Tech Field Day

The Independent IT Influencer Event

  • Home
    • The Futurum Group
    • FAQ
    • Staff
  • Sponsors
    • Sponsor List
      • 2025 Sponsors
      • 2024 Sponsors
      • 2023 Sponsors
      • 2022 Sponsors
    • Sponsor Tech Field Day
    • Best of Tech Field Day
    • Results and Metrics
    • Preparing Your Presentation
      • Complete Presentation Guide
      • A Classic Tech Field Day Agenda
      • Field Day Room Setup
      • Presenting to Engineers
  • Delegates
    • Delegate List
      • 2025 Delegates
      • 2024 Delegates
      • 2023 Delegates
      • 2022 Delegates
      • 2021 Delegates
      • 2020 Delegates
      • 2019 Delegates
      • 2018 Delegates
    • Become a Field Day Delegate
    • What Delegates Should Know
  • Events
    • All Events
      • Upcoming
      • Past
    • Field Day
    • Field Day Extra
    • Field Day Exclusive
    • Field Day Experience
    • Field Day Live
    • Field Day Showcase
  • Topics
    • Tech Field Day
    • Cloud Field Day
    • Mobility Field Day
    • Networking Field Day
    • Security Field Day
    • Storage Field Day
  • News
    • Coverage
    • Event News
    • Podcast
  • When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures.
You are here: Home / Videos / A Live Demo of Infoblox Threat Defense

A Live Demo of Infoblox Threat Defense

September 30, 2025 by



Security Field Day 14


This video is part of the appearance, “Infoblox Presents at Security Field Day 14“. It was recorded as part of Security Field Day 14 at 13:30-15:30 on September 24, 2025.


Watch on YouTube
Watch on Vimeo

This hands-on session follows the earlier briefings and goes straight into the Infoblox Security Portal. We’ll trace malicious activity from first DNS lookup to automated enforcement, show how verdicts are backed by Infoblox Threat Intelligence, and walk through incident triage and policy tuning. Expect practical coverage of policy creation, exception handling, and integrations that extend protection across endpoint, network, and cloud. You’ll leave with a clear view of day-to-day operations and the metrics that matter. Speaker Kevin Zettel began the demonstration by outlining the five flexible deployment options for Infoblox’s threat defense solution. These include a lightweight endpoint agent for rich user attribution, physical or virtual NIOS appliances, NIOS as a service with IPsec tunnels for cloud and SASE environments, and a simple external resolver configuration. Zettel emphasized that these methods can be mixed and matched, and even without an endpoint agent, the system uses Universal Asset Insights to enrich data, providing crucial context like the specific device, user, and MAC address for every DNS query. He also confirmed that Infoblox provides comprehensive threat feeds for IPs, URLs, and hashes that can be exported to firewalls to counter adversaries who might pivot away from DNS.

Transitioning to the live portal, Zettel showcased the main dashboard, which provides immediate KPIs on the security of the DNS infrastructure. He highlighted the value of “predictive intelligence” and a key metric called “first to detect,” which demonstrates to customers that Infoblox knew about malicious domains on average several weeks before an employee ever clicked on them. The portal offers a detailed, asset-centric view, allowing security teams to identify at-risk devices, trace their entire IP address history across the network, and review all associated security and policy violations. This capability is critical for incident triage, enabling an analyst to quickly understand the scope of an infection and identify other potentially compromised systems by seeing everywhere a device has been.

To demonstrate how security verdicts are backed by intelligence, Zettel navigated to the threat intelligence section, which shows customers which specific threat actor “cartels” are active in their environment and the exact malicious domains their users have accessed. To make the massive volume of DNS data actionable for security operations (SOC) teams, he introduced an AI-powered feature called “Insights,” which automatically correlates millions of individual events into a handful of manageable incidents. For deeper investigation and policy tuning, the integrated “Dossier” research tool allows an analyst to click any indicator (domain, IP, etc.) and receive a consolidated report from over twenty different tools, providing the full context needed to validate a threat and make informed policy decisions.

Personnel: Kevin Zettel

  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter
  • YouTube

Event Calendar

  • Oct 9-Oct 9 — Tech Field Day Exclusive with Microsoft Security
  • Oct 15-Oct 15 — Tech Field Day Experience at NetApp INSIGHT 2025
  • Oct 22-Oct 23 — Cloud Field Day 24
  • Oct 29-Oct 30 — AI Field Day 7
  • Nov 5-Nov 6 — Networking Field Day 39
  • Nov 11-Nov 12 — Tech Field Day at KubeCon North America 2025
  • Jan 28-Jan 29 — AI Infrastructure Field Day 4
  • Apr 29-Apr 30 — Security Field Day 15

Latest Coverage

  • Hammerspace and the Open Flash Platform at #AIIFD3
  • How Mainframe Observability Bridges Legacy and Modern Systems
  • Share Cleveland 25 Took Mainframe to the Next Level
  • PopUp Mainframe: The Key to Faster, Cheaper, and Better Mainframe DevOps
  • Using Agentic AI to Assist Resilience with Opengear

Tech Field Day News

  • The Latest in Cybersecurity Innovation at Security Field Day 14
  • Pushing the Boundaries of AI Performance, Scale, and Innovation at AI Infrastructure Field Day 3

Return to top of page

Copyright © 2025 · Genesis Framework · WordPress · Log in