Last week, I traveled to Infoblox’ first partner event: Bloxfest. The conference took place in Boston. Since it was the first one, it was a global one with partners and customers from around the world. There were more than 250 attendees so it was the ideal opportunity to share experiences and to get to know the new products and strategies from Infoblox. The event itself was a mixture of presentations, hands-on labs, trainings and open Q&A-sessions with product and protocol experts from Infoblox.
Infoblox Bloxfest 2016: What’s new?!
In most companies, IPAM (IP Address Management) started out as an Excel spread sheet that contained all the IP information. If the IT employees did not change that spread sheet each time they used a new IP or each time they changed one, the data would go bad in no time. That required a lot of manual labor and commitment from the people responsible.
Authoritative IPAM means that the IPAM is up to date at all times and with the correct data. To ensure this, Infoblox uses several methods namely discovery, configuration and polling. By using those three methods, Infoblox can confirm that all the required data is added to an IP-address that is noted in the IPAM solution. If an IT employee then needs a new IP address, he can rely on his Infoblox IPAM solution to have the correct up-to-date information at all times.
DNS Security: 3 modules
The Infoblox DNS security consists of three different modules. The first one is the DNS firewall. It is based on Response Policy Zones (RPZ) and it will block malicious domains. It is known that over 90% of the command and control malware uses DNS to make the initial contact between the victim and the attacker. Infoblox can stop this traffic when the client first tries to make contact by blocking the domain. The feed is automatically updated by IID, a company Infoblox recently purchased.
The second module is the advanced DNS protection. It consists of new hardware that will handle all queries in hardware. By doing this, it is harder to overload the CPU of the box. That in combination with a threat feed that will stop attackers from putting down your external DNS server, makes an always-on authoritative DNS server!
The third and last one, is the DNS analytics solution. Data exfiltration over DNS is a hot item nowadays. Port 53 is open most of the time and attackers who get in, can send sensitive data out over that port disguised as normal DNS traffic. The Infoblox DNS analytics solution can detect these abnormal patterns of traffic and it can cut down the connection before traffic is lost. The domain that was used to exfiltrate the data is then added to the DNS firewall solution (if combined) and next time a query for the domain is made so it will be stopped at the query level!
Remember the old static and slow reporter of Infoblox? Well, now there is a new one! The new one is based on the Splunk engine and it is much more intuitive. To give you some examples, you can create reports & dashboards and you can change the default dashboards. There are shared custom reports on Infoblox’ new community site that you can copy onto your own appliance.
Since some customers are already running their SIEM-solution internally, Infoblox will release the data collector. This new virtual device will collect all the logs and queries from the Infoblox grid and parse it to a format of your desire. Query logging towards syslog required additional CPU, so it was not advised to enable it. With this new data collector you can enable query logging without the fear of overloading your device and you can let your own SIEM solution handle the graphical part.
NetMRI and Network Insight
NetMRI and Network Insight will scan your entire network infrastructure and add the information they can find to your Infoblox IPAM. That means that it will add the switch, switch port and VLAN information to the IP addresses listed in IPAM. These solutions will also provide you anin-depth view of your switch configuration and setup.
With the NetMRI solution you can also perform automation tasks. Based on issues, you can launch scripts that will resolve the situation; perform configuration towards multiple switches; run policy checks and much more. The beauty of NetMRI is that it supports multiple vendors. So you can centrally control your entire mixed network infrastructure, you can store and compare the configurations and you can automate tasks. Since all the information is in one place, this will make your troubleshooting easier and faster.
With a full Infoblox solution you can be sure that your DNS infrastructure is protected. Your end clients are safe from malware and botnets and all the information regarding your network is at one place. Sounds great?! You can contact SecureLink for more information.