Top Security Report #6 – Threat Protection – Top Rules by Source

Share On Facebook
Share On Twitter
Share On Linkedin

This blog discusses the report #6 in a series of seven top security reports that can help you defend against bad actors.

Here are the previous parts: part 1, part 2 

Infoblox Out-of-the-Box Report Threat Protection – Top Rules by Source

This report lists the top source IP addresses that trip each threat rule as identified through ADP threat intelligence.  For network teams, this report gives visibility to which devices on the network are doing bad things or impacting network performance, so you can take corrective action like shutting-off the port or removing the device from the network.  For security teams, it provides visibility when there is trouble on the network, so the admin can intervene with the system manager, initiate a virus scan, or pursue a variety of other actions.  It also enables admins to tune the threat rule thresholds for which traffic they want to allow or block.  A typical security use case is when an admin suspects that a client device is infected with malware, and they need to conduct a forensic investigation to determine what the malware is doing within the DNS infrastructure and determine the malware attack methodology and frequency.

Top Report #6: Threat Protection

Top Rules by Source
Service Area Infrastructure Protection
Purpose Lists the top source IPs hitting each threat rule
Primary User Network & Security Admins
Importance Identifies clients that are attacking the server the most & the rules they trigger, & enables admins to tune rule thresholds better
Use Case A security admin knows a client is infected by malware, but to drill deeper into malware forensics, this report shows the malware attack methodologies and frequencies
Available Out-of-the-box & requires Advanced Data Protection (ADP)

This report is accessed through the security dashboard and requires ADP.  It includes filters for time, top number of rules, a counter, members, source IP address, rule names, source port and viewing options by bar chart, table or both.  The report then displays the source IP, the number of logged events associated to that IP, the top security rules by name that were violated, and when they last tripped those rules.  This provides the visibility and forensic capability needed to identify bad actors, see what they’re doing, the security rules they’re breaking and the impacts they’ve had on the network, so the admin can modify the rules and take quick, corrective action.

Security Report #6 - Threat Protection Report

Here are the seven (7) security reports that can give you an edge over the bad actors.

Learn more:

  • Join the Infoblox Reporting & Analytics Technical Demo Series to continue the discussion in the free webinar on 7/17, 2018, 9A PDT, 12P EDT, 5P BST. Register
  • As an existing Infoblox DDI customer, you can deploy a virtual Infoblox Reporting & Analytics appliance free of charge — no strings attached. Download and try the Reporting & Analytics Free Tier today.

Labels:

Bob Rose

Sr. Product Marketing Manager, Solutions Marketing & DDI Value-Added Services at Infoblox

Bob has over 25 years of mid-to-senior level experience in B2B and B2C product marketing, product, project, program and partner management. This includes 14 years in technology (DDI, RPA, fintech, wireless and mobile apps, GIS and biometrics), 9 years in financial services, 3 years in healthcare and 2 years in manufacturing. He did his post-graduate work in Project Management and Quality and holds a Marketing Management BBA from Pacific Lutheran University in Tacoma, WA. He spends his personal time engaged in adult and youth ministries, coaching and watching soccer (go Liverpool FC & Sounders FC), sailing, camping, and listening to a variety of Christian, jazz and instrumental music.

View All Posts
×