The Ten Year Protective DNS Journey with Infoblox

DNS is no longer just infrastructure — it is the frontline of preemptive security. This session highlights Infoblox’s decade-long journey in shaping DNS security, with Protective DNS at the center of defending users against evolving threats. Attendees will see why DNS is uniquely positioned to stop attacks before they spread and how DDI integration delivers powerful visibility, automation, and protection. Speaker Mukesh Gupta detailed Infoblox’s evolution from an enterprise appliance company known for DDI (DNS, DHCP, and IPAM) to a security-focused organization. He explained that as enterprises adopted multiple cloud platforms, they ended up with siloed DNS systems (e.g., on-prem, AWS Route 53, Azure DNS), leading to complexity and outages. Infoblox addressed this by creating “Universal DDI,” a platform that provides a single management layer for all of a customer’s disparate DNS services, whether they are on-premises or in the cloud, and offers a true SaaS-based option for DDI services.

Gupta emphasized that DNS is the first point of detection for nearly all types of cyberattacks—from phishing and malware to data exfiltration—because a DNS query always precedes the malicious action. Blocking threats at this initial DNS layer is highly effective, protecting all devices on the network without deploying new agents and significantly reducing the load on other security tools like firewalls and XDRs. Infoblox’s unique approach, developed by a former NSA expert, focuses on tracking the cybercriminal “cartels” rather than individual attacks. Instead of chasing millions of malicious domains (the “drug dealers”), Infoblox identifies and monitors the infrastructure of organizations like “Prolific Puma” (a malicious URL shortening service) or “VainWiper” (a malicious traffic distribution system) that service thousands of attackers. This “cartel”-focused strategy provides a significant strategic advantage.

The primary benefits of this unique approach are a massive lead time and incredible accuracy. Infoblox can identify malicious domains an average of 68 days before they are used in a campaign, often right after the cartel registers them, allowing for preemptive blocking without waiting for a “patient zero.” This methodology also results in an extremely low false positive rate (0.0002%). Gupta argued that integrating this protection directly into the DDI platform is more operationally efficient, as it prevents finger-pointing between network and security teams when a domain is blocked. Infoblox is now extending this protection to cloud workloads, either by having customers point their cloud DNS to Infoblox’s service or through native integrations, such as the new Google Cloud DNS Armor service, which is powered by Infoblox’s threat intelligence technology.