accelerate incident investigations and support more rapid and effective threat response planning.
Data Connector is available for subscribers of BloxOne Threat Defense Business Cloud, Advanced and Security Ecosystem Business.
- Comprehensive Security Report
This release introduces the Comprehensive Security Report. This report helps users determine what information to display in the Cloud Services Portal by familiarizing them with the breadth of statistics and other data available. Additionally, information from this report can be exported to SIEM or integrated into other security tools for further correlation, assessment, or sharing.
- Executive Summary Report: Additional Data Reporting
This feature enhancement adds two additional graphical report types to the already available report; Data Exfiltration Activity and Access to Unauthorized Web Categories. The Data Exfiltration Activity report documents the unauthorized transfer of data from a computer. DNS threat analytics can detect and automatically block data exfiltration attempts via DNS, without the need for endpoint agents or additional network infrastructure. The target domains can originate from any geographic location. The Access to Unauthorized Web Categories report displays a breakdown of web activity to sites classified by the user as unauthorized by means of a content category.
Driven by user feedback and changes in the threat landscape, Infoblox continues to address some of the unmet challenges in the security industry with this release. BloxOne™ Threat Defense provides immediate value as it secures often underdefended attack vectors, but also through foundational security services to improve the effectiveness of other solutions throughout the security stack. If you are not already a customer, let us show you how we can take your security posture to the next level.
