Research Finder
Find by Keyword
Black Hat 2025: Infoblox Delivers Proactive Protection Against AI-powered Attacks
Infoblox unveiled significant upgrades to its Protective DNS solution, Infoblox Threat Defense, giving organizations a more proactive way to defend against sophisticated, AI-driven cyber threats.
Key Highlights:
- Infoblox is introducing new features to its Protective DNS solution to help businesses predict threats and stop advanced, AI-driven attacks before they can begin.
- The platform is designed to provide powerful, proactive security that protects users, devices, IoT, and cloud workloads.
- Infoblox is launching a new, flexible token-based licensing model to help organizations scale their security efficiently and align costs with their needs.
- These updates reinforce Infoblox's leadership in Protective DNS and help customers align with new NIST guidelines, allowing them to stay ahead of modern cyber threats.
- The company is also powering Google Cloud's DNS Armor, a new service that will provide native security for cloud workloads when it enters public preview.
The News
Infoblox, a provider of cloud networking and security services, announced major enhancements to its Protective DNS solution, Infoblox Threat Defense, empowering organizations to stay ahead of sophisticated, AI-driven cyber threats with preemptive security.
Analyst Take
Infoblox has upgraded its Protective Domain Name System (DNS) solution, Infoblox Threat Defense, aimed at giving organizations a stronger, more proactive defense against sophisticated, AI-driven cyber threats. Infoblox Threat Defense, a Protective DNS solution, proactively stops threats before they can harm the organization’s network. It uses a combination of predictive threat intelligence and machine learning to block malicious domains an average of 68 days earlier than other tools, all while maintaining an exceptionally low false positive rate of just 0.0002%.
Infoblox is enhancing its Protective DNS solution, Infoblox Threat Defense, to help customers stay ahead of a new wave of AI-driven threats. By focusing on preemptive security, Infoblox aims to solidify its platform's role as a high-speed threat blocker. From my viewpoint, these new innovations can provide security teams with better visibility, actionable insights, and flexible licensing to close security gaps before attackers have a chance to exploit them. The updates are designed to offer clear, quantifiable metrics that demonstrate the ROI of their security efforts, streamlining reporting for security leaders.
A key part of these enhancements is the Security Workspace, an intuitive, centralized interface that provides security teams with deep visibility and actionable insights, helping to speed up their mean time to respond (MTTR). The new Detection Mode also allows organizations to identify threats they are currently missing without having to alter their existing DNS configurations, which minimizes operational risk. Additionally, Asset Data Integration delivers crucial context about protected assets, enabling security teams to conduct more effective investigations and analysis.
Infoblox is also making changes to its business model to simplify procurement and provide more value to customers. The new token-based licensing is designed to align pricing with protected assets, making the cost structure clearer and more flexible. Furthermore, Infoblox's protective DNS capabilities will soon be powering Google Cloud's DNS Armor, a new offering that provides native security for cloud workloads. This partnership not only validates Infoblox's technology but also expands its reach into the growing cloud security market.
Infoblox Threat Defense provides security teams with predictive insights to stop attacks before they even begin. By blocking a threat actor's infrastructure as it's being set up, Infoblox can prevent malware from ever being deployed and ensure a patient zero is never hit. This proactive approach allows organizations to preempt an attack entirely, unlike traditional security tools that can only react after a first victim has been impacted.
Why Preem DNS-Enabled Preemptive Security is Rising
By blocking attacks sooner, Infoblox reduces the workload on tools like XDR and SIEM that are used for detecting and responding to threats, underlining the shift toward preemptive cybersecurity. The most recent NIST SP 800-81 (i.e., SP 800-81r3) guidelines support this approach, highlighting that DNS can often stop security incidents sooner than other defense systems.
I see that the latest NIST SP 800-81 guidelines are crucial to the cybersecurity ecosystem because they elevate the DNS from a basic network utility to a foundational pillar of modern security. The guidelines, which have been significantly updated to reflect the current threat landscape, emphasize that a well-secured DNS is essential for a robust cybersecurity posture, including Zero Trust and defense-in-depth strategies.
They provide a comprehensive framework for securing all aspects of the DNS infrastructure - from the protocol itself to the underlying hardware - recognizing that a compromise at this level can have cascading impacts across an entire organization. This guidance makes it clear that relying on DNS as a security enforcement point is no longer a best practice, but a critical necessity.
Furthermore, the guidelines provide a detailed roadmap for organizations to implement key security measures. This includes recommendations to employ Protective DNS to preemptively block access to malicious domains before attacks can even begin. They also advocate for the use of encrypted DNS (such as DNS over TLS and DNS over HTTPS) to prevent attacks like DNS hijacking and data snooping, and they stress the importance of continuous monitoring to detect and prevent domain impersonation attempts. By providing these clear, actionable steps, the NIST SP 800-81 guidelines help organizations of all sizes understand how to use their DNS infrastructure to prevent a wide range of cyberattacks, ultimately making the entire digital ecosystem safer and more resilient.
Infoblox Threat Defense Reshaping the Protective DNS Competitive Realm
Infoblox Threat Defense operates in a competitive landscape that includes specialized DNS security vendors and large secure access service edge (SASE) platforms. Key competitors include Cisco Umbrella, Palo Alto Networks DNS Security, Zscaler Internet Access (ZIA), and more specialized players such as DNSFilter and BlueCat DNS Edge. Infoblox, however, carves out its competitive advantage through its unique architecture, predictive intelligence, and operational efficiency gains.
A core differentiator for Infoblox is its status as a market leader in DDI (DNS, DHCP, and IPAM). Unlike competing solutions that are often separate, standalone security products, Infoblox Threat Defense is a deeply integrated component of its core network services platform. This unified architecture provides security teams with unparalleled context and visibility, offering a single pane of glass to view threats, assets, and network activity. While competitors such as Cisco and Zscaler provide strong DNS security, their solutions may not offer the same granular, real-time insight into the IP addresses and devices on the network, making rapid incident response more challenging.
Infoblox also gains a significant edge through its predictive and preemptive threat intelligence. Many rival solutions, despite having advanced threat feeds, still operate reactively, identifying and blocking a threat only after a patient zero has been impacted. Infoblox takes a different approach by focusing on predictive analysis that monitors for threat actor infrastructure as it's being created. This allows Threat Defense to block malicious domains an average of 68 days earlier than traditional tools, completely preempting attacks before they are even deployed. This proactive capability not only strengthens an organization's security posture but also reduces the number of alerts that security teams have to manage.
Finally, Infoblox stands out for its superior accuracy and resulting operational efficiency. The platform promotes an industry-leading false positive rate of just 0.0002%. This high level of accuracy is a major benefit, as it allows security teams to confidently block threats without causing disruptions to legitimate business traffic. By effectively stopping a large percentage of threats at the DNS layer with minimal false positives, Infoblox streamlines security operations and reduces the workload on downstream tools like SIEM and XDR. This enables security analysts to focus their time and resources on more complex, high-priority threats, giving Infoblox a strong competitive advantage in both effectiveness and efficiency.
Infoblox Unveils 2025 DNS Threat Landscape Report, Indicating Surge in AI-driven Threats and Malicious Adtech
Alongside the Infoblox Threat Defense launch, the Infoblox 2025 DNS Threat Landscape Report was issued revealing a significant increase in DNS-based cyber threats, fueled by the growing sophistication of attackers using AI-enabled deepfakes, malicious advertising, and new evasive domain tactics. The report, which analyzes over 70 billion DNS queries daily from thousands of customer networks, provides a detailed look at how threat actors are exploiting DNS to deceive users, avoid detection, and hijack trust.
Infoblox's threat intelligence team has identified over 660 unique threat actors and more than 204,000 suspicious domain clusters since the company was founded. A domain cluster is a group of domains believed to be registered by the same threat actor. Over the past year, Infoblox researchers have published findings on 10 new threat actors and have been leading the industry's understanding of malicious adtech, which uses traffic distribution systems (TDS) to hide threats from users. This research is crucial for helping security teams stay ahead of a constantly evolving threat landscape.
The 2025 DNS Threat Landscape Report compiles these findings from the last 12 months to highlight key attack trends, with a particular focus on the growing role of adtech. The report reveals that of the 100.8 million new domains observed, a quarter of them were malicious or suspicious. A significant challenge for the security industry is that 95% of these threat-related domains were found in only one customer environment, making them difficult to detect and stop. Furthermore, 82% of Infoblox's customers had domains linked to malicious adtech, which uses a massive number of rotating domains to evade security tools and serve harmful content.
From my perspective, the report underscores the scale of these threats, noting that nearly half a million traffic distribution system (TDS) domains were seen within Infoblox's networks in the past year. Infoblox's systems also detected daily instances of advanced tactics like DNS tunneling, data exfiltration, and command and control (C2) using tools such as Cobalt Strike and Sliver. Detecting these sophisticated threats requires advanced machine learning algorithms, which are key to Infoblox's defense strategy.
Looking Ahead
Before Infoblox, DNS was a major security blind spot for most organizations. I believe that Infoblox changed that by providing full visibility into DNS traffic and the hidden threats it can carry, giving customers immediate value. As a result, Infoblox Threat Defense has become a powerful and trusted solution for blocking exploits and preventing network intrusions, significantly strengthening customer defenses and boosting their confidence in protecting critical services.
I expect Infoblox to capitalize on the growing protective DNS market, which is expected to mature significantly, driven by a few key developments. First, the influence of regulatory bodies like NIST will continue to grow, with updated guidelines such as SP 800-81r3 reinforcing the critical role of DNS as a foundational security layer. This will push more organizations, especially those in government and highly regulated sectors, to adopt protective DNS solutions to meet compliance mandates.
Second, the cybersecurity ecosystem will increasingly use AI and machine learning to build more predictive and preemptive capabilities, moving away from reactive, signature-based threat detection. As such, InfoBlox Threat Defense can identify and block threats such as AI-generated deepfakes and evasive malicious domains as they are being created, long before they can be weaponized. Finally, the market will see a push toward deeper integration and ecosystem partnerships, where protective DNS is no longer a standalone tool but a seamlessly integrated component of broader security frameworks like Zero Trust and SASE, providing a unified view and automated workflows for faster incident response.
As a result, investing in preemptive security can be the deciding factor in successfully thwarting threat actors. Using predictive threat intelligence, Infoblox’s protective DNS solution continuously blocks threat-related queries before their initial impact. Organizations need to prioritize proactive protection, paired with consistent radar on emerging threats, tips the scales in favor of security teams - enabling them to pull ahead of attackers and interrupt their unlimited supply of domains.
Ron Westfall | Analyst In Residence
Ron Westfall is a prominent analyst figure in technology and business transformation. Recognized as a Top 20 Analyst by AR Insights and a Tech Target contributor, his insights are featured in major media such as CNBC, Schwab Network, and NMG Media.
His expertise covers transformative fields such as Hybrid Cloud, AI Networking, Security Infrastructure, Edge Cloud Computing, Wireline/Wireless Connectivity, and 5G-IoT. Ron bridges the gap between C-suite strategic goals and the practical needs of end users and partners, driving technology ROI for leading organizations.