In the second of this 3-part blog series, I shared that Infoblox, market leader in DNS, DHCP and IP address management (DDI) services, is bridging the gap between various security products you may already be using; such as next-gen endpoint security, enterprise threat intelligence platforms and NAC solutions, and thereby playing a critical role in enhancing the cybersecurity ecosystem.
In order to exchange network and security context data with others, Infoblox supports a couple of methods:
1st Method – REST API
Infoblox offers a REST API to provide a simple way for customers and partners to easily integrate our DDI and DNS security solutions with third-party security technologies they are already using.
2nd Method – Custom/Third Party
Various network and security vendors are developing their own sharing standards. One example is Cisco Platform Exchange Grid (pxGrid), which enables multivendor, cross-platform network system collaboration among parts of the IT infrastructure such as security monitoring and detection systems, network policy platforms, asset and configuration management, identity and access management platforms, and virtually any other IT operations platform.
Infoblox DNS Firewall and Infoblox IP address management (IPAM) with Network Insight solutions use pxGrid to exchange data with other pxGrid members like Cisco Identity Services Engine (ISE), a network access control solution. I am delighted to share that the Infoblox DDI solution has officially received Cisco Compatibility for the Cisco ISE integration. Learn more about the value this integration brings to both Cisco and Infoblox here: https://marketplace.cisco.com/catalog/companies/infoblox/products/infoblox-ddi
3rd Method – Industry Standards: STIX and TAXII
Based on customer demand and a growing recognition of the benefits of adopting a standard method of sharing data by the US Federal Government and certain verticals like Financial Services, Infoblox is the first DDI vendor to support STIX and TAXII protocols. As a result, we can enhance security visibility and automate response in two ways:
- Infoblox can receive indicators of compromise from threat intelligence platforms to enhance our visibility into malicious domains and IP addresses and automatically take action using our DNS Firewall Response Policy Zone (RPZ) policy-based solution.
- Infoblox can share threat context on malicious communications detected by DNS Firewall with third-party security solutions so that they can then further use that information to enrich their own database and can inform other security solutions in the network infrastructure.
To learn more about how Infoblox has partnered with multiple leading security technologies such as Carbon Black, Cisco, LogRhythm and others, and how you can use Infoblox DDI to improve visibility into and improve control over network security threats and devices, visit us at the forthcoming RSA Conference and Exposition in San Francisco in the South Hall Booth #526.