惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
罗磊的独立博客
F
Fortinet All Blogs
人人都是产品经理
人人都是产品经理
量子位
V
Visual Studio Blog
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
B
Blog RSS Feed
腾讯CDC
博客园_首页
aimingoo的专栏
aimingoo的专栏
博客园 - 三生石上(FineUI控件)
博客园 - Franky
S
SegmentFault 最新的问题
N
Netflix TechBlog - Medium
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
LINUX DO - 热门话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Martin Fowler
Martin Fowler
D
Docker
P
Privacy & Cybersecurity Law Blog
S
Securelist
V
V2EX
Jina AI
Jina AI
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 叶小钗
Recent Announcements
Recent Announcements
Cloudbric
Cloudbric
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
V2EX - 技术
V2EX - 技术

Infoblox Blog

Oracle Cloud Discovery for Universal Asset Insights | Infoblox Why Asset Discovery Integrations Start with Network Intelligence Infoblox Kentik Acquisition: AI-Driven Network and Security Intelligence Proxyware actor behind fake 7-Zip is bigger than you think! Using Protective DNS to Dismantle Global Scam Networks | Infosecurity Europe 2026 Residential Proxies: Why DNS Is the Stronger Play NIST Maps DNS Security to the Cybersecurity Framework 2.0 Trusted Infrastructure Data for AI and AgenticOps | Infoblox Meet Your Security Analyst’s New AI Teammate | Infoblox IQ DCloud Uni-App: One Framework, 236,000+ Scam Sites Operation Endgame VS SocGholish Fake Updates Human Judgment Hacks: How Lookalike Domains Work Residential Proxies in the Wild Unlocking Universal DDI on Equinix: Infoblox Brings Cloud-First DDI to Equinix Network Edge “Headless”? What Is It and Do I Need to Go There? The Alert Is Already Too Late The Half of Your Attack Surface Nobody Owns Infoblox Earns Terraform Partner Premier Status for NIOS Provider What 550 Security Leaders Just Told Us about the Age of AI, and Why Preemptive Digital Risk Protection Can’t Wait Lookalike Domains Expose the iPhone Theft Economy Amusing Numerology: Analysis of the Numbers in Domain Names 4 Trends Shaping the Future of Network Operations Why the Axur Acquisition Marks a Turning Point for Preemptive Security Don’t Wait To Be Attacked: Stop Phishing, C2 and Data Exfiltration with Infoblox Threat Intelligence in AWS Network Firewall Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs AI, Project Glasswing and DNS: Beyond Vulnerabilities Three Infoblox Integrations with Google Cloud That Give Enterprise Teams More Control Over Their Networks Protective DNS: Why Telcos Are Turning to DNS as the Platform for Consumer Security Automating Infoblox DDI with Red Hat Ansible | Configuration as Code for DNS, DHCP and IPAM Hiding in Plain Sight: Abusing Composite Domain Names What You Cannot See is Hurting You Most NIST SP 800-81r3: A Long-Overdue Wake-Up Call for DNS Security Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro NIST SP 800-81r3: What’s New? No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution Unified Asset Visibility: A Strategic Imperative for CIOs and CISOs Infoblox Partners with Leading SASE Vendors to Modernize DNS and DHCP for Distributed Enterprises NIST DNS Security Best Practices: Top 5 Takeaways Break out the bubbly: NIST SP 800-81r3 has been published! Empowering Women to Lead in APJ: Infoblox at the Leadership Summit for Women in Technology, AI & Cyber
Preemptive Threat Disruption at Scale: How Infoblox and Axur Turn External Risk into Protection
Mukesh Gupta · 2026-05-05 · via Infoblox Blog

Security teams today don’t suffer from a lack of alerts. They suffer from a lack of effective intervention.

Phishing, exec impersonation, fraud and credential abuse increasingly originate outside the enterprise, across domains, websites, social platforms, ads, mobile apps and underground forums. These environments sit beyond the reach of traditional security controls, and attackers can stand up, test and scale infrastructure long before defenders can intervene.

That gap between where attacks originate and where controls operate is exactly what Infoblox set out to close by acquiring Axur.

Together, Infoblox and Axur deliver Digital Risk Protection Services (DRPS), part of Infoblox Exposure Management, a unified approach to discovering, validating, disrupting and preventing external threats before they impact users, brands or the business.

From Detection to Disruption

Many brand protection and external threat tools struggle with both detection and disruption. Traditional monitoring often relies on domain lookalikes or keyword matching, missing sophisticated campaigns that use generic domains and traffic distribution systems (TDSs) to cloak malicious content from scanners. Even when findings are surfaced, analysts must manually validate abuse, assemble evidence, coordinate takedowns and track outcomes across fragmented systems.

Axur was designed to eliminate that friction.

Its platform continuously discovers external threats using AI-driven content and visual analysis to identify abuse based on behavior and intent, not domain resemblance. This is critical, as attackers increasingly host phishing pages on random infrastructure and use cloaking to evade automated detection. Axur detects impersonation even when logos, layouts or language are subtly altered, while agentic workflows trigger enforcement without waiting for manual review.

Once validated, Axur automates the takedown process end to end, handling evidence submission, provider workflows and follow-up across thousands of external platforms.

The objective is not to respond faster just for the sake of faster response. It is to intervene before attacker infrastructure can be operationalized and scaled.

Preemptive Protection While Takedowns Are Underway

Even with automation, external takedowns are not instantaneous. Platforms have their own processes, and attackers exploit that window.

This is where Infoblox adds a critical layer of infrastructure-level protection.

By combining Axur’s Web Safe Reporting capabilities with Infoblox Threat Defense™, our Protective DNS solution, organizations can protect users while disruption is underway:

  • Protective DNS blocks managed users, devices and workloads from resolving to confirmed high-risk/malicious destinations, including those flagged by Axur for takedowns.
  • Axur’s Web Safe Reporting provides browser-level warnings and user-facing protection for public users, reducing engagement and credential loss while takedowns are in progress.

Protection does not wait for removal to complete. Enforcement begins as soon as threats are validated.

Sustained Removal, Not Whack-a-Mole

Attackers rarely stop after a single takedown. They re-register domains, relaunch ads and clone assets across new platforms.

Axur’s stay-down monitoring continuously detects recurrence and variation, helping ensure that removed infrastructure does not quietly reappear. Each action is tracked with defensible evidence, clear status and full audit history.

This persistence matters. It turns one-time takedowns into durable disruption and allows teams to demonstrate that abuse was not only removed but kept down.

Beyond persistence, each takedown generates intelligence. Evidence collected during enforcement, such as hosting data, registration artifacts, infrastructure reuse patterns, ad accounts and credential harvesting endpoints, often reveals additional domains and assets tied to the same campaign. What begins as a single phishing page frequently expands into a broader attacker infrastructure map.

When confirmed malicious domains and infrastructure context flow into Infoblox Threat Intel, passive DNS analysis can uncover related assets and expand visibility across attacker infrastructure by correlating external abuse signals with DNS telemetry. One validated takedown accelerates the next detection. This is not whack-a-mole; it is a compounding intelligence cycle.

Attribution as a Force Multiplier

Disruption alone is not enough. Security teams need to understand who and what was at risk.

Infoblox’s asset attribution links external abuse to the users, devices, workloads and business units actually at risk. This context allows teams to:

  • Prioritize response based on business impact
  • Route incidents into existing security and IT workflows
  • Prove exposure reduction to leadership and auditors

Attribution is what connects external disruption to internal accountability.

What This Means for Security Teams

With Axur-powered DRPS, teams can:

  • Detect sophisticated external threats that evade traditional domain and keyword monitoring using AI-based content, visual and contextual analysis
  • Validate real abuse with defensible evidence, reducing false positives and analyst overhead
  • Automate takedowns at scale without expanding security teams
  • Enforce protection immediately through DNS controls and browser-level warnings
  • Ensure that threats are removed and remain down through continuous monitoring
  • Link external abuse to impacted users, devices and business environments

Operationally, this shifts teams from chasing incidents to systematically reducing external attack surface and impact.

Operationalizing Preemptive Threat Protection at Scale

Infoblox and Axur operationalize external threat protection at scale, combining AI-powered discovery and automated disruption with infrastructure-level prevention and attribution. At scale, speed, automation and sustained enforcement matter. The operational results reflect that:

  • <4 minutes median time to first notification after malicious activity is identified
  • ~9 hours median time to takedown after confirmation
  • A 98.9% takedown success rate
  • 86% of takedowns fully automated end to end
  • 40+ million URLs analyzed daily, with 1,000+ malicious assets removed every day
  • 15-day stay-down monitoring to prevent recurrence

Infoblox extends that advantage with infrastructure-level enforcement and attribution at global scale:

  • Threats are blocked an average of 68.4 days earlier than with traditional security tools
  • 90% of threats are stopped before the first DNS query is ever made
  • A 0.0002% false positive rate, enabling enforcement without operational friction

Together, this creates a continuous workflow from external discovery and disruption to internal enforcement and attribution, allowing security teams to act preemptively, protect users immediately and prove real exposure reduction across the organization.

Delivering Measurable Risk Reduction Outcomes

Ultimately, customers don’t measure success by how many alerts they receive. They measure it by fewer incidents, less fraud and reduced operational burden.

By combining Axur’s AI-driven external disruption with Infoblox’s DNS-based prevention and attribution, organizations can move from reactive response to measurable, sustained risk reduction.

External risk will continue to originate beyond traditional security boundaries. The organizations that succeed will be those that continuously discover, disrupt and enforce protection as part of a unified cycle. That’s the standard we’re building toward, and the reasons that Axur is such a strong addition to Infoblox.