04-29-2019 09:37 AM
In the latest release of ActiveTrust, Infoblox has added the ability to block/redirect access to locations having no known category or rating. Additionally, users can now be granted access to a blocked site by using a bypass code, thereby reducing the need for support calls and increasing user satisfaction. Furthermore, a new fallback to a localized DNS feature and more worldwide POPs bring lower latency DNS resolution to more of the world.
New features/capabilities include:
"Uncategorized" category and default policy action:
ActiveTrust Cloud now allows users to detect and filter requests for unknown/uncategorized domains as well as set up a redirect as a default security policy action. ActiveTrust Cloud provides 13 main categories and 45 subcategories, allowing granular policy control. With this new capability, you can better protect your users from attackers using newly generated websites and create policies allowing only sites within “known” categories.
Bypass Code feature gives ActiveTrust Cloud System administrators the ability to create and manage Bypass Codes for use on the block page. The Bypass Code allows users with a code to access specific filtering categories such as social networking, or individual domains, that are normally blocked on their network within a specified period of time as shown below.
TSIG Key SHA256 Format:
Enterprise ActiveTrust customers using Infoblox’s DNS Firewall installed in their core network can now choose a higher degree of security for communications between their core network and the Infoblox cloud. HMAC-SHA256 is now available and recommended over the less secure HMAC-MD5 standard.
New Point of Presence (PoPs):
Infoblox has added new data centers to provide more of the world faster DNS resolution. In addition to the previously existing locations - Eastern/US, Western/US, London/UK, Frankfurt/Germany, Singapore, and Tokyo/Japan – Infoblox has added new PoPs in Sydney/Australia Toronto/Canada, São Paulo/Brazil, and Johannesburg/South Africa. Here is the complete map of current PoPs, with more expected to be on the way.
Domain Forwarding Proxy Fallback to a Local DNS Server:
Domain Forwarding Proxy (DFP) fallback to a local DNS server allows customers to remain protected even if the connection to ActiveTrust Cloud is lost. The DFP continually monitors connectivity to ActiveTrust Cloud DNS. If the On-Prem Host cannot reach one of our data centers for any reason, it can send requests to a local DNS server containing the latest Infoblox DNS RPZ records. This option helps keep your users protected in the unlikely event you are unable to reach our servers.
Requesting TIDE data using CIDR range or a set of CIDR range:
We have added a feature that allows customers to request TIDE threat data by Classless inter-domain routing (CIDR) range for IP addresses. Customers can filter threat data results based on specific CIDR parameters or based on a set of CIDR ranges. These capabilities provide customers the ability to actively monitor in the event their public networks are compromised.
Infoblox ActiveTrust® allows customers to proactively detect, investigate, prioritize, and prevent cyber threats. Infoblox ActiveTrust® bundles Infoblox DNS Firewall, Infoblox Threat Insight in the Cloud, Infoblox Threat Intelligence Data Exchange (TIDE) and Infoblox Dossier™. The solution prevents data exfiltration and malware C&C communications via DNS, centrally aggregates curated internal and external threat intelligence, distributes threat data to the customer’s existing security infrastructure and enables the rapid investigation to identify the context and prioritize threats.
Please follow the link below to receive 30-day free trial for ActiveTrust: http://info.infoblox.com/resources-evaluations-activetrust-bundles