惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 三生石上(FineUI控件)
美团技术团队
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
L
LangChain Blog
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 叶小钗
Engineering at Meta
Engineering at Meta
腾讯CDC
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
博客园 - Franky
博客园 - 司徒正美
The Cloudflare Blog
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
C
Check Point Blog
小众软件
小众软件
V
Visual Studio Blog
V
V2EX
F
Full Disclosure
J
Java Code Geeks
MongoDB | Blog
MongoDB | Blog
罗磊的独立博客
人人都是产品经理
人人都是产品经理
量子位
Apple Machine Learning Research
Apple Machine Learning Research
F
Fortinet All Blogs
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 【当耐特】
博客园_首页
Y
Y Combinator Blog
N
Netflix TechBlog - Medium
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
Recorded Future
Recorded Future
G
Google Developers Blog
Vercel News
Vercel News
大猫的无限游戏
大猫的无限游戏
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
爱范儿
爱范儿
Jina AI
Jina AI

Infoblox Blog

The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence) Oracle Cloud Discovery for Universal Asset Insights | Infoblox Why Asset Discovery Integrations Start with Network Intelligence Infoblox Kentik Acquisition: AI-Driven Network and Security Intelligence Proxyware actor behind fake 7-Zip is bigger than you think! Using Protective DNS to Dismantle Global Scam Networks | Infosecurity Europe 2026 Residential Proxies: Why DNS Is the Stronger Play NIST Maps DNS Security to the Cybersecurity Framework 2.0 Trusted Infrastructure Data for AI and AgenticOps | Infoblox Meet Your Security Analyst’s New AI Teammate | Infoblox IQ DCloud Uni-App: One Framework, 236,000+ Scam Sites Operation Endgame VS SocGholish Fake Updates Human Judgment Hacks: How Lookalike Domains Work Residential Proxies in the Wild Unlocking Universal DDI on Equinix: Infoblox Brings Cloud-First DDI to Equinix Network Edge “Headless”? What Is It and Do I Need to Go There? The Half of Your Attack Surface Nobody Owns Infoblox Earns Terraform Partner Premier Status for NIOS Provider What 550 Security Leaders Just Told Us about the Age of AI, and Why Preemptive Digital Risk Protection Can’t Wait Lookalike Domains Expose the iPhone Theft Economy Amusing Numerology: Analysis of the Numbers in Domain Names 4 Trends Shaping the Future of Network Operations Preemptive Threat Disruption at Scale: How Infoblox and Axur Turn External Risk into Protection Why the Axur Acquisition Marks a Turning Point for Preemptive Security Don’t Wait To Be Attacked: Stop Phishing, C2 and Data Exfiltration with Infoblox Threat Intelligence in AWS Network Firewall Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs AI, Project Glasswing and DNS: Beyond Vulnerabilities Three Infoblox Integrations with Google Cloud That Give Enterprise Teams More Control Over Their Networks Protective DNS: Why Telcos Are Turning to DNS as the Platform for Consumer Security Automating Infoblox DDI with Red Hat Ansible | Configuration as Code for DNS, DHCP and IPAM Hiding in Plain Sight: Abusing Composite Domain Names What You Cannot See is Hurting You Most NIST SP 800-81r3: A Long-Overdue Wake-Up Call for DNS Security Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro NIST SP 800-81r3: What’s New? No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution Unified Asset Visibility: A Strategic Imperative for CIOs and CISOs Infoblox Partners with Leading SASE Vendors to Modernize DNS and DHCP for Distributed Enterprises NIST DNS Security Best Practices: Top 5 Takeaways Break out the bubbly: NIST SP 800-81r3 has been published! Empowering Women to Lead in APJ: Infoblox at the Leadership Summit for Women in Technology, AI & Cyber
The Alert Is Already Too Late
Mukesh Gupta · 2026-06-03 · via Infoblox Blog

Infoblox IQ detects issues, diagnoses root cause and surfaces a recommendation—before anyone files a ticket.

Why We Built Infoblox IQ

I’ve spent a lot of time over the last year sitting with customers. At their offices, at our EBCs, in roadmap reviews, on our Customer Advisory Board and in 1:1 chats about where AI is going. When you ask network and security operators what’s breaking their week, the answers are consistent. And they are the problems we set out to solve.

A network lead at a large retailer told me, “I don’t want more insights and alerts, I already have enough of those. What I want is someone to take the next step, troubleshoot things like I would do and tell me what to do next.” His tools already tell him what’s wrong. What they don’t do is take the next step. By the time he’s catching up on a red chart, his boss is already asking why he didn’t get ahead of it.

A security lead at a global enterprise told me his SOC team is drowning in alerts. They have the tools to detect threats. What they don’t have is the time to investigate which alerts are real, which users and devices are at risk, and what to do about it. The gap is not detection. It is everything that comes after.

A networking architect at a large hospitality customer told me he wants to give his help desk a way to ask DNS questions in plain language, so the help desk can resolve issues without escalating. Today, every ticket finds its way back to the same handful of DDI experts. Those experts are expensive, hard to hire and harder to keep.

And almost every customer asks me the same thing about AI. “Will I be able to plug your data into my own agents?” One customer told me directly that an external Model Context Protocol (MCP) framework was critical. Another has already started building one. These customers are not waiting for any one vendor to ship the perfect assistant. They are building agentic workflows themselves, and they need network truth to ground those agents.

Three patterns. Increasing complexity. A widening expert gap. Response delays that are now costing real money.

That is why we built Infoblox IQ.

For more than 25 years, Infoblox has held the most authoritative record of what is happening on an enterprise network—every device, every IP address, every DNS query. What Infoblox IQ adds is the layer that reasons across all of it and takes the next step, so operators don’t have to.

How Infoblox IQ Works

Infoblox IQ is an agentic AI operations layer for network and security teams. It runs across the Infoblox Platform and grows with it, turning the most authoritative data on your network into something that detects issues, investigates incidents, surfaces the right actions to resolve them and puts the operator in the right place in the loop.

Three things shape how Infoblox IQ works.

First, it runs on network truth. DNS, DHCP and IP address management (IPAM) are the authoritative record of what is happening on the network. DNS is the first protocol touched in most attacks. By the time a threat shows up in a security information and event management (SIEM) or endpoint detection and response (EDR), the connection has already been made. Configuration state is not inferred from change tickets; it is the system of record. An agent reasoning from a representation of the network gives different answers depending on which downstream system it queries—and the operator has no way to know which one is right. Infoblox IQ runs on the data directly. Same source. Same answer. Every time.

Second, the agents are built on 25-plus years of operating experience, not on a generic model pointed at network data. We learned this the hard way. We started this work believing the frontier models would figure DDI and DNS security out on their own. Give them the data, give them a good prompt, let them reason. They couldn’t. Not reliably, not at the depth an operator needs. The models are powerful, but they don’t know the many reasons DNS latency or SERVFAIL errors suddenly spike—or what to do about each one. So we changed our approach. We took 25-plus years of Infoblox operating knowledge (what fails, what drifts, what matters, what to ignore, what a good operator does next) and built that into Infoblox IQ. The agents are built by the people who have spent their careers running these systems in production. That is the difference between a chatbot that sounds confident and an agent you can actually trust with your network.

Third, AI actions are designed to close the loop between insight and action. The hardest part of operations is not noticing something is wrong. It is getting from “noticed” to “resolved.” That gap is where the time, cost and frustration sit.

AI actions are built to compress that gap. The agent does what a strong human operator would do, just much faster. It spots the issue, often before users feel it. It pulls the relevant data, analyzes it, finds the root cause and produces a recommendation. All of that runs in the background, in seconds. By the time the operator picks up the ticket, 90 percent of the work is already done. They can dig in further with the agent or apply the recommendation and move on.

Infoblox IQ automatically investigates threats in Infoblox Threat Defense™ and hands the analyst a confirmed scope and remediation options. A configuration drift in DDI (a DNS record edited by hand, a DHCP scope quietly modified, a recursion setting flipped by a script no one tracked) shows up with the context to act, not just an alert.

Three numbers move because of this. MTTR (mean time to respond) drops, because Infoblox IQ surfaces issues before anyone files a ticket. MTTR (mean time to resolve) and MTTI (mean time to innocence, the hours DDI teams burn proving the problem isn’t theirs) drop for the same reason—most of the diagnostic work is already done when the human arrives. All three are too high in most enterprises today.

How much autonomy Infoblox IQ gets is the customer’s call. We start with recommendations for the operator to review and approve. As trust builds, customers can pre-authorize Infoblox IQ to execute specific, well-bounded workflows on their behalf, with full autonomy available for selected workflows down the road. DDI is foundational to how an enterprise runs, and we are not going to push autonomy faster than customers want it. Every action, regardless of mode, is logged and auditable.

To the customer who said he didn’t need more alerts, just someone to take the next step, this is exactly what he asked for. Troubleshooting already done. A recommendation ready. An action he can approve.

Automated Actions, Conversational AI and Extensibility

These will be available in the tools and workflows customers already use:

Infoblox IQ for Threat Defense takes a large volume of DNS security signals, distills them into a small number of confirmed threats, traces each one across affected users and devices, and presents the analyst with a confirmed scope plus a set of remediation options for approval. Existing SOC Insights customers can move over with zero friction.

Infoblox IQ for DDI enables AI actions for DNS on Infoblox Universal DDI™. Infoblox IQ surfaces operational issues with full context and a recommendation, executed through approval workflows the operator controls. Support for DHCP, IPAM and NIOS will follow in the coming weeks. Customers can start with what’s available today and expand as we enable the rest.

The Infoblox IQ AI assistant is available across the portfolio as the conversational layer of Infoblox IQ. It answers natural language questions about network state, security threats and assets. It translates plain English into precise configuration changes. This core capability embedded with every Infoblox product is available at no extra charge.

The Infoblox Model Context Protocol (MCP) Server is open by design and included with Infoblox products. Customers, partners and developers can build their own agentic apps on top of Infoblox network, security and asset data. They can connect Infoblox agents to AI systems from other vendors for agent-to-agent workflows that span network, security and broader IT operations.

The Infoblox Model Context Protocol (MCP) Server is built on a simple belief. Customers should not be locked into any one vendor’s AI agents, including ours. They will create agents tailored to their own environments and use cases, and some may be more effective than anything we could build ourselves. We provide the trusted data, open standards and an extensible platform that will allow customers to build, connect and orchestrate the agents they need today and in the future.

What Comes Next

Network and security teams are being asked to manage more infrastructure, against more threats, on a tighter clock than ever before. The answer is not another console. It is not another assistant. It is an operations layer that closes the gap between what the network already knows and what teams can act on.

To every customer who told me they wanted someone to take the next step instead of more alerts, actions an operator can approve instead of tickets to chase and an open platform they can build on: June 3 is the start. The teams that will get the most out of Infoblox IQ are the ones who stop treating it as a reporting tool and start treating it as a colleague who already knows their environment.

The roadmap goes much further, but the foundation is in place. And we built it because customers asked us to.