Infoblox and Google Cloud: Delivering Preemptive DNS Security

AI-Driven Cyber Threats is the New Normal

Cybercrime is accelerating at an unprecedented pace. Global damages are projected to soar to $23 trillion by 2027,¹ and threat actors are using AI to make attacks more prolific, stealthy and evasive. Attackers can now generate unique, one-time-use malware that renders traditional defense insufficient. To effectively defend against sophisticated attacks, we need a multi-layered approach-one that begins with detecting threats at the earliest stage of the attack lifecycle: the DNS layer.

Ransomware, phishing and data exfiltration campaigns can move from initial breach to lateral movement within an organization in less than an hour, far faster than most security teams can respond. To survive this era of AI-driven threats, organizations must move toward preemptive security: mitigating attacks before they have a chance to land.

Protecting Cloud Environments and Why DNS is Central to Preemptive Security

As companies start migrating to the cloud, we see more and more threat actors targeting cloud environments because they hold personally identifiable information (PII), intellectual property and application code. The Domain Name System (DNS) has always been the backbone of the internet, resolving every request made by users, devices, workloads and applications. What makes DNS powerful for cybersecurity is that it is like a gatekeeper with an inside-out protective shield and the earliest point of prevention for all cyberattacks:

• Application and cloud workloads often connect with external resources on the internet and could be sending queries to high-risk domains via DNS.
• Ransomware infections reach out to command-and-control (C2) servers through DNS.
• Data exfiltration often relies on DNS to communicate with malicious endpoints.

By monitoring and controlling DNS traffic, organizations can cut off attacks at the earliest stage. This is why Protective DNS (PDNS) is increasingly recognized by leading authorities such as the National Institute of Standards and Technology (NIST), which, in their Special Publication (SP) 800-81, recently emphasized DNS as a proactive way to prevent security incidents before they escalate. In addition, DNS-focused threat intelligence is predictive and can block attacker infrastructure even before it is weaponized, further delivering preemptive threat mitigation for organizations.

Infoblox and Google Cloud Use the Power of DNS to Protect Cloud Environments

Infoblox analyzes more than 70 billion DNS queries daily to detect and block threats. Unlike reactive tools, Infoblox focuses on pre-attack intelligence-tracking adversary infrastructure, and AI-driven deception campaigns. On average, Infoblox blocks attacks 68.4 days before other tools detect them with a 0.0002 percent false positive rate.

Building on this expertise, Google Cloud has chosen to partner with Infoblox on DNS Armor-a PDNS capability natively integrated into the Google Cloud Console. This helps ensure that cloud workloads are secured at the DNS layer, providing unified visibility, faster remediation and consistent enforcement across hybrid and multi-cloud environments.

The PDNS solution protects Google Cloud workloads from several threats, including:

• DNS tunneling for the purposes of data exfiltration.
• Malware C2 from a compromised workload to a server owned by an attacker for further instructions.
• Traffic related to domain generation algorithms (DGAs) (used to create machine-generated domains to connect with C2 servers).
• Zero-day DNS queries to newly registered domains that attackers may use immediately for targeted malicious activities.
• DNS queries to known malicious and high-risk domains owned by threat actors.
• DNS queries to lookalike domains intentionally misspelled or formatted to appear like legitimate, trusted brands.
• Exploit kits: DNS queries to websites that attempt to automatically exploit vulnerabilities in cloud workloads to install malware.
• Advanced persistent threats (APTs): DNS queries to domains associated with targeted, long-term attack campaigns, often conducted by sophisticated groups for espionage or data theft.

Figure 1. Google Cloud DNS Armor for preemptive DNS security

"DNS Armor represents a major step forward in how we protect cloud workloads. By partnering with Infoblox, we're delivering preemptive DNS-layer security natively in Google Cloud, helping enterprises reduce risk, simplify operations, and strengthen resilience against today's AI-powered cyber threats,"
- said Anoop Vetteh, Director, Product Management, Networking Security, Google Cloud.

The Bottom Line

The cybersecurity landscape is changing rapidly, with AI giving adversaries the upper hand. Infoblox and Google Cloud are providing another tool in defenders' arsenal with DNS Armor, a PDNS solution that flips the script on reactive security and by blocking threats before they strike.

Learn more in this quick fireside chat video and Google Cloud blog.

Discover the many ways Infoblox collaborates with Google Cloud to deliver leading cloud-native solutions.

DNS Armor is now in Public Preview. Click here to get access.

Footnotes

1. Key Cyber Security Statistics for 2025, Sentinel One, July 30, 2025.