Enhance Threat Detection and Response with Intel DNSJulien Roque
ThreatQuotient and Infoblox recently hosted a webinar, where they demonstrated how the combination of DNS Intel and the use of a Threat Intelligence Platform (TIP) help to improve threat detection and response capabilities.
Infoblox specializes in DNS Intelligence where their internal experts analyze, process and qualify DNS intelligence (analyzing around 70 billion DNS requests). The results of these analyses provide customers with an enriched, qualified and reliable source of information. This data can then be transmitted to a TIP such as ThreatQ to be used within a customer context.
Threat Intelligence Platforms, such as ThreatQ, acts as a cockpit (or control tower), enabling intelligence to be consumed – from Infoblox, for example – structured, and using algorithms to isolate relevant intelligence in a given context, so that it can be consumed by detection or protection tools (such as the Infoblox BloxOne solution, for example).
The purpose of the webinar was to present use case examples demonstrating the benefits of combining a qualified intelligence source – such as Infoblox – with a threat intelligence management platform.
The use cases demonstrated, covered the entire scope of information gathering, structuring and exploitation. The use cases presented are as follows:
- Ability to ingest indicators of compromise (IOCs) from Infoblox TIDE into ThreatQ: TIDE being a relevant and qualified source of intelligence, the information can be ingested by ThreatQ to be integrated into the Threat Library.
- Enrichment of objects present in ThreatQ by requesting the Infoblox Dossier solution: To facilitate team operations, it is possible for an analyst to request Dossier from Infoblox to obtain more information on a specific object.
- Dissemination of relevant and qualified IOCs from ThreatQ for consumption in Infoblox tools (Grid or BloxOne): Using ThreatQ’s prioritization algorithms, it is possible to automate the process of consumerizing relevant indicators in customers’ detection or protection devices.
- Query the ThreatQ Threat Library from Infoblox BloxOne to search for a specific DNS event in BloxOne.
All the use cases demonstrated operate thanks to the interconnections between Infoblox solutions and ThreatQ. ThreatQ TDR Orchestrator has automation and orchestration capabilities to make it possible to ingest this intelligence, structure it and implement workflows enabling the operationalization of relevant intelligence in a specific context, whether in relation to a threat or a vertical, for example.
The partnership between Infoblox and ThreatQuotient enables operational teams not only to benefit from relevant, qualified intelligence, but also to make the most of it and automate part of the detection and response process. To learn more, watch the webinar on-demand here. If you would like to see a live demo please click here.