Sold by: InfobloxÂ
Deployed on AWS
Infoblox Threat Defense delivers preemptive DNS security to stop malware, ransomware, command-and-control (C2) communications, and DNS-based data exfiltration before they impact users or cloud workloads. It enriches SIEM, SOAR, and SOC operations with threat intelligence and automation.
Overview
Infoblox Threat Defense delivers preemptive DNS security to stop cyberattacks before they reach endpoints, users, or cloud workloads. By blocking malicious domains, preventing DNS-based data exfiltration, and disrupting command-and-control (C2) activity, it provides an essential first line of defense for modern networks. Threat Defense integrates with SIEM, SOAR, and SOC tools to enrich alerts with DNS, network, device, and policy context, accelerating investigations, reducing false positives, and automating response across the security stack.
Unlike point solutions that only detect attacks after they occur, Infoblox uses the DNS layer to provide real-time threat visibility across distributed environments. This includes cloud, multi-cloud, IoT, and remote office deployments where traditional perimeter defenses are less effective. Security and cloud engineers can quickly see who initiated a risky DNS query, what domain or resource was requested, and why it was flagged, enabling faster triage and remediation.
Threat Defense also helps organizations align with compliance requirements, including the latest NIST 800-81r3 DNS Security Operations guidelines. By combining authoritative DNS services with threat intelligence and automated controls, it strengthens both security posture and operational resilience.
To extend value, Infoblox offers add-on options that build on Threat Defense Cloud: - SOC Insights - advanced analytics and visualizations to help security operations teams prioritize and investigate threats faster. - Log Export - delivers DNS query and security event logs directly from Threat Defense Cloud into your SIEM for deeper analysis and long-term retention. - Lookalike Domain Monitoring - detects and alerts on domains designed to mimic your brand or critical assets, reducing risk of phishing and fraud. - Dossier - a threat investigation portal that provides global context, reputation scoring, and research tools to support faster, evidence-based decisions.
With preemptive DNS security, contextual enrichment, and seamless integration, Infoblox Threat Defense empowers SOC teams to block threats earlier, investigate smarter, and respond faster, delivering protection that scales with your business across the cloud, data center, and everywhere users connect.
Highlights
- Preemptive DNS Security: Block malware, ransomware, data theft, and C2 activity before it reaches users, endpoints, or cloud workloads
- Automated Response & Enrichment: Enrich SIEM, SOAR, and SOC workflows with DNS, user, and device context to speed investigations and remediation.
- Fast Time to Value: Deploy Protective DNS security quickly across multi-cloud and distributed environments with Infoblox expert support.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
BloxOne Threat Defense | BloxOne Threat Defense Advanced Subscription Subscriber bundle | $496,500.00 |
Vendor refund policy
Standard Infoblox and AWS refund policies are in effect.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Quick Start Guide -
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Infoblox
By Cloud Infrastructure Services
By Edgenexus
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
DNS Security Layer
Provides real-time threat visibility and blocking at the DNS layer across distributed environments including cloud, multi-cloud, IoT, and remote office networks
Threat Intelligence Integration
Combines authoritative DNS services with threat intelligence and automated controls to detect and prevent malicious domain interactions
Advanced Threat Detection
Blocks malicious domains, prevents DNS-based data exfiltration, and disrupts command-and-control (C2) communication before attacks reach endpoints
Security Context Enrichment
Offers detailed context about DNS queries including initiator, requested domain, and threat flagging to accelerate investigation and remediation
Compliance Alignment
Supports compliance with NIST 800-81r3 DNS Security Operations guidelines through comprehensive security controls and operational resilience mechanisms
Domain Services
Provides Active Directory domain services with full support for authentication, authorization, and directory management
Network Name Resolution
Integrated DNS server role for comprehensive name resolution services within the network infrastructure
Group Policy Management
Supports Group Policy Objects (GPOs) for centralized configuration and security management of servers and users
Hybrid Infrastructure Support
Enables extension and replication of on-premises Active Directory into AWS cloud environment
Authentication Services
Provides Single Sign-On (SSO) capabilities for user authentication across servers, services, and applications in AWS
Multi-Cloud Architecture Support
Enables seamless traffic distribution and workload migration across multiple cloud environments and data centers
Geolocation-Based Traffic Routing
Dynamically routes user traffic based on client geographic location and predefined routing criteria
DNS-Based Load Balancing
Manipulates DNS responses to distribute traffic using algorithms like round robin, fixed weight, and health checks
High Availability Configuration
Supports Active-Active and Active-Passive architectures for data center failover and disaster recovery
Performance-Driven Traffic Management
Directs user requests to optimal data centers based on availability and performance profiles
Standard contract
No
No
No
Customer reviews
4.3
2 ratings
2 AWS reviews
|
9 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
reviewer2703357
Valuable analytics integration improves data insights but needs fewer restrictions
Reviewed on May 16, 2025
Review provided by PeerSpot
What is our primary use case?
I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense for the government, but I'm not sure if I can provide much information about that because it's secret-related.
What is most valuable?
What is valuable about the Infoblox BloxOne Threat Defense is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM is very valuable for getting DNS query analytics, and this is very important.
The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.
What needs improvement?
Many things can be improved with the Infoblox BloxOne Threat Defense. I don't have specific improvements in mind, but there are many tools that can be enhanced.
I can give you an example: having too many restrictions in a platform is not a good thing for the developers.
For how long have I used the solution?
I have had 4 years of experience with the Infoblox BloxOne Threat Defense.
How are customer service and support?
I would rate their customer service or technical support as not always good. You can be fortunate if you meet someone knowledgeable because most people try and get you to a certain point. It depends on your level of technical expertise. From my perspective, I would say it's not good. From my experience, it seems to vary, and it's less relevant from an objective perspective.
How would you rate customer service and support?
Positive
Which other solutions did I evaluate?
The main differences between BlueCat and Infoblox BloxOne depend on your licensing, and there are various aspects to consider.
I think the pricing for the Infoblox BloxOne Threat Defense is very expensive. I believe the competitor, BlueCat, offers better prices.
What other advice do I have?
I know that the Infoblox BloxOne Threat Defense supposedly has AI integrated according to suppliers, but personally, I don't use any AI tool to work with it. That being said, it's a black box, and it's not a Linux machine that you can add features to at will.
Overall, I would rate the Infoblox BloxOne Threat Defense as 8.5 out of 10.
reviewer2702031
User-friendly interface and powerful analytic reporting enhance threat defense capabilities
Reviewed on May 06, 2025
Review provided by PeerSpot
What is our primary use case?
I primarily use Infoblox BloxOne Threat Defense in the banking sector and oil and gas industries.
What is most valuable?
The most useful aspect of Infoblox BloxOne Threat Defense is its user-friendly interface and its powerful analytic reporting. The product has been implemented in the banking sector.
What needs improvement?
If Infoblox invests in network observability, especially from the perspective of DNS and IP address observability, it could be a significant improvement.
For how long have I used the solution?
I have experience with this product for eight months.
What do I think about the stability of the solution?
I have faced quite a few problems in my eight months of experience with the product in GTS, despite it being a relatively short period.
What's my experience with pricing, setup cost, and licensing?
Infoblox BloxOne Threat Defense can be expensive for the commercial sector, particularly in Egypt, as this sector does not have a huge budget compared to banking or oil and gas, as the regulations are not as strict.
What other advice do I have?
My overall rating for Infoblox BloxOne Threat Defense is eight out of ten.
reviewer2183721
Improving DNS security posture with comprehensive threat detection
Reviewed on Mar 12, 2025
Review provided by PeerSpot
What is our primary use case?
We use Infoblox BloxOne Threat Defense for protecting against DNS tunneling, malware detection, DGA, and other threats. All our requests in the direction to the internet go through Infoblox BloxOne Threat Defense .
What is most valuable?
The most valuable features include malware detection, phishing, DNS tunneling detection, DGA, and DNS firewall feeds. Our network's DNS security posture has improved because of these features. It is important for us because the tool helps us handle security issues effectively.
What needs improvement?
The UI performance could be better in the future, as sometimes there are delays. Additionally, DNS resolution speed could be improved to match that of Google DNS or Cloudflare DNSÂ .
For how long have I used the solution?
We have used the solution for more than a year.
What was my experience with deployment of the solution?
We did not face any challenges during the initial setup. The setup is quite easy, and the implementation took about two to three months. We simulated all traffic and spent time tuning rules before full deployment.
What do I think about the stability of the solution?
The stability of Infoblox BloxOne Threat Defense is near perfect at a rating of ten. Stability is critical for us because each DNS call is crucial for our services, and any issues with Infoblox BloxOne Threat Defense would impact our services.
What do I think about the scalability of the solution?
Infoblox has to manage scalability, so we can't do much about it. However, it is quite scalable, with a rating of eight or nine.
How are customer service and support?
Customer service is rated as an eight. They responded quickly and effectively when we experienced some over-blockings recently.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used solutions from Spamhaus and others. We switched to increase our security maturity, as many attacks are related to DNS, and we needed to detect such issues.
How was the initial setup?
The initial setup was rated an eight, indicating it was mostly easy with no significant challenges.
What about the implementation team?
Two people were involved in the deployment process.
What's my experience with pricing, setup cost, and licensing?
Infoblox BloxOne Threat Defense is quite expensive, especially due to the significant increase in the subscription fee after the first year. This unexpected increase was a problem for us.
Which other solutions did I evaluate?
We evaluated other vendors, but Infoblox BloxOne Threat Defense was chosen. Specifics on other evaluations were outside my scope.
What other advice do I have?
I rate Infoblox BloxOne Threat Defense as an eight overall. While the tool offers valuable features and stability, the unexpected subscription price increases remain a concern.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Akshay B.
Tough Security Solution with Some Setup Challenges
Reviewed on Sep 03, 2024
Review provided by G2
What do you like best about the product?
"BloxOne Threat Defense is great for spotting and reacting to cyber threats instantly, so you stay protected without slowing things down.
It works well with your existing tools and uses the latest threat info to keep your network safe." It's easy to use.
Customer support is top-notch and I used to use frequently.
It works well with your existing tools and uses the latest threat info to keep your network safe." It's easy to use.
Customer support is top-notch and I used to use frequently.
What do you dislike about the product?
One thing to watch out for with BloxOne Threat Defense is that it can be a bit complex to set up and might be more expensive than some other options. It might take a bit of work to get everything just right.
What problems is the product solving and how is that benefiting you?
BloxOne Threat Defense keeps your network safe by catching cyber threats before they become serious issues. It works well with your current security setup, making it easier to protect your systems without a lot of extra effort.
Igor Van Den Ouden
A hybrid solution for DNS security with insights and security reports
Reviewed on Mar 28, 2024
Review from a verified AWS customer
What is our primary use case?
We use the solution for DNS security.
How has it helped my organization?
The solution provides insights into what’s happening on the network. It enriches the information internally.
What is most valuable?
The most valuable feature is policy redirecting and security reports. It detects threats and blocks them. Also, it offers DNS handling and data extraction. It provides a centralized view of connected users and incoming data sources. It is integrated via the API to different monitoring systems that send out alerts. We haven't had any false positives due to this solution.
What needs improvement?
The product could be cheaper.
For how long have I used the solution?
I have been using Infoblox BloxOne Threat Defense as a consultant. We are using the latest version of the solution.
What do I think about the stability of the solution?
The product is very stable.
I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
We have no issues with the scalability. 10-15 users are using this solution. It is suitable for medium and enterprise users.
I rate the solution’s scalability a ten out of ten.
How are customer service and support?
Technical support is very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Cisco Umbrella is more flexible and a very good competitor.
How was the initial setup?
The initial setup is very straightforward. It is a SaaS solution designed for cloud security. The on-premises part is easily implemented. It facilitates a complete migration for comprehensive use cases. It takes about a month to get everything migrated, with fine-tuning and thorough testing.
Deployment involves planning, testing scenarios, defining acceptance policies, and then gradually migrating small network parts to utilize them effectively.
I rate the initial setup a nine out of ten, where one is difficult and ten is easy.
What's my experience with pricing, setup cost, and licensing?
The product is expensive depending on all features.
I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.
What other advice do I have?
I recommend the solution for extra insights and protection.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)