Introducing the Infoblox ActiveTrust Security Suite: Streamline Your Threat Intelligence

But it can be time and resource intensive because as your network has grown, you've inherited a patchwork of siloed security solutions. Many times, the threat intelligence data you've purchased with a security system can't be used elsewhere or you can't customize how you want to deploy threat intel across your infrastructure.

Even more frustrating are the multiple views of intelligence data from your multiple systems. Instead of being able to use more data to provide context and a clearer view into potential threats, you have to spend time going between security solutions to manually interpret what's going on. This can result in slow response times and gaps in your threat coverage.

Obviously this is not an efficient or confidence-inspiring way to protect against cyberthreats. There is a need for a cost-effective solution to simplify and consolidate management of threat intel data, which is why we're launching the Infoblox ActiveTrust security suite. Infoblox is the [first and only][SY: Please provide substantiation for 'first and only' otherwise we should say 'Infoblox integrates Actionable Threat Intelligence into the DDI environment…'] vendor to integrate Actionable Threat Intelligence into the DDI environment (DNS, DHCP and IP address management). This is critical as we're all seeing an increase in malicious activity at the DNS level - in fact, our Threat Index hit an all-time high in the first quarter of 2016.

Infoblox ActiveTrust security suite provides [three][SY - there's 4 points below - should this be 4?] levels of service that focus on solving key pain points to make your job easier and your security more effective. With Infoblox ActiveTrust products, you can:

1. Get the data you need: Easily create threat intelligence data feeds to combine Infoblox's high-quality data with data in which you've already invested.
2. Easily deploy data: Obtain, manage and distribute threat data to a broad range of infrastructure from a centralized point.
3. Operationalize processes: Gain visibility and investigate threat indicators quickly with an intuitive, query-based UI.
4. Prevent malicious activity: Deploy threat intelligence directly within Infoblox DNS Firewall and other security technologies.

1. Get the data you need

The Infoblox ActiveTrust security suite is a one-stop-shop when it comes to threat intel data. We distill data from thousands of sources, processes and services[SY: please confirm there are at least 2 thousand so 'thousands' is accurate]. Also, our 24/7 Threat Operations team works to verify threat indicators and curate machine-readable threat intelligence (MRTI) to output an enhanced, accurate, up-to-date intelligence data feed (based on Infoblox's own data and also vetting of third-party/market feed data, including hostnames, URLs, IP addresses).

We also work with several premium data providers, including SURBL, Emerging Threats, iSight Partners, CrowdStrike, ThreatWave, ThreatTrack Security, and Farsight Security [SY: is there a reason why the partners are listed in this order? Perhaps alphabetical order would be appropriate. Do we risk offending the other partners when we focus on SURBL?]to create an in-solution third-party threat indicator feed data marketplace. SURBL is a top provider of high-quality, actionable intelligence specifically designed and used for variety of blocking solutions like Infoblox DNS Firewall. In fact, we've found that using Infoblox and SURBL data together can help companies detect and prevent [up to two times the number of threats][SY: Please provide substantiation for this claim]. In addition to data from these providers, Infoblox ActiveTrust products enable you to easily integrate [almost] any vendor's data for use. [SY: Do we enable 100% of all vendors to be integrated? If not, then add 'almost' or 'virtually']

2. Easily deploy threat intelligence data

The Infoblox ActiveTrust security suite is system-agnostic and designed to simplify threat intel deployment, distributing data across a diverse range of security platforms (e.g., DNS Firewall, perimeter firewall, Web proxy, IPS, SIEM). ActiveTrust products help make creating custom API feeds built for specific attacks quick and easy, regardless of how many feeds you need to blend (e.g., hostnames, IPs, URLs) or the types of data you need to adjust for (e.g., JSON, STIX, CSV, TSV, CEF).

In addition, ActiveTrust products allow you to manage and share internally sourced threat intelligence, upload and manage internally discovered threat intelligence, and put data governance policies in place to easily control and distribute intelligence to other internal stakeholders, business partners and other external parties.

3. Operationalize threat intelligence processes

Threat research and context gathering often requires multiple tools and manual processes, leading to slow response. The Infoblox ActiveTrust security suite essentially performs like 'Google' for threat intelligence. Our query-based UI gives users visibility into results from multiple sources in seconds all on one screen, enabling them to understand what a variety of trusted sources report about the indicator in question. You can quickly decide on what action to take (e.g., block, mitigate, go deeper, or do nothing) and stay anonymous (we cloak your identity).

4. Prevent malicious activity and data breaches

Because the ActiveTrust security suite enables you to deploy trusted threat intelligence directly within Infoblox DNS Firewall and other security technologies, you can detect security breaches before they occur and limit damage from infected devices. Also, ActiveTrust products' deployment of threat intel data across the infrastructure serves to help strengthen all of your systems' defenses.

For more information about how the Infoblox ActiveTrust security suite can streamline your threat intelligence and help you get more value from existing security infrastructure and threat intelligence data investments, read the product brief and contact us.