Infoblox BloxOne Threat Defense Reviews

We use BloxOne for their threat defense product, where basically it acts as a firewall in DNS traffic. So, if a domain has malware on it, it can intercept that even before it gets to our firewall. We don't give any response to dangerous domains.

It is web-based. So, we have the current version. It connects to their traditional Infoblox application. Those traditional applications have to basically point to forward to request to BloxOne.

I don't have any metrics, but we have had some instances where a domain was compromised, and BloxOne blocked the traffic before our firewall vendor did it on their side.

BloxOne’s security system integrations provide automatic sharing of network context data. It has improved some of the things a bit. We don't have everything turned up all the way, but for what we do have, it does give another data point. So, if two or more sources are saying that there is a problem, it helps identify that we definitely need to treat a destination as a problem.

BloxOne is protocol-agnostic when it comes to blocking at the DNS level. It is not a huge feature for us, but it is definitely a concern. We have a lot of different applications that we support for various reasons, and it is definitely important that all of them be considered. We have a pretty wide footprint of things we need to support.

The automatic blocklists are most valuable. A box can maintain several lists from which we can choose if we need to block more or less. We don't have to manually manage the lists ourselves. They're automatically updated.

The automatic sharing of network context data helps to provide real-time threat intelligence.

The onboarding is a little rough at times, and you need to have some information at hand. It is pretty good, but it would be useful to have a few good examples to set up things like data exfiltration.

The customer service team from Infoblox has been frustrating to deal with a few times.

I have been using this solution for about a year. We've been using Infoblox for several years, but we moved over to the BloxOne services in the last year.

I haven't noticed any issues with stability for it. It has been pretty good.

I have not seen any issues with scalability. We have probably about a half dozen users. They are network engineers and security administrators.

We do have plans to increase its usage. It is not used extensively. We have a baseline to look for the biggest threats, and then we hope to increase that usage as time goes by.

Lately, they have been a six out of 10. They've been very short-staffed due to world events. They've been down a notch.

We did not use any other solution.

We did have to do implementation on our side. We did it with professional services assistance. It was a bit complex. There was some back and forth on it. We had to get some network information, and we had to work around some unusual configurations on our Infoblox setup to integrate properly. There is basically an easy setting that probably works for over half of customers, but we were not able to use that, so we had to go through a more complex alternative procedure.

The primary deployment took about six to eight hours, which wasn't bad. For adding additional devices, we have a worked-out procedure, and it literally takes 10 to 20 minutes a device.

We implemented it as part of an overall system upgrade. So, it was basically an add-on to where we were upgrading hardware appliances and VMs onsite, and we did BloxOne as part of that.

For its maintenance, it is pretty much just me, and it requires very little active maintenance. Once it is set up, it pretty much runs on its own. It is very maintenance-free. It is essentially a web application, so it is run by Infoblox. They basically just check it every now and then.

Its implementation was done by Infoblox professional services.

To my knowledge, our company hasn't done a return on investment for BloxOne. We don't plan to do one at this point. It is just not the highest priority because of a few other projects that are going on.

It is a very expensive system. You need to go over the licensing before purchase to make sure you're getting what is needed, not anything extra.

There are a couple of features at an extra cost, but they are more for Infoblox, not BloxOne. So, I wouldn't really count them. We use other Infoblox products, and BloxOne bills get rolled into them.

We've briefly looked at some of the solutions. It was integrated with our existing system, so it really didn't make sense to change.

We may look at alternatives in a few years, but it won't probably happen for two to three years at this point. We would like to keep an eye on what's out there. We have had some issues with not necessarily the support, but the customer service team from Infoblox has been frustrating to deal with a few times. So, we would like to keep our options open.

With the assistance of professional services, it is very simple to install. It is mainly time-consuming. I would advise getting a good, clear view of how your network works before implementing anything.

We are not heavily using it to detect DNS threats such as data exfiltration, Domain Generation Algorithms (DGAs), Fast Flux, lookalike domains, and fileless malware. We may use these features in the future. We have also not yet integrated it with security systems such as vulnerability scanners, ITSM, SIEM/SOAR, NAC, and next-gen endpoint security. Similarly, we don't use BloxOne DDI for policy settings based on IPAM and DNS data.

It hasn't substantially reduced the amount of effort involved for our SecOps teams when investigating events. It has given us another tool to look at, but it hasn't been a major change. It has also not detected threats that cannot be detected by other security tools. Sometimes, there are faster options.

To a colleague who says that their next-gen firewall and other security tools mean that they don’t need a DNS-specific security solution, I would probably advise looking at some of the DNS-related issues where firewalls aren't going to be that helpful, such as data exfiltration.

The biggest lesson that I have learned from using this solution is to keep an eye on what your devices are actually doing. We've seen a lot of traffic issues with Infoblox where the root cause of an issue is actually the underlying hardware it is on, and there is nothing you can really do about that, unfortunately.

I would rate BloxOne a seven out of 10.

The solution can be used for DNS security. We sold it to a bank.

The product is stable. It’s the best DNS solution.

The product is slightly more expensive compared to other DNS solutions.

I have been selling the solution for a year. I have sold it only once.

I have never heard a negative comment about the tool’s stability from the customer.

The tool is scalable. Most of our customers use Infoblox. I have sold it to one customer. The others had it already.

Infoblox is more expensive than Palo Alto.

The initial setup is easy. We provide both cloud and on-premise solutions. The deployment takes one to two weeks.

The license fee can be paid annually, once in three years, or once in five years.

I would recommend the solution to others. If someone has the budget, it’s a very good product. Overall, I rate the tool an eight out of ten.

From an Infoblox perspective, it's interesting because it is pretty much about dedicated security-focused customers who are looking for advanced technology. It wouldn't be suitable for a customer who hasn't addressed their web security or firewall needs. 

So it's mainly targeted toward larger enterprise customers, and there are only a handful of the customers who are for Infoblox in New Zealand.

Picking the most valuable feature is like asking what your favorite color is. It depends on what problem you're trying to solve for a customer. If a customer has a specific requirement regarding DNS security, then they would consider Infoblox BloxOne Threat Defense. If they are looking for a data lake, they might explore other options. It really depends on the exact needs of the customer. It's all dependent on the customer's requirements and the specific use case.

You wouldn't sell it to a customer who only has five to ten users. It's meant for customers with a large IP base and a strong cybersecurity posture. Infoblox BloxOne Threat Defense furthers the existing security posture rather than replacing or trying to replace any existing products. It supplements what you already have. You can't supplement something that you don't have in the first place. It's going to integrate with your existing systems, such as your security tools, data sources, and firewalls.

From a technical perspective, it's a good product. It performs its intended functions well. 

However, from a channel perspective, it would be beneficial to have a scaled-down version for partners or customers who may not have the enterprise-level scale but still want to enjoy the benefits of the solution.

I have been working with it hands-on since about September last year. I use the latest version.

From what I understand, it is fairly stable. I haven't heard any complaints about it.

From a scalability perspective, it scales high, so I would rate it a ten. However, it doesn't scale down well; that's a problem. I work with businesses of all sizes, depending on their needs.

The initial setup is not a simple "click-click-next" installation. It requires some level of experience and technical know-how. So the installation process is quite challenging. 

The time taken to install the solution could be days because it is a project-based installation. So it's not like a firewall where you can simply set it up and start monitoring. It would involve several days or even professional services consulting, depending on the specific requirements of the customer.

From my perspective, I have two engineers dedicated to the implementation process. But the number of engineers required can vary. It depends on the complexity and size of the project. It could take longer if you have a larger team working on it.

When it comes to maintenance, from an advanced enterprise perspective, you would typically have an entire team dedicated to your security posture. So you would have a team behind the maintenance of the solution.

It's a pricey solution because it's for the advanced kind of customer. It's not gonna be cheap. I would rate the pricing a seven out of ten, where one is cheap and ten is expensive. The pricing model is on an annual basis. There are additional costs for support.

I would advise understanding what problem you are trying to solve. That's the key. Overall, I would rate it an eight out of ten. 

We use this solution for DNS defense, against DNS tunneling and data exfiltration.

The most valuable feature of this solution is the granularity for which you can categorize what you want to block versus what you don't want to block.

You have a direct connection with Infoblox support for everything that they're hosting at the in the bloxonecloud at the moment. You don't have to go through a partner.

This solution integrates with the Infoblox appliances, so you don't need Excel sheets or external databases to administer what you've got deployed. All of the IP addresses are known.

The documentation needs to be improved. This solution is being rapidly developed at the moment and the documentation is lagging behind. The integration examples in NIOS guide and online threatdefense online documentation don't always match up. To the current gui of the CSP platform.

We would like to see more reporting capabilities that are now offered only with the on-premises reporting appliance.

This is a stable solution and we haven't had an outage here yet.

In the cloud, this solution is very scalable. Especially for the data exfiltration part because you don't have to rely on your on-premises CPU capacity, as it is done from Infoblox itself.

You don't even see how much it scales, although you have to adjust your subscription accordingly. It's actually a gentleman's agreement in terms of the license, so if you don't oversubscribe on your connections then they don't enforce the targets.

We have about four hundred mobile users who are being protected while they are off-premises, and internally we are defending about twenty-five hundred users.

It is used on a daily basis. All of our internal DNS queries are passed through this solution and we have approximately twenty thousand active IP addresses.

The technical support is good.

For everything in the cloud, support is called BloxOne. You get a reaction within one hour. They're experts at their own products and you get the right experts straight away.

I have experience with several firewall vendors including F10, Infoblox, Palo Alto, Cisco ACI, ASUS, and Nexus.

The initial setup of this solution is very straightforward.

In regards to on-premises appliances, the cloud solution is very straightforward.

With the internal infrastructure complete, the basic setup should be up and running in about an hour.

I performed the deployment.

One person is sufficient for deployment and maintenance.

The licensing is set up such that you pay for the number of active users that you're defending at the moment. It is similar to the model used by Cisco Umbrella.

One of the main differences between Infoblox and Cisco Umbrella is that Infoblox supports the DNS check completely, whereas Cisco Umbrella does not. You can also see the original client IP address and not just the outgoing IP address.

In terms of scalability, Infoblox is the better solution.

This is a solution that I recommend.

I would rate this solution a nine out of ten.

Most of the use cases are for the DNS protocols. As 90% or 91% of drivers use DNS, everybody is concerned about securing this protocol. 

I am not from the customer side; I am from the vendor side. I give support to various customers here in Pakistan. We have deployments with hybrid data, and we also have purely on-premises deployments.

The dossier feature is perfect for starting an investigation.

The integration of threat intelligence with other solutions is challenging. If I want to expose threat intelligence, I cannot do it via taxi services. I have to call the API, but the customers are not into creating the APIs. The integration of embedded threat intelligence with other platforms should be better. Infoblox should work on this, and it should be easier for the end user to integrate it. It is very easy to deploy this solution. We should be able to integrate it with other platforms, such as the Next-Generation Firewall, with the same ease.

I have been using Infoblox products for more than four years now. I have around one year of experience in monitoring and evaluating Infoblox BloxOne Threat Defense.

Its scalability has no concerns and is perfectly fine. For scalability, I rank Infoblox BloxOne Threat Defense on the top of the line. They have recently introduced the SDLA agreement in which you have as many VMs as you want to have under the same license. It has a good architecture for scalability, so by using the manager, you can add multiple appliances. You can use any tasks.

Their technical support is good but not perfect. Things need to be improved. The biggest challenge of Infoblox support is that for troubleshooting any issue, you have to download the support bundle and traffic caption and then upload it to the support site. Someone then looks into it, and it can take them a day or a time like that, but overall, their support is good.

Infoblox BloxOne Threat Defense is very straightforward. The initial setup is easy, but it might be because I have been using it for a quite long time. The viewer is perfectly fine. Reporting is also fine. It is very easy to set up.

The deployment hardly took two days. It also depends on the size of the organization. If you have only four to five instances of DNS servers, four to five VM sets will not take more than two days. If you have a big setup, in which you have multiple instances of DNS, and you have physical appliances, it will obviously take time.

I would highly recommend this solution. I am basically doing the pre-sales of Infoblox, so I highly recommended this solution. If you talk about competitors like F5, BlueCat, no solution is comparable to Infoblox BloxOne Threat Defense. Infoblox is doing VDI and selling VDI solutions for more than a decade. They are experts at the solution.

I would rate Infoblox BloxOne Threat Defense a nine out of ten. It needs tight integration and better support. 

The solution is primarily used for protecting DNS and customers from malware.

DNS Firewall can protect the DNS from DNS exploitation.

The dashboard and reporting features need improvement. The user needs more informative dashboards so they can get to the results directly without having to search deep into the report to pull out information.

The solution is very stable.

With the model we have, we are able to scale very easily if we need to.

We rarely need to contact technical support, but when we do they are very helpful.

The initial setup is straightforward. It's not trivial or easy to implement it, but it's also not that complicated. It's somewhere in between. Deployment typically takes two to three days. You don't need more than one or two people for deployment and maintenance.

We handled the implementation ourselves.

The solution offers two types of licensing options.

You can get a license on a one-year or three-year term. The cost depends on the services that you want to use and the number of users you have. 

They now also have a subscription where you can pay on a monthly basis. 

Usually, there is a cost for implementation either via the vendor or a local partner. 

We use the on-premises deployment model.

I would advise others to take the whole DNS Firewall subscription because it will add value to their solution.

I would rate the solution at nine out of ten.

Our primary use case for Infoblox is to ensure DNS security.

Infoblox DNS Firewall improved our organization by checking that all traffic came from a proper IP address.

The most important features for us are preventing DDOS DNS attacks.

Endpoint solutions need to improved.

So far the solution is really helping. The stability looks okay.

There are currently no users since we are in the POC state. Eventually, we will have around 1,000 users.

The setup was fairly straightforward. Deployment took about two days.

The implementation was done by the company itself.