Infoblox as Part of the Ecosystem

Transcription

1 Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations, on-premises and in the cloud. It provides visibility across the entire network including virtualized or cloud deployments, remove silos between network and security teams, improve agility, automates IT workflows, enables faster remediation to threat and network changes and provide better ROI on IT and security investments already made. Cybersecurity Ecosystem Infoblox Core Exchange Overview Threat data feeds for use in ecosystem SIEM Threat Intel Platforms Firewall SIEM Vulnerability Scanner Device Discovery Grid Member DNS/DHCP with ActiveTrust NAC Network Infrastructure (Switches, Routers, Firewalls etc.) Endpoint Security Internal Clients APT/Malware Detection Security teams deal with thousands of alerts each day from various systems and tools they use. Knowing which alerts to prioritize and address first is a challenge. Often, it is a manual process to get the data from various disparate sources, piece them together and understand the broader picture. Today s organizations also use varied deployments and architectures from physical to virtual to cloud. Knowing what s on the network and getting visibility into these diverse architectures is critical to securing the network.

2 Core network services like DNS, DHCP and IPAM contains a gold mine of network data that shows exactly what devices are on the network, where they are on the network, what they are doing and if there is any malicious activity happening on the network. Sharing this valuable network and security intelligence, and network context with the broader security ecosystem can enable prioritization and help remediate threats faster. Infoblox integrations with the broader security ecosystem allow customers to: Proactive protection against cyberattacks Improve speed of response by threat intelligence and DNS indicators of compromise sharing Prioritization based on Critical contextual data Better ROI from security investments already made Advanced Threat Detection FireEye NX Series FireEye shares advanced persistent threats (APTs) communication to malicious domains with Infoblox ActiveTrust. Infoblox ActiveTrust blocks, logs events or takes appropriate action on these threats. Flexible policy enforcement. Identification of infected devices. Defense and remediation built into IT systems and processes. Threat Intelligence sharing ThreatConnect Infoblox ActiveTrust receives data on malicious domains and IP addresses from ThreatConnect. ActiveTrust blocks DNS communications to these malicious domains and addresses. DNS policy enforcement on ThreatConnect identified malicious domains and IP addresses. Identification of infected devices. Block more threats. Cisco Threat Intelligence Director Cisco TIP platform receives malicious host names, IP addresses and URLs from Infoblox TIDE (Threat Intelligence and Data Exchange.) Cisco Threat Intelligence Director can now forward this information to block or monitor more threats. Reduce the number of alerts to review. Improves situational awareness in an organization. Improves overall security posture.

3 Check Point ThreatCloud Check Point ThreatCloud receives mali- cious host names, IP addresses and URLs from Infoblox TIDE. Check Point ThreatCloud can now block or monitor more threats. Reduce the number of alerts to review. Improves situational awareness in an organization. Improves overall security posture. Windows Server 2016 Windows Server 2016 is enriched with host name, IP addresses and URLs from Infoblox TIDE. Block and monitor threats. Reduce number of alerts to review. Improve situational awareness and overall. security posture. Infoblox TIDE External Threat feeds (SURBL, OpenPhish, ThreatTrack, Farsight) Infoblox ActiveTrust receives threat data from third-party sources. This third-party data is then managed from within Infoblox TIDE. Collect, manage and curated threat intelligence in a single platform. Maximize resources by giving back time to the security operations and threat intelligence team. SIEM LogRhythm SIEM LogRhythm receives information on IP address, DNS request and responses and infected devices from Infoblox. This information can be used by LogRhythm to perform analysis and take action. Visibility into device activity regardless of where that log data was generated. Visibility into security events, threat intelligence feed of malicious domains and IP addresses. Splunk with Infoblox ATC and Dossier Splunk receives security events detected by ActiveTrust cloud in CEF or JSON format. Splunk also receives context on indicators of compromise (IoC) from Infoblox Dossier. These security events provide context on indicators of compromise. Leverage threat intel data for context on IoCs and prioritize response. Improve visibility and leverage advanced filtering capabilities, thus improving operational efficiency.

4 McAfee ESM McAfee receives networking and DNS security events, IP addresses, DHCP fingerprint from Infoblox. McAfee ESM can then perform comprehensive threat data correlation and detection and efficient incident response based on real risk. Visibility into threat data, IP address, DHCP fingerprint, lease history, and more to assess risk and prioritize alerts. Threat data correlation to prioritize, investigate, and respond to stealthy threat and simplify actions. Vulnerability Management Vulnerability Scanner: Qualys, Rapid7, Tenable Security Center Infoblox provides information on IP addresses, Network devices and malicious events to Rapid7/Qualys. Rapid7/Qualys uses the information to automate scanning when malicious activity is detected, even if it is in between scheduled scans. Leverage context to prioritize action. Automate response to network and malicious events. Improved efficacy of security investments already made. Network Access Control (NAC) CISCO ISE Infoblox receives user/device and network context from Cisco ISE. Infoblox enriches pxgrid with network context. Automated response to Infoblox security events. Expand visibility of network and users and devices. Enhance security-response and timeliness. ForeScout Infoblox enriches ForeScout with IPAM and DNS security events. ForeScout can use that information to get context to prioritize threats and take action, reducing time to containment. Consistent policy enforcement. Context for prioritization of threats. Eliminates silos between network and security tools.

5 Next Generation Endpoint Security Carbon Black Infoblox detects malware communications being made via DNS and informs Carbon Black. Carbon Black can identify the malicious processes, quarantine the endpoint or take other actions. Identify and prevent DNS-based endpoint communications to malicious domains. Automatically respond to endpoint threats, reducing dwell time. McAfee epo Deploy Infoblox ActiveTrust Endpoint Agent using McAfee epo. Enables remediation and policy actions at the DNS level using ActiveTrust Cloud. Automates and simplifies the deployment of Infoblox ActiveTrust Endpoint Agent for large enterprises. Mass deployment for mutual customers. Easily plugs into existing workflow processes. Next Generation Firewall Palo alto Networks NGFW Palo Alto NGFW receives malicious host names, IP addresses and URLs from Infoblox TIDE. Enable customers to block or monitor threats. Reduce the number of alerts to review. Improves situational awareness in an organization. Improves overall security posture. McAfee DXL Infoblox ActiveTrust with McAfee DXL Infoblox publishes critical data on network and DNS security events along with context over McAfee DXL. Enables ecosystem to quickly respond to network events and threats, improving operational efficiency. Automatic notification when threats are detect- ed, enabling faster response. Contextual information to help prioritize threats and policy actions.

6 Infoblox TIDE/Dossier over DXL Infoblox TIDE sends TIDE and Dossier lookup requests over DXL fabric in XML/ JSON/STIX format. Facilitate effective protection for both the network and endpoint domains. Visibility across both network and endpoint domains. Remediation and policy actions enabling faster response to threats. Enables customers to break silos between security tools. Network automation and Cloud ecosystem integrations Networks ops team have 100s of network tools in their environment but these tools work in silos and hence, it is difficult to get complete visibility into entire infrastructure at a single place. Today s organizations also use varied deployments and architectures from physical to virtual to cloud. Knowing what s on the network and getting visibility into these diverse architectures is critical to and automating IT workflows, thus improving agility of the network team. Infoblox integrations with broader Network Automation and Cloud ecosystem allows customers to: Get visibility into extended infrastructure. Automate IT workflows in private/public/hybrid environment. Improve agility Perform more efficient audit and compliance. Next Generation Firewall VMWare Infoblox DDI allocates an IP address and sends it to the VM along with the DNS host record. vcenter Server then creates VM that runs on ESXi host using the newly allocated IP address and DNS record. Ensures consistency and visibility in hybrid deployments (on-prem, virtual, and/or cloud) Automate manual processes Speeds time to deployment AWS Route 53 Infoblox Grid and Route 53 communi- cate with each other at regular interval to provide visibility into DNS and IPAM for Route 53 in NIOS. Automated Migration from Route 53 to Infoblox DNS. Seamless migration by bridging gap between Enterprise IT and Cloud teams. Unified visibility by presenting the user a single console to view on-prem and Route 53 Public Cloud DNS.

7 AWS instances (API Proxy) Performs vdiscovery of AWS instances to ensure no duplicate addresses are assigned. Automates IPAM and DNS provisioning for AWS VPC and EC2 instances. Eliminates error by preventing the chances of overlapping IP addresses in hybrid cloud environment. Lessens manual processes. Speeds time to deployment Azure Infoblox Grid and Microsoft Azure communicate with each other to provide unified visibility and management across all platforms. Visibility into IP and DNS information for Azure VMs automatically. Centralized management of DNS servers that are on-prem and in Azure. Efficient utilization of cloud resources across multiple clouds (Azure, AWS, VMWare, OpenStack.) OpenStack Infoblox receives request for to create/ destroy VMs and Infoblox contacts NIOS for next available IP and creates DNS Records for VM. OpenStack Spins up VM on Hypervisor (Eg: KVM) and VM makes DHCP request after it starts up. Ensures consistency and visibility in hybrid deployments (on-prem, virtual, and/or cloud.) Lessens manual processes. Speeds time to deployment. Docker Automated IP address provisioning and IPAM integration with Infoblox for better visibility for container and micro services. Ensures consistency and visibility in hybrid deployments (on-prem, virtual, and/or cloud.) Visibility into the container cloud. Avoid IP conflicts and container routing issues. Speeds time to deployment. Cisco ACI Ease of network deployment based on IP addresses and DHCP information received from Infoblox. Visibility into devices and IP addresses. Ease of network management, thereby improving operational efficiency. Infoblox NetMRI integration with Cisco ACI: Discovery Rest API discovery of Cisco ACI information Visibility of Tenant, Bridge Domain, Application Profile, and Endpoint Groups (EPG) in Infoblox IPAM Visibility for both traditional and ACI environment. Improved operational efficiency.

8 Cisco DNA Center Synchronize IP Address Pools between DNA Center and Infoblox. Infoblox as the IP Address Manager for DNA Center. Automatic IP addresses resources are allocation and release. Policy based deployment in single operation, which improves operating efficiency. Cisco Tetration Analytics Enrichment of Cisco Tetration with IPAM and DNS data. Tetration discovered Endpoints, inventory, Application Dependency mapping (ADM) and flow data to enrich Infoblox compliance engine. Enhanced visibility into IPAM and DNS information. Visibility into endpoints, ADM, network devices, DNS and endpoint, ensuring continuous compliance. Cisco CloudCenter End-to-end workload deployment with IPAM and DNS updates. Elimination of manual network configuration Automatic infrastructure deployment. Summary Network and Security Ops team face numerous challenges including lack of agility, lack of visibility, ineffective threat intelligence, lack of context for prioritization. Through a highly interconnected contextual ecosystem, Infoblox Core Exchange enables integrated solutions that extend security, increase agility, and achieve situational awareness for more efficient operations, in on-prem, cloud and hybrid environments. It removes silos between various network and security tools, enables near real-time actions for automating IT workflows, provides visibility into extended infrastructure and improves ROI for value of existing investments in security and networking. Note: The integrations require one or more relevant Infoblox products to be able to pass necessary information to the tools mentioned above. Infoblox integrations support a variety of options including REST APIs, STIX/TAXII, JSON, XML and CSV formats, syslog and third party propriety methods, to ensure interoperability. To learn more, please visit Technology Alliance Partner page. About Infoblox Infoblox delivers Actionable Network Intelligence to enterprises, government agencies, and service providers around the world. As the industry leader in DNS, DHCP, and IP address management (DDI), Infoblox provides control and security from the core empowering thousands of organizations to increase efficiency and visibility, reduce risk, and improve customer experience. Corporate Headquarters: (toll-free, U.S. and Canada) info@infoblox.com