Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Product Announcements

Reply

Expand visibility and reduce time to containment – Infoblox DDI Integrates with Aruba ClearPass

[ Edited ]
Techie
Posts: 23
3504     0

We are excited to announce that Infoblox has integrated with Aruba ClearPass to help customers receive information on new devices and infected hosts to get context so that they can prioritize threats and take action, thus reducing time to containment.

 

Today’s enterprise network consists of large number of network and security devices. All these devices generate their own incidents but these network and security devices don’t always share information. This lack of interoperability and inability to share event data results in network and security tools working in silos with no context. If customers can see all the devices and security events in single place, they can eliminate silos and respond quickly to security and network changes. That’s where Infoblox comes into the picture. To allow network and security admins to see devices and security events in a single place, Infoblox, the market leader in DNS, DHCP and IPAM (DDI), has integrated with Aruba ClearPass.

 

Picture1.png

As shown in the figure above, Infoblox sends new end hosts and information about compromised devices to Aruba ClearPass using Outbound Notifications. Aruba ClearPass can use that information and Indictors of Compromise (IoCs) to get context to prioritize threats and take action, thus reducing time to containment.

 

As shown in the figure below, customers are able to see information on devices discovered by Infoblox in Aruba ClearPass Policy Manager.

 

Picture1.png 

 

Users can click on the device to get additional information about device such as IP address, hostname, devicetype as shown below.

 

Picture1.png

 

Thus, benefits of the integration include visibility into new devices and infected hosts in single place, context for prioritization of threats, elimination of silos, faster response to network and security events.

 

Customers need Infoblox Ecosystem license for this integration. To receive network information from Infoblox, they need DDI license and to receive threat information, they need RPZ or/and Threat Intelligence licenses. This integration was built in collaboration with Aruba and is supported by Infoblox community.

 

To know more about this integration and demo, please check out the demo video below.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Demo: Infoblox IPAM plug-in integration with OpenStack Newton