02-20-2018 06:08 PM - edited 02-25-2018 10:59 PM
Infoblox ActiveTrust® allows our customer to proactively detect, investigate, prioritize and prevent cyber threats. Infoblox ActiveTrust® bundles Infoblox DNS Firewall, Threat Insight in the Cloud, Infoblox Threat Intelligence Data Exchange (TIDE) and Infoblox Dossier. The solution prevents data exfiltration and malware C&C communications via DNS, centrally aggregates curated internal and external threat intelligence, distributes threat data to the customer’s existing security infrastructure and enables the rapid investigation to identify the context and prioritize threats.
Now with ActiveTrust® Plus and Advanced at no additional cost, customers obtain:
- US OFAC Sanctions IPs - Policy based feed that contains IPs of United States sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department’s Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries.
- EECN IPs - Policy based feed that contains IPs of countries in Eastern Europe and China. These countries are often found in cyberattacks seeking intellectual property or other sensitive or classified data and stealing credit card or financial information.
In addition to the above two feeds, ActiveTrust® Advanced subscribers get the following at no additional cost:
- Extended TTL feeds - An extension of the Base, Antimalware, Ransomware, ExploitKits, and TOR Exit Node feeds that contain recently expired threats with an extended time-to-live (TTL) applied. The extended time-to-live (TTL), provides extended reach of protection for your DNS FW, but may also increase the risk of false positives as indicators may no longer be active.
- SpamBot IPs: Enables protection against a computer or bot node as part of a botnet seen sending spam. IP’s listed are also frequently found withpoor/negative reputation on that IP address
New integrations supported with ActiveTrust® Plus and Advanced include:
- Infoblox TiDE integration with Cisco Threat Intelligence Director (CTID) to monitor or block more threats and improve the security posture of an organization
- Infoblox TIDE integration with Check Point ThreatCloud to reduce the number of alerts to review and improve the situational awareness of an organization
Availability of the additional 3rd party threat intelligence feeds (additional cost) in RPZ format (at no additional cost) for ActiveTrust® Plus and Advanced subscribers
- ThreatTrack Security BorderPatrol Feed: The BorderPatrol Sites list is a “black list” consisting of domains associated with the distribution of potentially unwanted software and advertising.
- Farsight Security Newly Observed Domains (NOD) Feed: Provides incremental layer of defense to combat malware exfiltration, brand abuse, and spam-based attacks which originate or terminate at newly-launched domains.
- Proofpoint Emerging Threats (ET) IP and Domain Reputation Feed: Provides actionable IP and domain reputation entries that are scored based upon observed in the wild threat actor behavior and as observed directly by Proofpoint’s ET Labs.
Infoblox ActiveTrust® is a key element of our Threat Containment and Operations and Data Protection and Malware Mitigation solutions. The most recent enhancements further enhance both these solutions. We have updated the content on our web site to reflect the enhancements launched.
You can download a free 30-day evaluation of ActiveTrust.