Infoblox , a leader in cloud networking and security services, has announced major enhancements to its Protective DNS solution, Infoblox Threat Defense, empowering organizations to stay ahead of sophisticated, AI-driven cyber threats with pre-emptive security.
As global cybercrime costs surge toward $23 trillion by 2027[1], traditional “detect and respond” security tools are struggling to keep up. Modern attackers increasingly deploy AI to create unique, single-use malware and stealthy phishing campaigns that evade traditional defenses—making it more likely than ever that any organization can become “patient zero.”
Infoblox’s Protective DNS solution, Infoblox Threat Defense, stops threats before they impact infrastructure by combining predictive threat intelligence with algorithmic and machine learning-based detections — blocking high-risk and malicious domains an average of 68 days earlier than traditional tools, with an industry-leading 0.0002% false positive rate.
“The difference between most DNS security tools and our approach is like the difference between law enforcement chasing street-level drug dealers versus taking down the cartel,” said Mukesh Gupta, chief product officer, Infoblox. “We target the suppliers behind the cyberattackers—the cartel—so threats can be blocked before they ever reach the network. This pre-emptive strategy helps security teams reduce risk, eliminate noise and stop threats at the DNS layer before they ever reach the network.”
To help customers get ahead of the new wave of AI-driven threats, Infoblox is continually delivering ground-breaking threat intelligence—solidifying the role of Threat Defense as a proactive, high-speed threat blocker. From better visibility and actionable insights to flexible licensing and clear metrics on pre-emptive protection, these new innovations are designed to help security teams close gaps before attackers can exploit them:
- Protection Before Impact: Provides security leaders with clear, quantifiable metrics on threats neutralized before they can cause damage, streamlining reporting and demonstrating security ROI.
- Security Workspace: An intuitive, centralized interface that gives security teams deep visibility into their environment with actionable insights to reduce risk and ultimately speed their mean time to respond (MTTR).
- Detection Mode: Provides organizations visibility into threats they’re missing today—without changing existing DNS configuration, minimizing operational risk.
- Asset Data Integration: Delivers deep context into what was protected as part of the pre-emptive strategy, enabling security teams to do further investigation and analysis.
- Token-Based Licensing: Flexible, token-based pricing aligned to protected assets simplifies procurement and drives clearer ROI.
- Powering Google Cloud’s DNS Armor: Infoblox’s Protective DNS capabilities also power Google Cloud’s DNS Armor, providing native security for cloud workloads, with public preview later this year.
Infoblox Threat Defense gives security teams predictive insights to block attacks as threat actor infrastructure is being created—before malware is even deployed and long before a patient zero is hit. Unlike traditional security tools that must wait for the first victim to detect and respond, Infoblox’s approach can pre-empt the attack entirely.
By stopping attacks earlier, Infoblox reduces the load on detect-and-respond tools, such as XDR and SIEM—aligning with Gartner’s view that pre-emptive cybersecurity will replace 40 percent of traditional solutions by 2028. The latest NIST SP 800-81 guidelines reinforce this shift, noting that DNS can often prevent security incidents earlier than other systems.
“Traditional ‘detect and respond’ security simply can’t keep pace with today’s AI-driven attackers and malware. Cybercrime is evolving faster than ever, costing the world trillions and exploiting gaps in legacy defenses,” said Scott Harrell, president and CEO, Infoblox. “The legacy kill chain approach depends on someone else being ‘patient zero’ so those legacy systems can learn and react—but attackers today customize malware to target individual businesses or industries, rendering legacy, reactive approaches ineffective against modern AI-enabled attackers. When you’re patient zero, the only thing being ‘killed’ is your business. The future of cybersecurity must be pre=emptive: stop threats before they ever reach your organization.”
“Before Infoblox, DNS was a blind spot in our security posture,” said Nathan Sinclair, chief information security officer for the City and County of San Francisco. “We immediately saw value in gaining full visibility into DNS requests and the hidden threats they can carry. Infoblox Threat Defense has proven to be a powerful solution for blocking exploits and preventing incursions. It has significantly strengthened our defenses and given us greater confidence in protecting the critical services we provide.”
For deeper insights into our latest innovations and why pre-emptive DNS security matters more than ever, visit our Security Momentum launch blog. To see the latest research on evolving threats—including how DNS security blocks 82 percent of attacks before impact—read our 2025 DNS Threat Landscape Report.
