Introduction
Infoblox’s BloxOne™ platform is steadily becoming a complete SaaS experience for Security and DDI. One of the recent changes to BloxOne Threat Defense has been an update to Security Policies. BloxOne Threat Defense now allows for granular control over the precedence of Security Policies, and the order in which security lists are checked when examining packets.
Prerequisites
- Access to a BloxOne Account via the Infoblox CSP
- A CSP Tenant with a BloxOne Threat Defense license
Getting Started
Recently, you may have noticed a dialog box notifying you of the changes to how BloxOne handles Security Policies. This notification occurs if you haven’t accessed your Security Policies since the recent update to Security Policies. Once you acknowledge the notification, you’re ready to manage your policies.
If you’re familiar with the Security Policy panel, the first thing you’ll notice is the new Precedence column:
Precedence defines which security list is checked first when inspecting packets. Policies with the lowest Precedence are checked first.
By clicking a checkbox associated with a policy, and clicking Edit, you can inspect a Security policy.
Note: In the new Security Policy interface, instead of a tiered list with dropdown menus, there’s a new navigation panel on the left. On the primary screen, you can now adjust the Precedence of a Security Policy.
Clicking on Policy Rules in the navigation panel will reveal the new interface for Policy Rules.
Note the Order of the lists. This means these specific lists are checked first whenever a packet is inspected. In the example screenshot, the Custom List named Custom_Blocklist is checked first.
On the Custom Lists tab of Security Policy page, we can observe the settings of a Custom list. Click a checkbox associated with a list, then click Edit.
Here you can see the same interface for a Custom List. However, notice the Threat Level and Threat Confidence lists that are now customizable. These metrics allow you to custom tailor the perceived threat and threat confidence of any queries that are caught by this Custom List. By defining these metrics you are able to easily filter events of this type in the Reports section of the Infoblox CSP.
Summary
With the addition of Precedence, and Policy Rule Order to Security Policies, and the addition of Threat Confidence and Threat Level to Custom Lists, you can now, more effectively, tune how DNS queries are managed in your network. The update to Security policies improves BloxOne Threat Defense, an already best-in-class DNS protection platform.
