Upload
votruc
View
214
Download
0
Embed Size (px)
Citation preview
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox DNS Security in Ihrem EcosystemPhil Rumi – Senior Presales System Engineer CEUR
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2018 Infoblox Inc. All Rights Reserved.
Today’s Security Challenges
VENDORS1000+
Too many security tools that work in silos
Threat Intelligence Challenges: 1. Poor incident response2. Manual processes3. Lack of prioritization and
context slows remediation
1. Source: Ponemon Institute, 2016 Second Annual Study on Exchange Cyber Threat Intelligence: There Has to Be a Better Way
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2018 Infoblox Inc. All Rights Reserved.
Network and Security – Separate Teams with Different PrioritiesSilos Between Teams and Technologies
NetworkTeam
ü High Availability
ü Network Infrastructure: routers, APs, switches, etc.
ü Network Logging and Monitoring
SecurityTeam
ü Risk Mitigation
ü Security Infrastructure: firewalls, endpoints, sandboxing, etc.
ü Security Logging and Monitoring (eg. SIEM)
“Silos between network, edge, endpoint and data security systems, and
processes can restrict an organization’s ability to
prevent, detect and respond to advanced attacks.”
Best Practices for Detecting and Mitigating Advanced Threats, 2016
Update 29 March 2016
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2018 Infoblox Inc. All Rights Reserved.
Lack of Agility
Lack of Visibility
Ineffective threat intelligence
Manual processes between the network and security operations slow deployments
Limited consolidated resource visibility in hybrid deployments of on- prem, virtual, and cloud environments
Freshness of threat intel data is a challenge
Network and Security Operational Challenges
Lack of Context Too many security alerts; no easy access to get context (who, what, where, when) for prioritization
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2018 Infoblox Inc. All Rights Reserved.
Extend Security, Improve Agility, and Achieve Situational Awareness
Solution: Infoblox Core Exchange
Up-to-Date Threat Intelligence
Public/Hybrid Cloud Integrations
Ecosystem Integrations
Inbound/ Outbound APIs
Near real-time action
Better ROI on IT and security investments
Visibility into extended infrastructure
Remove silos
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox Grid
Grid member DNS/DHCP with ActiveTrust
Network Insight
Grid MemberDNS / DHCP with
ActiveTrust
Threat data feeds for use in ecosystem
Grid Member
Network and Security events with context; user information
Device discovery
Network infrastructure (Switches, Routers, Firewalls etc.)
Infoblox ActiveTrust
TIDE Public cloud IaaS
Private Cloud IaaS
DNS related threat intelligence
Perimeter security, F/W, IDS/IPS etc.
Infoblox Core Exchange Overview
External threat feeds
Network automation and visibility
Threat intel platforms
Firewall
SIEM
VulnerabilityScanner
NAC
EndpointSecurity
APT/MalwareDetection
InternalClients
Advanced DNS Protection
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2018 Infoblox Inc. All Rights Reserved.
Benefits
SecurityStreamlining security operations
ü Proactive protection against cyberattacks
ü Better ROI from security investments already made
ü Improve speed of response by threat intelligence and DNS indicators of compromise sharing
ü Prioritization based on Critical contextual data
Network Automationand Cloud
Enabling Network Agility and automation
ü Visibility into extended infrastructureü Automation of network and IT
workflows in private/public/hybrid clouds
ü Improved agilityü Efficient audit and complianceü Better ROI from IT investment
already made
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2018 Infoblox Inc. All Rights Reserved.
SIEM Integration - Infoblox and Splunk
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2018 Infoblox Inc. All Rights Reserved.
Engagement
Current Infoblox Technology Alliance Partners
Strategic
Ecosystem
Technology
In Development
NetworkAutomation and Cloud Security
Public Cloud CloudMgmt
OpenStack Vulnerability SIEM /Sec Auto
Endpoint NAC Threat IntelSP Svcs NGDC Wireless
Development
Confidential
Advanced Threat Detection
10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2018 Infoblox Inc. All Rights Reserved.
Accelerating Incident Handling and Response with Automation
Security Orchestration
Advanced Threat
Detection
Threat Intelligence
Platform
SIEMVulnerability Management
Network Access Control
Next-genEndpoint Security
Context to Prioritize Remediation
DHCP
IPAM
DNS
• Device info, MAC, lease history
Device Audit Trail andFingerprinting
• “Metadata” via Extended Attributes: Owner, app, security level, location, ticket number
• Context for accurate risk assessment and event prioritization
Application andBusiness Context
• Malicious activity inside the security perimeter
• Includes BYOD and IoT devices
• Profile device & user activity
We Complete, Not Compete!
11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2018 Infoblox Inc. All Rights Reserved.
Summary
• Challenges for Network and Security Ops Teamo Lack of agility, lack of visibility, ineffective
threat intelligence, lack of context for prioritization
• Infoblox Ecosystem Integrations Solution: o Eliminates silos, near real-time threat Intel
data, open APIs and out of the box integrations, contextual data on threat
• Over 80 integrations with numerous products in security and network automation and cloud categories.
• Developed and supported by Infoblox and/or partners*
*Integrations are supported by either Infoblox/Partner/Both. Integrations could also be community supported. To get information on who built and supports each integration, please refer to the individual integration slide.
12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and McAfee
13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2018 Infoblox Inc. All Rights Reserved.
Broader Protection, Faster RemediationInfoblox and McAfee
• Holistic visibility
• Unified web and DNS security on and off premises
• Accelerate threat response
**
* Planned for future
14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2018 Infoblox Inc. All Rights Reserved.
Advanced Threat Detection
15 | © 2013 Infoblox Inc. All Rights Reserved. 15 | © 2018 Infoblox Inc. All Rights Reserved.
Integration with Advanced Threat Detection solution
Solution Overview1. Advanced Threat Detection solutions shares
advanced persistent threats (APTs) communication to malicious domains with Infoblox.
2. Infoblox can then block devices, logs events or takes appropriate action
Benefits1. Flexible policy enforcement: Scale and enforce
security policy on all sites 2. Defense and remediation built into IT systems
and processes
Supported Advanced Threat Detection vendors: FireEye
Advanced Threat Detection products such
as FireEye
Advanced persistent threats (APTs) information
Block, log events, take actions
16 | © 2013 Infoblox Inc. All Rights Reserved. 16 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and FireEyeSolution Overview1. FireEye shares advanced persistent threats (APTs)
communication to malicious domains with Infoblox ActiveTrust.
2. Infoblox ActiveTrust blocks, logs events or takes appropriate action
Benefits1. Flexible policy enforcement: Scale and enforce
security policy on all sites even with no local FireEye instance and no inline FireEye setup
2. Defense and remediation built into IT systems and processes
Support model: Both Infoblox and partner
ActiveTrust
Advanced persistent threats (APTs) information
Block, log events, take actions
17 | © 2013 Infoblox Inc. All Rights Reserved. 17 | © 2018 Infoblox Inc. All Rights Reserved.
Threat Intelligence Platform (TIP)
18 | © 2013 Infoblox Inc. All Rights Reserved. 18 | © 2018 Infoblox Inc. All Rights Reserved.
Integration with Threat Intel platform (TIP) Overview
Solution Overview• TIP receives malicious host names, IP addresses
and URLs from Infoblox TIDE• TIP can now block or monitor more threats
Benefits1. Reduce the number of alerts to review.2. Improves situational awareness in an
organization.3. Improves overall security posture
Supported products: ThreatConnect, Cisco Threat Intelligence Director, Check Point Cloud, Palo Alto Network, Windows Server 2016
Single PlatformDefine Data
Policy, Governance &
Translation
Internal
Government
Marketplace
Open Source
Infoblox TIDE
Threat Intelligence Director
19 | © 2013 Infoblox Inc. All Rights Reserved. 19 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox TIDE – External Threat FeedsSolution Overview• Infoblox ActiveTrust receives threat data
from third-party sources• This third party data is then managed from
within Infoblox TIDE.
Benefits1. Collect and manage curated threat
intelligence in a single platform 2. Maximize resources by giving back time
to the security operations and threat intelligence team
Support model: TBD
Infoblox TIDE
20 | © 2013 Infoblox Inc. All Rights Reserved. 20 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and ThreatConnectSolution overview• Infoblox ActiveTrust receives malicious
domains and IP addresses from ThreatConnect• Enables Infoblox to block DNS communications
to malicious domains and addresses.
Benefits1. DNS policy enforcement on ThreatConnect
identified malicious domains and IP addresses2. Identification of infected devices3. Block more threats
Support model: Both Infoblox and partner
ActiveTrust
Malicious domains and IP addresses
Block communication, log events
21 | © 2013 Infoblox Inc. All Rights Reserved. 21 | © 2018 Infoblox Inc. All Rights Reserved.
Integration with Threat Intel platform (TIP) - Cisco Threat Intelligence Director
Solution Overview• TIP receives malicious host names, IP addresses
and URLs from Infoblox TIDE• TIP can send information Unified Threat
Management (UTM) (or other security solutions) to block or monitor more threat
Benefits1. Reduce the number of alerts to review2. Improves situational awareness in an
organization.3. Improves overall security posture.
Support model: Both (Cisco and Infoblox community)
Single PlatformDefine Data
Policy, Governance &
Translation
Internal
Government
Marketplace
Open Source
Infoblox TIDE
Threat Intelligence Director
Indictors of compromise (IoC)
22 | © 2013 Infoblox Inc. All Rights Reserved. 22 | © 2018 Infoblox Inc. All Rights Reserved.
Solution Overview• Check Point ThreatCloud receives malicious
host names, IP addresses and URLs from Infoblox TIDE
• Check Point ThreatCloud can now block or monitor more threats
Benefits1. Reduce the number of alerts to review.2. Improves situational awareness in an
organization.3. Improves overall security posture.
Support model: Both
Single PlatformDefine Data
Policy, Governance &
Translation
Internal
Government
Marketplace
Open Source
Infoblox TIDE
Check Point Research + Global Sensor Data + Industry Feeds
Infoblox TIDE integration with Check Point ThreatCloud
Indictors of compromise (IoC)
23 | © 2013 Infoblox Inc. All Rights Reserved. 23 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox TIDE integration with Windows Server 2016
Solution Overview• Windows Server 2016 receives malicious host
names, IP addresses and URLs from Infoblox TIDE
• Windows Server 2016 can now block or monitor more threats
Benefits1. Reduce the number of alerts to review.2. Improves situational awareness in an
organization.3. Improves overall security posture.
Support model: Infoblox community
Single PlatformDefine Data
Policy, Governance &
Translation
Internal
Government
Marketplace
Open Source
Infoblox TIDE
Indictors of compromise (IoC)
24 | © 2013 Infoblox Inc. All Rights Reserved. 24 | © 2018 Infoblox Inc. All Rights Reserved.
SIEM
25 | © 2013 Infoblox Inc. All Rights Reserved. 25 | © 2018 Infoblox Inc. All Rights Reserved.
Integration with SIEM solution
Solution Overview• SIEM vendors receives information on IP address,
DNS request and responses and infected devices from Infoblox
• This information can be used by SIEM to perform analysis and take action
Benefits1. Unified Visibility into device activity, malicious
domains and IP addresses2. Context for prioritization3. Improve efficiency of network ops and IT teams
Supported SIEM vendors: LogRhythm, Splunk, McAfee ESM
SIEM products such as LogRhythm, Splunk
IP address changes and indicators of compromise (IoC)
26 | © 2013 Infoblox Inc. All Rights Reserved. 26 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and LogRhythmSolution Overview• LogRhythm receives information on IP address,
DNS request and responses and infected devices from Infoblox
• This information can be used by LogRhythm to perform analysis and take action
Benefits1. Unified Visibility into device activity
regardless of where log data was generated2. Context and prioritization - Visibility into security
events, threat intelligence feed of malicious domains and IP addresses
3. Improve efficiency of network ops and IT teams
Support model: Both (LogRhythm and Infoblox community)
IP address changes and indicators of compromise (IoC)
27 | © 2013 Infoblox Inc. All Rights Reserved. 27 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and Splunk
Infoblox Data Connector VM
Splunk Enterprise
CSV
Splunk Universal Forwarder
Solution overview• Infoblox Data Connector collects data from
Infoblox Grid members, filters data and sends data on malicious domains, Query and response logging to Splunk in CSV format.
• CSV data can be easily consumed by Splunk enterprise for further processing
Benefits1. Automatic collection, transfer, and conversion
of DNS data from Infoblox Grid members 2. Time and cost savings for security ops team
by automating the collection, transfer, and conversion of DNS data
Support model: Infoblox
Advanced DNS Protection
Grid MemberDNS / DHCP with ActiveTrust
Network Insight
Grid Member
Grid member DNS/DHCP with ActiveTrust
Infoblox Grid
28 | © 2013 Infoblox Inc. All Rights Reserved. 28 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox with McAfee ESMSolution Overview• McAfee receives networking and DNS
security events, IP addresses, DHCP fingerprint from Infoblox,
• McAfee ESM can then perform comprehensive threat data correlation and detection and efficient incident response based on real risk.
Benefits1. Visibility into threat data, IP address,
DHCP fingerprint, lease history, and more to assess risk and prioritize alerts
2. Threat data correlation to prioritize, investigate, and respond to stealthy threat and simplify actions
Support model: Direct Connect w/syslog then they support
* Planned for future
McAfee ESM
Endpoint
ActiveTrust
Logs
DNS Request to malicious domain
29 | © 2013 Infoblox Inc. All Rights Reserved. 29 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox Dossier and ATC with SplunkSolution overview• Splunk receives security events detected by
ActiveTrust cloud in CEF or JSON format• Splunk also receives context on indicators of
compromise (IoC) from Infoblox Dossier. • These security events provide context on
indicators of compromise
Benefits1. Leverage threat intelligence data via
Infoblox Dossier and Infoblox ActiveTrust, enabling context to make decision
2. Improve visibility and provides advanced filtering capabilities, thus improving operational efficiency
Support model: TBD
Splunk
Infoblox Dossier
REST APIs
Indictors of compromise (IoC) in CEF or JSON format
REST APIs
Context on indicators of compromise (IoC)
ActiveTrust
30 | © 2013 Infoblox Inc. All Rights Reserved. 30 | © 2018 Infoblox Inc. All Rights Reserved.
Vulnerability Management
31 | © 2013 Infoblox Inc. All Rights Reserved. 31 | © 2018 Infoblox Inc. All Rights Reserved.
Integration with Vulnerability Management solutionSolution Overview• Vulnerability management receives information
on IP address, Network devices and malicious events from Infoblox
• Vulnerability management uses that information to trigger vulnerability scan, eases compliance, and accelerates remediation.
Benefits1. Near-real time visibility into new devices
getting added to the network 2. Automate/Faster response to network and
malicious events3. Improve ROI on security investments already
made
Supported SIEM vendors: Rapid7, Tenable, Qualys
Vulnerability Management products
such as Rapid7, Qualys, Tenable
IP address changes and indicators of compromise (IoC)
32 | © 2013 Infoblox Inc. All Rights Reserved. 32 | © 2018 Infoblox Inc. All Rights Reserved.
Integration and Rapid7
Solution Overview• Infoblox provides information on IP addresses,
Network devices and malicious events to Rapid7. • Rapid7 uses the information to automate
scanning when malicious activity is detected, even if it is in between scheduled scans.
Benefits1. Leverage context to prioritize action2. Near-real time visibility into new devices
getting added to the network 3. Improve ROI on security investments
already made
Support model: Infoblox supports Outbound API. Integrations supported via our community web-site
IP address, Network devices and indicators of compromise (IoC)
Initiate scan
33 | © 2013 Infoblox Inc. All Rights Reserved. 33 | © 2018 Infoblox Inc. All Rights Reserved.
Integration and Tenable
Solution Overview• Infoblox provides information on IP addresses,
Network devices and malicious events to Tenable• Tenable uses that information for on-demand
scanning and security troubleshooting and compliance.
Benefits1. Automate response to network and
malicious events2. Leverage context to prioritize action3. Improve ROI on security investments
already made
Support model: Infoblox supports Outbound API. Integrations supported via our community web-site
IP addresses, Network devices and indicators of compromise (IoC)
Initiate scan
34 | © 2013 Infoblox Inc. All Rights Reserved. 34 | © 2018 Infoblox Inc. All Rights Reserved.
Integration and Qualys
Solution overview• Infoblox provides information on IP addresses,
Network devices and malicious events to Qualys• Qualys uses that information to trigger
vulnerability scan, orchestrate asset management, eases compliance, and accelerates remediation.
Benefits1. Efficient vulnerability management &
compliance processes 2. Faster response to potential risks associated
with new devices on the network
Support model: Infoblox supports Outbound API, Integrations supported via our community web-site
IP addresses, Network devices and indicators of compromise (IoC)
Initiate scan
35 | © 2013 Infoblox Inc. All Rights Reserved. 35 | © 2018 Infoblox Inc. All Rights Reserved.
Network Address Control (NAC)
36 | © 2013 Infoblox Inc. All Rights Reserved. 36 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and Cisco ISE
Solution overview• Infoblox receives user/device and
network context from Cisco ISE• Infoblox enriches pxGrid with
network context• Automated response to Infoblox
security events
Benefits1. Expand visibility of network and users
and devices2. Enhance security-response and
timeliness
Support model: Both support respective products
Enhance operational efficiency
37 | © 2013 Infoblox Inc. All Rights Reserved. 37 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and ForeScoutSolution overview• Infoblox enriches ForeScout with IPAM and
DNS security events. • ForeScout can use that information to get
context to prioritize threats and take action, reducing time to containment.
Benefits1. Consistent policy enforcement2. Context for prioritization of threats3. Eliminates silos between network and
security tools4. Improved ROI of security investment
already made
Support model: Infoblox supports Outbound API. Integrations supported via our community web-site
IPAM and indicators of compromise (IoC)
Policies
38 | © 2013 Infoblox Inc. All Rights Reserved. 38 | © 2018 Infoblox Inc. All Rights Reserved.
Next Generation Endpoint Security
39 | © 2013 Infoblox Inc. All Rights Reserved. 39 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and Carbon Black
Solution overview• Infoblox detects malware communications
being made via DNS and informs Carbon Black• Carbon Black can identify the malicious
processes, quarantine the endpoint or take other actions
Benefits1. Identify and prevent DNS-based endpoint
communications to malicious domains 2. Automatically respond to endpoint threats,
reducing dwell time
Support model: Both Infoblox and Partner
ActiveTrust
Indicators of compromise (IoC)
Correlate endpoint & network data and remediates the infected endpoint
40 | © 2013 Infoblox Inc. All Rights Reserved. 40 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox with McAfee ePO
Solution Overview• Deploy Infoblox ActiveTrust Endpoint
Agent using McAfee ePO • Enables remediation and policy actions.
Benefits1. Automates and simplifies the
deployment of Infoblox ActiveTrust Endpoint Agent for large enterprises.
2. Mass deployment for mutual customers3. Easily plugs into existing workflow
processes
Support model: Infoblox Supported When McAfee Cert Complete
Endpoint
ActiveTrustCloud
ePO deploys Infoblox
ActiveTrust client
McAfee ePO
Endpoint with ActiveTrust client
On - prem Cloud
41 | © 2013 Infoblox Inc. All Rights Reserved. 41 | © 2018 Infoblox Inc. All Rights Reserved.
Next Generation Firewall (NGFW)
42 | © 2013 Infoblox Inc. All Rights Reserved. 42 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox TIDE integration with Palo Alto Networks NGFW
Solution Overview• Palo Alto NGFW receives malicious host
names, IP addresses and URLs from Infoblox TIDE
• Enable customers to block or monitor threats
Benefits:1. Reduce the number of alerts to review.2. Improves situational awareness in an
organization. 3. Improves overall security posture.
Support model: Infoblox Community
Single PlatformDefine Data
Policy, Governance &
Translation
Internal
Government
Marketplace
Open Source
Infoblox TIDE
Indicators of compromise(IoC)
43 | © 2013 Infoblox Inc. All Rights Reserved. 43 | © 2018 Infoblox Inc. All Rights Reserved.
Threat Sharing
44 | © 2013 Infoblox Inc. All Rights Reserved. 44 | © 2018 Infoblox Inc. All Rights Reserved.
Solution overview• Infoblox publishes critical data on network and DNS
security events along with context over McAfee DXL • Enables ecosystem to quickly respond to network
events and threats, improving operational efficiency.
Benefits1. Automatic notification when threats are detected,
enabling faster response
2. Contextual information to prioritize threats and policy actions
3. Improved ROI for security investments already made
Support model: Infoblox Supported when McAfee Cert Complete
Subs
crib
e*
Publ
ish
DXL Integration (including 3rd party DXL partners)
Enforce ePO/Active Response policy
DXL
Infoblox and McAfee DXL
Network events and indicators of compromise (IoC)
45 | © 2013 Infoblox Inc. All Rights Reserved. 45 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox TIDE/Dossier over DXLSolution overview• Infoblox TIDE sends TIDE and Dossier lookup
requests over DXL fabric
• Facilitate effective protection for both the network and endpoint domains.
Benefits1. Visibility across both network and endpoint
domains.
2. Remediation and policy actions enablingfaster response to threats
3. Improved ROI of security investment already made
Support model: Infoblox Supported When McAfee Cert Complete
ActiveTrust® - Threat Intelligence Providers
XML JSON STIX CSV
DXL
IOC
look
ups
Enforce ePO/Active Response policy
3rd party DXL partners
46 | © 2013 Infoblox Inc. All Rights Reserved. 46 | © 2018 Infoblox Inc. All Rights Reserved.
Network Automation and Cloud
47 | © 2013 Infoblox Inc. All Rights Reserved. 47 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and VMwareSolution overview• Infoblox DDI allocates an IP address and
sends it to the VM along with the DNS host record
• vCenter Server then creates VM that runs on ESXi host using the newly allocated IP address and DNS record
Benefits1. Ensures consistency and visibility in
hybrid deployments (on-prem, virtual, and/or cloud)
2. Automate manual processes3. Speeds time to deployment
Support model: Infoblox
2- The Infoblox IPAM Adapter “Allocate” workflow gets invoked
Infoblox DDI Appliance
1- A vRA admin/user requests a VM to be created/Destroyed
3- Infoblox DDI allocates/ releases an IP address and sends it to the VM along with the DNS host record
4- vCenter Server creates/Destroys VM
5- The newly created VM is now running on an ESXi host using the newly allocated IP address and DNS record
vRealize Orchestrator vRealize Automation
vCenter Server
48 | © 2013 Infoblox Inc. All Rights Reserved. 48 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and VMWare Network Insight 3.7Solution overview• Infoblox DDI provides IP addresses along with
DNS hostname to VMWare Network Insight 3.7• Network and security admins can now track
the device by DNS name instead of IP address
Benefits1. Admins who could see only IP address for a
device (say Laptop) in VMWare Network Insight can now see Laptop.infoblox.com instead of IP address
2. Network admin will see a flow via a DNS name instead of IP address
Support Model: VMWare
IP addresses along with DNS host name mapping
Network Insight 3.7
49 | © 2013 Infoblox Inc. All Rights Reserved. 49 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and AWS Route 53
Solution overview• Infoblox Grid and Route 53 communicate
with each other at regular interval to provide visibility into DNS and IPAM for Route 53 in NIOS
Benefits1. Automated Migration from Route 53 to
Infoblox DNS2. Seamless migration by bridging gap
between Enterprise IT and Cloud teams3. Unified visibility by presenting the user a
single console to view on-prem and Route 53 Public Cloud DNS
Support model: Infoblox
AWSPublicCloud
Enterprise DataCenter
EnterprisePremise
AWSRoute53DNSservice
Sync Zones from R53 to NIOS
EC2
DNS query to NIOS for R53 Zone
Network Insight
Grid MemberDNS / DHCP with ActiveTrust
Network Insight
Grid MemberInfoblox
Grid
50 | © 2013 Infoblox Inc. All Rights Reserved. 50 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and AWS Instances (API Proxy)
Solution overview• Performs vDiscovery of AWS instances
to ensure no duplicate addresses are assigned
• Automates IPAM and DNS provisioning for AWS VPC and EC2 instances.
Benefits1. Eliminates error by preventing the
chances of overlapping IP addresses in hybrid cloud environment
2. Lessens manual processes3. Speeds time to deployment
Support model: Infoblox
Create and destroy EC2 instances
Performs vDiscovery of AWS instances to ensure no duplicate addresses are assigned
API endpoint and virtual private Cloud
API Client
51 | © 2013 Infoblox Inc. All Rights Reserved. 51 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and AzureSolution overview• Infoblox Grid and Microsoft Azure
communicate with each other to provide unified visibility and management across all platforms
Benefits1. Visibility into IP and DNS information
for Azure VMs automatically2. Centralized management of DNS
servers that are on-prem and in Azure3. Efficient utilization of cloud resources
across multiple clouds (Azure, AWS, VMWare, OpenStack)
Support model: Infoblox
VM VM VM VM
GMCSecondary
DNS DDIService
Private
Primary DNS
Region 1 Region 2
Virtual Net Virtual Net
52 | © 2013 Infoblox Inc. All Rights Reserved. 52 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and OpenStackSolution overview• Infoblox receives request for to
create/destroy VMs and Infoblox contacts NIOS for next available IP and creates DNS Records for VM
• OpenStack Spins up VM on Hypervisor (Eg: KVM) and VM makes DHCP request after it starts up.
Benefits1. Ensures consistency and visibility
in hybrid deployments (on-prem, virtual, and/or cloud)
2. Lessens manual processes3. Speeds time to deployment
Support model: Infoblox
Hypervisor
1- A vRA admin/user requests a VM to be created/Destroyed
2. OpenStack Nova (Compute) calls the Infoblox Adapter code in OpenStack Neutron (Networking)
6 - VM starts up and makes DHCP Request to Member (Fixed Address)
5 – OpenStack Spins up VM on Hypervisor (e.g., KVM)
3 - Infoblox Adapter contacts NIOS via WAPI for Next Available IP and creates DNS Records for VM
4 - GM synchronizes Host record or Fixed Address/ + A/AAAA/PTR with Grid Member
7 - End User accesses VM using DNS FQDN
Horizon UI
Nova
Neutron
Grid Master
Grid Member
53 | © 2013 Infoblox Inc. All Rights Reserved. 53 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox and DockerSolution overview• Automated IP address provisioning and
IPAM integration with Infoblox for better visibility for container and micro services.
Benefits1. Ensures consistency and visibility in
hybrid deployments (on-prem, virtual, and/or cloud)
2. Visibility into the container cloud 3. Avoid IP conflicts and container
routing issues4. Speeds time to deployment
Support model: Infoblox
Infoblox Remote IPAM Driver
Docker Host
CLI Client
54 | © 2013 Infoblox Inc. All Rights Reserved. 54 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox Integration with Cisco ACI App
Enhanced Visibility Secure DNS Automate with DNS
IP address, DNS records for VMs,
virtual routers, firewalls, load-
balancers etc. in one console
Detect infected endpoints and
take remediation actions in ACI
like quarantine an endpoint
Use DNS names instead of IP
addresses for adding endpoints
to endpoint groups, load-
balancers pools & other network
configurations
FW
Allow *.abcxyz.com
Solution Overview• Cisco ACI receive devices, IP
addresses and DHCP information from Infoblox
• Allows customers to deploy network in a single operation
Benefits1. Visibility into network devices and
IP addresses, enabling faster response
2. Manage complex environment from one place, thereby increasing operational efficiencies.
Support model: Cisco
55 | © 2013 Infoblox Inc. All Rights Reserved. 55 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox NetMRI integration with Cisco ACI: Discovery
NetMRI / NIOS
Over 60 Vendors Supported
Traditional Networking
ACI
Software-Defined
Networking
Discovery of SDN assets• Tenant/VRF• Subnet• Bridge Domain• Fabric node
NI 8.2 / NetMRI 7.2Confidential
• Fabric node• APIC controller• EPG• Application
profile• End host
•APIC causes gap in discovery due to limited SNMP/CLI support•No central tracking of ACI-connected hosts and their metadata
Challenge
•REST API discovery of Cisco ACI information•Discovery of Tenant, Bridge Domain, EPG and connected hosts
Solution
•Visibility of both traditional and ACI environment in single view•ACI network events forwarded to wider automation ecosystem
Benefit
Solution overview:• Visibility for both traditional
and ACI environment, • Improve operational
efficiency
Support model: Infoblox
56 | © 2013 Infoblox Inc. All Rights Reserved. 56 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox Integration with Cisco DNA
Solution overview• Cisco DNA receive IP addresses
and DNS information from Infoblox without human intervention
Benefits1. Enable policy based deployment
in single operation, 2. Improving operating efficiency
Support model: Cisco
57 | © 2013 Infoblox Inc. All Rights Reserved. 57 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox integration with Cisco Tetration Analytics
• Network View/VRFs, • Network Subnet, • App Type(dev/prod), • DNS Zone
Infoblox DDI (DNS, DHCP.
IPAM)
IPAM and DNS information from Infoblox
Cisco Tetration Analytics
Tetration discovered Endpoints, inventory, ADM and flow data to enrich Infoblox compliance engine and ensure continuous compliance
Tetration Sensors to enforce policies in order to address violations detected by Infoblox compliance engine
Solution overview• Cisco Tetration receives IPAM and DNS
information from Infoblox• Infoblox receives endpoint, inventory and
Application Dependency Mapping (ADM) information from Cisco Tetration
Benefits1. Enhanced visibility into IPAM and DNS
information for network admins2. Policy enforcement by Cisco Tetration,
ensuring continuous compliance
Support model: Cisco
58 | © 2013 Infoblox Inc. All Rights Reserved. 58 | © 2018 Infoblox Inc. All Rights Reserved.
Infoblox integration with Cisco CloudCenter
Orchestrator Hooks
Solution overview• End-to-end workload deployment
with IPAM and DNS updates, enabling improvement in operational efficiencies.
Benefits1. Automate infrastructure deployment
lifecycle2. Elimination of manual network
configuration
Support model: Cisco
59 | © 2013 Infoblox Inc. All Rights Reserved. 59 | © 2018 Infoblox Inc. All Rights Reserved.
Next StepsPath to Engagement
• Web site: https://www.infoblox.com/products/secure-dns/cybersecurity-ecosystem
• Community: • https://community.infoblox.com/t5/Partner-
Integrations/ct-p/PartnerIntegrations• Joint Solution Briefs
Infoblox + FireEye Infoblox + Carbon Black Infoblox + Cisco ISE Infoblox + Qualys Infoblox + McAfee Infoblox + Rapid 7 Infoblox + Tenable
• Engage with Infoblox to find out if we integrate with your security tools
• Follow up with sales teams for deep dive on products