Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Product Announcements


Infoblox ActiveTrust® Now Includes New Threat Intelligence Feeds And Additional TIDE Integrations

[ Edited ]
New Member
Posts: 8
5620     0

Infoblox ActiveTrust® allows our customer to proactively detect, investigate, prioritize and prevent cyber threats. Infoblox ActiveTrust® bundles Infoblox DNS Firewall, Threat Insight in the Cloud, Infoblox Threat Intelligence Data Exchange (TIDE) and Infoblox Dossier. The solution prevents data exfiltration and malware C&C communications via DNS, centrally aggregates curated internal and external threat intelligence, distributes threat data to the customer’s existing security infrastructure and enables the rapid investigation to identify the context and prioritize threats.


Now with ActiveTrust® Plus and Advanced at no additional cost, customers obtain:

  • US OFAC Sanctions IPs - Policy based feed that contains IPs of United States sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department’s Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries.
  • EECN IPs - Policy based feed that contains IPs of countries in Eastern Europe and China. These countries are often found in cyberattacks seeking intellectual property or other sensitive or classified data and stealing credit card or financial information.


In addition to the above two feeds, ActiveTrust® Advanced subscribers get the following at no additional cost:

  • Extended TTL feeds - An extension of the Base, Antimalware, Ransomware, ExploitKits, and TOR Exit Node feeds that contain recently expired threats with an extended time-to-live (TTL) applied. The extended time-to-live (TTL), provides extended reach of protection for your DNS FW, but may also increase the risk of false positives as indicators may no longer be active.
  • SpamBot IPs: Enables protection against a computer or bot node as part of a botnet seen sending spam. IP’s listed are also frequently found withpoor/negative reputation on that IP address


New integrations supported with ActiveTrust® Plus and Advanced include:


Availability of the additional 3rd party threat intelligence feeds (additional cost) in RPZ format (at no additional cost) for ActiveTrust® Plus and Advanced subscribers

  • ThreatTrack Security BorderPatrol Feed: The BorderPatrol Sites list is a “black list” consisting of domains associated with the distribution of potentially unwanted software and advertising.
  • Farsight Security Newly Observed Domains (NOD) Feed: Provides incremental layer of defense to combat malware exfiltration, brand abuse, and spam-based attacks which originate or terminate at newly-launched domains.
  • Proofpoint Emerging Threats (ET) IP and Domain Reputation Feed: Provides actionable IP and domain reputation entries that are scored based upon observed in the wild threat actor behavior and as observed directly by Proofpoint’s ET Labs.


 Infoblox ActiveTrust® is a key element of our Threat Containment and Operations  and  Data Protection and Malware Mitigation solutions. The most recent enhancements further enhance both these solutions. We have updated the content on our web site to reflect the enhancements launched.  

You can download a free 30-day evaluation of ActiveTrust.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

AI Powered DNS FIrewall - A Webinar Presentation by Dr. Bin Yu, Chief Data Scientist, Infoblox