You probably already protect your network at the DNS level. But it can be time and resource intensive because as your network has grown, you’ve inherited a patchwork of siloed security solutions. Many times, the threat intelligence data you’ve purchased with a security system can’t be used elsewhere or you can’t customize how you want to deploy threat intel across your infrastructure.
Even more frustrating are the multiple views of intelligence data from your multiple systems. Instead of being able to use more data to provide context and a clearer insight into potential threats, you have to spend time going between security solutions to manually interpret what’s going on. This can result in slow response times and gaps in your threat coverage.
Obviously this is not an efficient or confidence-inspiring way to protect against cyberthreats. There is a need for a cost-effective solution to simplify and consolidate management of threat intel data, which is why we’re launching the Infoblox Threat Intelligence Data Exchange (TIDE) which integrates into the DDI environment (DNS, DHCP and IP address management). This is critical as we’re all seeing an increase in malicious activity at the DNS level – in fact, our Threat Index hit an all-time high in the first quarter of 2016.
Infoblox TIDE provides three levels of service that focus on solving key pain points to make your job easier and your security more effective. With Infoblox TIDE, you can:
Get the data you need: Easily create threat intelligence data feeds to combine Infoblox’s high-quality data with data in which you’ve already invested.
Easily deploy data: Obtain, manage and distribute threat data to a broad range of infrastructure from a centralized point.
Prevent malicious activity: Deploy threat intelligence directly within Infoblox DNS Firewall and other security technologies.
1. Get the data you need
Infoblox TIDE is a one-stop-shop when it comes to threat intel data. We distill data from many sources, processes and services. Also, our 24/7 Threat Operations team works to verify threat indicators and curate machine-readable threat intelligence (MRTI) to output an enhanced, accurate, up-to-date intelligence data feed (based on Infoblox’s own data and also vetting of third-party/market feed data, including hostnames, URLs, IP addresses).
We also work with several premium data providers, including SURBL, CrowdStrike, Cyren, Emerging Threats, iSight Partners, OpenPhish,ThreatTrack Security and ThreatWave to create an in-solution third-party threat indicator feed data marketplace. SURBL is a top provider of high-quality, actionable intelligence specifically designed and used for variety of blocking solutions like Infoblox DNS Firewall. In addition to data from these providers, Infoblox TIDE enables you to easily integrate with almost any vendor’s data for use.
2. Easily deploy threat intelligence data
Infoblox TIDE is system-agnostic and designed to simplify threat intel deployment, distributing data across a diverse range of security platforms (e.g., DNS Firewall, perimeter firewall, Web proxy, IPS, SIEM). Infoblox TIDE makes creating custom API feeds built for specific attacks quick and easy, regardless of how many feeds you need to blend (e.g., hostnames, IPs, URLs) or the types of data you need to adjust for (e.g., JSON, STIX, CSV, TSV, CEF).
In addition, Infoblox TIDE allows you to manage and share internally sourced threat intelligence, upload and manage internally discovered threat intelligence, and put data governance policies in place to easily control and distribute intelligence to other internal stakeholders, business partners and other external parties.
3. Prevent malicious activity and data breaches
Because Infoblox TIDE enables you to deploy trusted threat intelligence directly within Infoblox DNS Firewall and other security technologies, you can detect security breaches before they occur and limit damage from infected devices. Also, Infoblox TIDE deployment of threat intel data across the infrastructure serves to help strengthen all of your systems’ defenses.
For more information about how Infoblox TIDE can streamline your threat intelligence and help you get more value from existing security infrastructure and threat intelligence data investments, read the Solution Note and contact us.