Infoblox has added new features to its Threat Defense platform, including predictive capabilities designed to preempt AI-driven attacks.
The Infoblox Threat Defense platform analyzes DNS traffic in real time to help enterprise customers block cyber-threats. The system combines InfoBlox’s threat intelligence with machine‑learning analytics to detect and stop malware, phishing, ransomware, DNS‑based data exfiltration and other threats. It’s delivered via a SaaS model or as software on virtual Infoblox appliances, depending on customer needs, and it can be deployed in hybrid and multi-cloud environments and integrates most multivendor SIEM, SOAR, XDR and vulnerability management tools.
Infoblox Threat Defense promises to protect on-premises infrastructure, cloud workloads, remote workers, and IoT devices without requiring added appliances or heavy configuration, according to Krupa Srivatsan, senior director of product marketing at Infoblox.
“Infoblox’s Threat Defense marks a major shift in how organizations approach cybersecurity, preempting threats before they start, rather than reacting to them after they land,” Srivatsan said. “With these enhancements, Infoblox’s capabilities empower a proactive security posture for customers – which is essential in an era when attackers are using AI to launch fast, stealthy and highly personalized attacks.”
The new features include:
- Protection before impact: Provides security leaders with the ability to demonstrate clear, quantifiable metrics related to reduced threats. This is critical at a time when boardrooms are demanding greater accountability. Without it, teams were left estimating impact or using anecdotal data in reports, Srivatsan said.
- Security workspace: Brings a real-time, intuitive interface that simplifies how security teams monitor threats, lets security teams understand what’s happening within their environment, and suggests ways to decrease security risks. Prior to this, analysts had to look at fragmented tool interfaces to get critical metrics, leading to longer response times and higher operational overhead.
- Detection mode: Lets customers safely evaluate Threat Defense without changing DNS configurations. Before this, testing new DNS-layer protection typically involved complex infrastructure changes, which many security teams avoided either due to the potential for operational disruption or compliance regulations.
- Asset data integration: Adds crucial context, letting security teams immediately see what users, devices or cloud workloads were protected, enabling faster investigation. Previously, teams would need to spend hours correlating logs across systems to piece together that picture, delaying investigation and remediation, Srivatsan said.
These features help organizations operationalize preemptive cybersecurity by enabling earlier threat disruption, faster incident response, better board-level reporting, and more efficient SOC operations, Srivatsan said. In addition, Infoblox now offers a token-based licensing model, which lets customers scale protection up or down depending on the number and type of assets they need to protect, without being locked into rigid pricing structures, she said.
Adversarial DNS techniques on the rise
The need for secure DNS transactions is highlighted in Infoblox’s 2025 DNS Threat Landscape Report, released this week, which identified 100.8 million newly observed domains, with over 25% classified as malicious or suspicious.
Over the past year, threat actors continuously registered, activated and deployed new domains, often in very large sets through automated registration processes. By increasing their number of domains, threat actors can bypass traditional forensic-based defenses, which are built on a “patient zero” approach to security, wrote Dr. Renée Burton, head of Infoblox Threat Intel, in the report.
“This reactive approach relies on detecting and analyzing threats after they have already been used somewhere else in the world. As attackers leverage increasing levels of new infrastructure, this approach becomes ineffective––leaving organizations vulnerable. Every digital interaction begins with a DNS request, making it a high-fidelity source of telemetry for network operations by providing in-depth visibility into which digital assets are initiating connections over the internet,” Burton wrote.
Consequently, analyzing DNS traffic and domain usage is foundational for security analysts. “DNS data can be reshaped into predictive threat intelligence by holistically collecting pre-attack telemetry, enriching the data, analyzing it against baselines, and executing deep threat hunts. These insights offer defenders a comprehensive view of adversarial infrastructures, targeted victims, and tactics—before the attacker strikes,” Burton wrote.
Source:: Network World