RESEARCH NOTE: Infoblox SOC Insights Leverages DNS to Improve Security Posture

By Will Townsend - February 16, 2024

This week, networking and security vendor Infoblox announced a new AI-infused security capability rooted in a domain name system (DNS) architectural approach. The product, SOC Insights, improves visibility and streamlines operations to help teams working in enterprise security operations centers (SOCs) deal with cybersecurity threats.

Infoblox has shown a reinvigorated approach to networking and security service delivery, especially since former Cisco executive Scott Harrell took the helm as CEO in January 2023. In this research note, I’ll dive deeper into the value of DNS as it relates to security and highlight the important features of the Infoblox SOC Insights solution.

The Value of DNS

Security operations professionals are facing new and growing complexities created by multi-cloud and hybrid OT and IT infrastructure deployments. While all that new technology aims at accelerating digital transformation—often successfully—its complexity, and especially the highly distributed nature of today’s connectivity solutions, also dramatically expands the threat surfaces that SecOps must protect. The industry as a whole must embrace new security operational models that can keep pace with the increase in threats.

Surprisingly, DNS is not widely utilized as a cybersecurity platform construct. DNS is a fundamental element of network communications, serving a critical function in translating domain names into IP addresses. Given the ongoing convergence of networking and security, DNS can provide valuable insights into domains that could potentially be weaponized by bad actors. Infoblox recognized the value of DNS more than 25 years ago, and it is now positioned to leverage DNS to deliver new capabilities that thwart attacks. I discuss the company’s background and technology in my research paper published earlier this month.

SOC Insights — Launch Details

The centerpiece of the company’s DNS-based approach is the BloxOne Threat Defense offering. Now, SOC Insights extends the capabilities of BloxOne as a wholistic, DNS-anchored detection and response platform. Lots of enterprise security companies claim that their products are unique, but in this case, Infoblox really does take an approach to network security unlike anyone else’s. Specifically, SOC Insights provides:

  • An AI-powered SecOps capability that distills and analyzes the ongoing flow of threat and network data to provide actionable insights for security analysts while dramatically reducing alert fatigue.
  • A new way to leverage the power of DNS to greatly reduce threat mean-time-to-respond (MTTR). This creates compelling benefits in terms of mitigating business downtime, improving security posture, and enabling a proactive versus reactive cybersecurity operational framework.
  • The ability for organizations to reduce downtime and improve security efficacy by using unique DNS threat intelligence.
  • An additional layer of protection realized through the cross-pollination of Infoblox AI-driven insights with other SOC security stack tools, and automated remediation capabilities facilitated through triggered API calls.

By applying AI to vast amounts of DNS and network data, Infoblox SOC Insights can provide security teams with valuable proactive threat disruption guidance, insightful analytics, and added value to other existing security tool investments. Infoblox, like many other security solution providers, is fighting AI with AI, but the difference is that the company is using it as part of a DNS defensive infrastructure to effectively thwart the growing sophistication of attacks fueled by the generative AI “gold rush.”

Final Thoughts

Harnessing DNS data by using Infoblox technology can help organizations improve their security posture and take proactive approaches to prevent breaches. It also shortens time to remediation for breaches that do occur. Bad actors are becoming more sophisticated in attacks, leveraging AI to their advantage. Infoblox SOC Insights has the potential to allow defenders to stay one step ahead of attackers—even those who are using AI. 

The company is also providing its channel partners and managed security service providers with a tool to help organizations optimize their security investments and streamline security operations. This effort has the potential to unlock incremental monetization opportunities for Infoblox partners, further the company’s sales momentum in a crowded security marketplace, and provide organizations with an additional layer of protection and business resiliency. That’s a win-win by all measures for Infoblox, its partners, and its customers.

+ posts
Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.