Infoblox Brings IPv6-Ready Automated Network Control to Federal Government
Security Certification
Infoblox is working with Computer Sciences Corporation (CSC) to certify Trinzic DDI for Common Criteria EAL2 as dictated by NIAP. Infoblox is also participating in the Cryptographic Algorithm Validation Program (CAVP) to ensure all FIPS-Approved cryptographic algorithms used in Trinzic DDI meet the FIPS 140-1 security requirements.
For more information, visit NIAP’s site.
Federal agencies must maintain and improve services and security with limited, often shrinking budgets. Federal IT teams are taking steps that will result in long-term savings, like consolidating IT infrastructure, sharing services, adopting “light” technology and managing large-scale IT programs effectively. They are also migrating to next-generation network technologies like IPv6.
However, budgetary approval process for new IT solutions often cannot keep up with technological advances before the targeted technology can be bought. So it’s critical that federal agencies turn to solutions that can scale and evolve to meet changing needs of their clients and technology.
One investment IT teams need to consider is automating network infrastructure services. Network automation gives team centralized control and helps deliver reliable service to support their other technology initiatives. Without automation, they risk:
- Vulnerability to both internal and external attacks and threats with multiple access points
- Unnecessary downtime with limited and unreliable disaster recovery options across offices, buildings or campuses
- Exposure to penalties and sanctions for compliance standards and best practices violations
- Burdensome requirements for local expertise and knowledge to maintain disparate assets and tools
- Disparate, inconsistent network infrastructure services with no centralized visibility and management
- Audit exposure with limited tracking and logs for compliance requirements and/or troubleshooting needs
Infoblox Solutions for Federal Agencies
Infoblox is helping federal governmental agencies meet demands for agile, resilient and secure network services for both the Department of Defense and civilian IT installations. Infoblox ensures network availability for our customers by automating the many daily, time-consuming, pedestrian tasks that keep IT professional staff from more important work. Our secure solutions result in improved overall security, service quality and network uptime.
We have extensive experience meeting the needs of civilian, military, defense and intelligence agencies, and our products support industry and governmental standards, including IT governance mandates such as:
- DISA STIG
- NSA SNAC
- FISMA best practices
- Responses to vulnerability alerts such as IAVA
Infoblox solutions make the network adaptable to fluctuating, risk-ridden environments so that mission-critical applications do not fail when they are needed most. Through real-time network change and configuration management (NCCM) and IPv6-enabled DNS, DHCP and IP address management (collectively called DDI), our secure, high-availability, resilient appliances reduce the risk for outages and ensure the network’s uptime through everyday operation as well as during crises and emergency situations.
Infoblox solutions are currently used in every classification level in the federal government, from unclassified to SCI clearance. Our products and solutions are approved for use by the intelligence community, and certified at the highest levels, including:
- DADMS approved (ID #64843)
- NIST CAVP certification for Cryptographic Algorithms used in Trinzic DDI
- NetMRI, our NCCM product, has been common criteria certified
- Infoblox is currently working with Computer Sciences Corporation (CSC) to certify Trinzic DDI for Common Criteria EAL2 as dictated by NIAP
All Infoblox equipment is manufactured in the United States, and we support and offer secure solutions for both IPv4 and IPv6. Our DNSSEC product increases security to prevent the kinds of hacking that have compromised federal systems in recent times. Trinzic DDI has support for Hardware Security Modules (HSMs) for secure private key storage and generation, and zone-signing off-loading. When using a network-attached HSM, you can provide tight physical access control, allowing only selected security personnel to physically access the HSM that stores the DNSSEC keys. When this feature is enabled, the HSM performs DNSSEC zone signing, key generation, and key safekeeping.
Trinzic DDI supports two-factor authentication which is a security process in which an administrator provides two means of identification, one of which the administrator has, such as a Smart Card, and the other of which the administrator knows, such as a password. The current Microsoft AD, RADIUS, TACACS+ and Local administrator authentication is enhanced to also support X.508 client certificates embedded in smart cards, such as the US Dept. of Defense Common Access Card. Two-factor authentication functionalities include:
- Certificate validation by the Certificate Authority
- Certificate status validation by Online Certificate Status Protocol (OCSP) Responder
- Support for Direct and Delegated trust models
Key benefits
- Delivers high-availability and secure infrastructure with easy to deploy, high-availability appliances
- Ensures continuous uptime with patented Infoblox Grid™ technology and centralized management
- Reduces cost and increases visibility with built-in, IPv6-ready, automated IP address management
- Eliminates risk of human error or poor configurations across multi-vendor environments
- Mitigates risk of malicious attacks or unplanned events with proactive monitoring and tracking
- Scales to meet the most complex, distributed environments within the government sector
- Enables staff to focus on business-impacting initiatives instead of the typical reactive, manual approach
- Shows the impact of changes to the health and stability of the network
Success Stories
Here’s what a few of our federal agency customers say about our products:
"We deployed NetMRI since minor network configuration changes can have major impacts to critical services needed to enable communication among Warfighting units."
— United States Army Joseph Forino, Product Director for Network Operations at Fort Monmouth, N.J.“We used NetMRI to do code upgrades on Cisco devices in a rather bulletproof fashion—all at an extremely high rate. In just a few hours, we can do hundreds of devices and have complete details and logs. NetMRI allows the agency to be much more productive with the same staff.”
— A large federal agency with 800 locations nationwide Marty Atkins, Senior Consultant, Chesapeake NetCraftsmen