Reply

ActiveTrustT 3.1: Protection against new threats, new SIEM integrations and faster threat detection

[ Edited ]
Techie
Posts: 23
11031     0

The latest release of ActiveTrust strengthens our solution for data protection and malware mitigation by enabling scalable protection against new threat categories like cryptomining malware and email SPAM. Cryptomining malware abuses corporate resources leading to increased cost and greater exposure to risk for organizations. This release also strengthens our solution for threat containment and operations by providing large-scale access to DNS data for faster threat investigation.

Infoblox ActiveTrust® allows our customers to proactively detect, investigate, prioritize and protect against cyber threats. ActiveTrust bundles DNS Firewall, Threat Insight in the Cloud, Threat Intelligence Data Exchange (TIDE), and Dossier. The solution prevents data exfiltration and malware command-and-control (C&C) communications via DNS, centrally aggregates curated internal and external threat intelligence, distributes validated threat data to the customer’s security ecosystem for remediation, and enables the rapid investigation to identify the context and prioritize threats.

 

Infoblox ActiveTrust® is a key component of our Threat Containment and Operations and Data Protection and Malware Mitigation solutions. The recent enhancements further enhance both these solutions. 

 

The following are the new features available with ActiveTrust:

 

Data Protection and Malware Mitigation:

 

  1. Addition of new RPZ feeds:
  • DHS AIS NCCIC Watchlist Hostnames and Domains & Watchlist IP's: These feeds are the extension of the current DHS AIS feed. Indicators contained in this feed appear on the watch list from the National Cybersecurity & Communications Integration Center (NCCIC). These are medium confidence feeds with a higher chance for false positives since they are not verified or validated by DHS or Infoblox. DHS's National Cybersecurity and Communications Integration Center (NCCIC) acts as a hub for information sharing activities among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. This RPZ feed is available to ActiveTrust Standard/Plus/Advanced customers.

 

  • Cryptocurrency Hostnames and Domains: This feed features threats that allow malicious actors to perform illegal and/or fraudulent activities, coinhives that allows site owners to embed cryptocurrency mining software into their web pages as a replacement to normal advertising, Cryptojacking that allows site owners to mine for cryptocurrency without the owner’s consent, and cryptocurrency mining pools working together to mine cryptocurrency. This RPZ feed is available to ActiveTrust Plus/Advanced customers only.

 

 

  • Spambot IP’s DNSBL: In DNSBL format, this feed contains IPs of known spam servers. It enables protection against a computer or bot node as part of a botnet seen sending spam and allows customers to block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance. This RPZ feed is available to ActiveTrust Advanced customers only.

 

Threat Containment and Operations:

 

1. Dossier Bulk APIs: Allows the user to submit multiple indicators at a time. These improvements save time during threat investigation, provides a better experience and fits well into existing threat hunting workflows.

 2. Threat Insight Reports: Improved reporting provides better context for threat detection and enables faster threat remediation.

3. Dossier enhancements:  Enhancements include malware rollups, API data point additions to UI, Domain to IP association, and print to pdf features that greatly improve the user experience.

 

Other than above themes, following features are also available  as part of the latest ActiveTrust release:

 

  1. IPv6 Distribution / Notification: Allow Distribution and Notification in an IPv6 format for DNS FW on premises.

 2. Data Connector 3.0: Data Connector 3.0 allows automatic data collection and transfer of DNS data to SIEM solutions such as ArcSight, IBM QRadar, McAfee ESM (along with existing SIEM vendor Splunk), providing context for prioritization, centralized visibility into a security operation center environment and improved efficiency for network and security teams.

 

Please follow the link below to receive 30-day free trial for ActiveTrust: http://info.infoblox.com/resources-evaluations-activetrust-bundles

Showing results for 
Search instead for 
Did you mean: 

Recommended for You