Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Product Announcements

Reply

Faster Deployment and Threat Response with ActiveTrust Cloud

[ Edited ]
Community Manager
Community Manager
Posts: 46
3739     0

If you are a security operations specialist in a fairly large organization, you probably already know how difficult it is to manage multiple security tools, gather data from multiple sources, and make sense of those security alerts that never seem to stop. You need relevant data fast so that you can respond to threats fast. On top of all the operational headaches, you get asked – why are these breaches happening? Where are the gaps?

 

While you can never really close all the gaps, you can look at your existing infrastructure to see how it can better help you improve your security posture. Case in point – DNS, DHCP and IPAM (DDI).

 

Here are two ways DDI can help:

 

  1. Adding DNS layer security to make it your first line of defense. When 91% of malware uses DNS, it naturally becomes a control point to detect and block malicious activity early.
  2. Unlocking the data and business context in your DDI infrastructure can lead to a wealth of information that can be leveraged by other security tools. DDI offers a treasure trove of information about normal as well as anomalous communications. They also provide visibility and context (importance and criticality of infrastructure assets) that helps prioritize remediation of security events.

 

ActiveTrust Cloud Adds DNS Layer Security

Infoblox is happy to announce new enhancements to ActiveTrust® Cloud, a SaaS-based security solution that providers DNS based security. It can:

  • Detect and block threats like ransomware, zero-day data exfiltration, Domain Generation Algorithms (DGA), Fast Flux and more.
  • Provide deep visibility and rich context for incidents
  • Help you investigate threats faster
  • Protect devices wherever they are – on your enterprise network, roaming, or in remote/branch offices

 

Unlocking the Data and Business Context

ActiveTrust® Cloud now provides public APIs that allow security admins to pull DNS security event data (in CEF/JSON format) and contextual information into tools like SIEM. Security ecosystem tools can then take action on these hits. Admins can respond to threats faster armed with contextual information like who the infected device is assigned to, wherein the network it is, what type of device it is and more.

 

ATC Announcement pic 1.png

 

Other enhancements to ActiveTrust® Cloud include:

 

  • Reporting enhancements  with more relevant data on malicious activities made readily available
  • Distribution of ActiveTrust® Endpoint through McAfee ePO simplifying deployment and management of the endpoint agent, and enabling mass deployment for mutual customers.

ATC Announcement Pic 2.png

 

Why a hybrid model gives you best of both worlds

Infoblox provides the only truly hybrid DNS security solution with an on-prem and a SaaS-based delivery model and a single dashboard to manage global security policy. So whether your users and devices are in HQ, using public wifi in Starbucks or working in a remote office, they are protected with a single unified solution that unlocks and leverages the rich network and business data from your on-premises systems and integrates it with the security delivered via SaaS.

 

Learn more about ActiveTrust Cloud here.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

FB Live: Why organizations are increasingly consuming security from the cloud