A highlight of the Nexpose 5.15 release is the addition of Infoblox Trinzic DDI to the growing list of Dynamic Discovery sources. With nearly 8,000 customers worldwide, Infoblox is a market leader in DNS, DHCP and IP address management. Building upon existing support for Microsoft DHCP log monitoring, released this past spring, Nexpose customers that use Infoblox to manage DHCP activity can now detect previously unknown devices whenever they connect to the network, providing a more complete understanding of their surface area of risk.
Configuring a Dynamic Discovery Connection for Infoblox
The Dynamic Discovery connection for Infoblox works by listening on a TCP or UDP port to receive syslog messages sent from the Infoblox Trinzic appliance to a Nexpose scan engine. Infoblox connections can be configured along with other Dynamic Discovery sources from the Administration page, or during the Site Configuration process, and require the designation of a port and protocol.
Once the connection is in place, assets detected from Infoblox that have not been scanned are automatically imported into Nexpose and visible in the Discovered table of the Assets page.
Identify and Close the Gaps
As I described in a previous blog post, Dynamic Discovery connections in Nexpose enable security professionals to quickly identify gaps in their threat exposure management program. By leveraging the advanced network control capabilities of Infoblox, Nexpose helps you understand your complete attack surface and find vulnerabilities you are missing today.