Sold by: Infoblox
Deployed on AWS
Infoblox Threat Defense delivers preemptive DNS security to stop malware, ransomware, command-and-control (C2) communications, and DNS-based data exfiltration before they impact users or cloud workloads. It enriches SIEM, SOAR, and SOC operations with threat intelligence and automation.
4.5
Overview
Infoblox Threat Defense delivers preemptive DNS security to stop cyberattacks before they reach endpoints, users, or cloud workloads. By blocking malicious domains, preventing DNS-based data exfiltration, and disrupting command-and-control (C2) activity, it provides an essential first line of defense for modern networks. Threat Defense integrates with SIEM, SOAR, and SOC tools to enrich alerts with DNS, network, device, and policy context, accelerating investigations, reducing false positives, and automating response across the security stack.
Unlike point solutions that only detect attacks after they occur, Infoblox uses the DNS layer to provide real-time threat visibility across distributed environments. This includes cloud, multi-cloud, IoT, and remote office deployments where traditional perimeter defenses are less effective. Security and cloud engineers can quickly see who initiated a risky DNS query, what domain or resource was requested, and why it was flagged, enabling faster triage and remediation.
Threat Defense also helps organizations align with compliance requirements, including the latest NIST 800-81r3 DNS Security Operations guidelines. By combining authoritative DNS services with threat intelligence and automated controls, it strengthens both security posture and operational resilience.
To extend value, Infoblox offers add-on options that build on Threat Defense Cloud: - SOC Insights - advanced analytics and visualizations to help security operations teams prioritize and investigate threats faster. - Log Export - delivers DNS query and security event logs directly from Threat Defense Cloud into your SIEM for deeper analysis and long-term retention. - Lookalike Domain Monitoring - detects and alerts on domains designed to mimic your brand or critical assets, reducing risk of phishing and fraud. - Dossier - a threat investigation portal that provides global context, reputation scoring, and research tools to support faster, evidence-based decisions.
With preemptive DNS security, contextual enrichment, and seamless integration, Infoblox Threat Defense empowers SOC teams to block threats earlier, investigate smarter, and respond faster, delivering protection that scales with your business across the cloud, data center, and everywhere users connect.
Private Offer: This product is available via private offer. Please contact marketplace@infoblox.com to receive a custom quote.
Highlights
- Preemptive DNS Security: Block malware, ransomware, data theft, and C2 activity before it reaches users, endpoints, or cloud workloads
- Automated Response & Enrichment: Enrich SIEM, SOAR, and SOC workflows with DNS, user, and device context to speed investigations and remediation.
- Fast Time to Value: Deploy Protective DNS security quickly across multi-cloud and distributed environments with Infoblox expert support.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
BloxOne Threat Defense | BloxOne Threat Defense Advanced Subscription Subscriber bundle | $496,500.00 |
Vendor refund policy
Standard Infoblox and AWS refund policies are in effect.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Quick Start Guide -
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Infoblox
By Cloud Infrastructure Services
By Edgenexus
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
DNS-Based Threat Prevention
Blocks malware, ransomware, command-and-control communications, and DNS-based data exfiltration at the DNS layer before reaching endpoints, users, or cloud workloads
Security Operations Integration
Integrates with SIEM, SOAR, and SOC tools to enrich alerts with DNS, network, device, and policy context for accelerated investigations and automated response
Real-Time Threat Visibility
Provides real-time DNS query visibility across distributed environments including cloud, multi-cloud, IoT, and remote office deployments with contextual information on query initiators and flagged domains
Compliance and Authoritative DNS Services
Combines authoritative DNS services with threat intelligence controls to align with NIST 800-81r3 DNS Security Operations guidelines and strengthen operational resilience
Active Directory Domain Services
Deployment of Active Directory Domain Controller 2016 with capability to establish new domain/forest or integrate with existing domains for centralized identity management
DNS Server Role
Integrated DNS server role for providing name resolution services to servers and applications running in AWS infrastructure
Group Policy Management
Group Policy Objects (GPOs) functionality to enforce security policies, restrict server operating systems, and manage server login configurations across AWS environment
Hybrid Active Directory Integration
Support for hybrid Active Directory setup enabling synchronization and replication between on-premises Active Directory and AWS-deployed domain controllers
Single Sign-On Authentication
Single Sign-On (SSO) capability for user authentication to servers and services in AWS using Active Directory credentials
DNS-Based Traffic Management
DNS-based system that manipulates DNS responses based on availability and performance profiles of data centers
Geolocation-Based Routing
Directs users to closest data centers using geolocation of client and ensures users from specific geographic locations are routed to appropriate data centers
Multi-Data Center Load Distribution
Distributes traffic between multiple data centers using criteria including fixed weight, round robin, and data center health checks in active-active or active-passive architectures
Data Center Failover
Provides automatic failover capability between data centers in active-passive architecture to maintain service availability when one data center fails
Multi-Cloud Workload Migration
Supports live workload migration between multiple clouds and enables hybrid cloud deployments in both active-active and active-passive configurations
Standard contract
No
No
No
Customer reviews
Sanchit Makkar
Advanced DNS defense has blocked malicious domains and has improved threat investigation
Reviewed on May 05, 2026
Review provided by PeerSpot
What is our primary use case?
Our main use case for Infoblox BloxOne Threat Defense is blocking malicious domains over the internet for our customers.
A specific example of how we use Infoblox BloxOne Threat Defense to block malicious domains is that we have DNS firewall policies which inspect all DNS queries from end users in different locations, blocking any malicious DNS queries that match our DNS firewall policy to prevent users from reaching harmful sites.
We majorly interact with Infoblox BloxOne Threat Defense for on-prem users as well as roaming users using Infoblox agents.
How has it helped my organization?
Infoblox BloxOne Threat Defense has positively impacted our organization by effectively preventing any kind of DNS attack or zero-day attack that users are not aware of.
Since using Infoblox BloxOne Threat Defense, we have seen a significant number of malicious domains getting blocked, and we have sent this data to our security analysis team to check the trend of user behavior.
We have saved a lot of time by not digging into multiple tools for DNS threats because Infoblox BloxOne Threat Defense can log malicious queries on its own and send them to a security SIEM tool, which then triggers an incident, improving our timing on detecting malicious DNS queries in the environment.
What is most valuable?
Infoblox BloxOne Threat Defense offers a wide range of security feeds including malware, ransomware, domain generation algorithms, and many more types of feeds, along with security over category blocking of domains.
A unique feature in Infoblox BloxOne Threat Defense is the ability to identify look-alike domains, where we can input our own domains and public domains that may confuse users.
Security feeds such as malware, ransomware, and domain generation algorithms have helped our organization when an end user received a spam email containing a non-secure URL or a malicious domain, which was successfully blocked by Infoblox BloxOne Threat Defense, protecting our assets.
What needs improvement?
If I had to think of an area of improvement for Infoblox BloxOne Threat Defense, it would be for the support team to be more proactive, as normal questions could often be answered by a level one support team more effectively, given that they usually take a lot of time to respond to certain queries.
While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.
For how long have I used the solution?
I have been using Infoblox BloxOne Threat Defense for three years.
What do I think about the stability of the solution?
Infoblox BloxOne Threat Defense is a very stable solution.
What do I think about the scalability of the solution?
Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.
How are customer service and support?
Customer support is good, but sometimes there is a lack of clarity that the technical assistant team struggles to deliver, leading us to escalate cases for a more in-depth understanding of the tool.
Which solution did I use previously and why did I switch?
We previously used the open DNS security features from Cloudflare , but it was not a paid subscription, so we could not maximize the benefits, which is why we switched to Infoblox BloxOne Threat Defense.
How was the initial setup?
The licensing subscriptions come based on our usage, and we are using the BloxOne Threat Defense Advanced license to enable the best security standards for our enterprise, and the setup process was easy and smooth since it is subscription-based.
What about the implementation team?
While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.
What was our ROI?
Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.
What's my experience with pricing, setup cost, and licensing?
While customer support is pretty good, the knowledge of the support staff needs to be refreshed regularly, and they should be able to respond quickly when a case is locked with them, as I have noticed delays in response on a few occasions.
Which other solutions did I evaluate?
We did not evaluate any other options before choosing Infoblox BloxOne Threat Defense; it was our first and final product that we implemented.
What other advice do I have?
Infoblox BloxOne Threat Defense is deployed in our organization in the public cloud.
Since it is a SaaS solution, Infoblox BloxOne Threat Defense is highly scalable, allowing us to configure users to use DNS firewall policies and protect their DNS queries regardless of their location.
Infoblox BloxOne Threat Defense is one of the best industry standards and one of the easiest tools to operate in the DDI and DNS security field, and I appreciate the features they provide, such as research, reporting, and the ease of configuring the DNS firewall.
I have not noticed any use case where Infoblox BloxOne Threat Defense needs improvement; it is a very robust tool with all the good features built in from the vendor.
My advice for others looking into using Infoblox BloxOne Threat Defense is that it is a powerful tool, and they should take a demo from the vendor to understand their own use cases; the overall implementation is easy and accurate, and once you have hands-on knowledge, day-to-day management on BloxOne Threat Defense becomes straightforward.
Overall, Infoblox BloxOne Threat Defense is a wonderful tool—one of the best we have used for DNS security, and if any enterprise needs such a solution, they should definitely consider this product to find value in the platform. I give this product a rating of 10 out of 10.
AwaisSajid
Improved threat visibility has strengthened DNS security and automated real-time policy decisions
Reviewed on Mar 31, 2026
Review provided by PeerSpot
What is our primary use case?
I have not integrated Infoblox BloxOne Threat Defense with other security tools, but recently, I believe I have integrated it with a SIEM solution.
What is most valuable?
I find all the features of Infoblox BloxOne Threat Defense , including asset discovery as well as DNS security, most valuable. Most importantly, they are introducing universal DDI and NIOSx. These are all very beneficial for organizations looking for DDI solutions.
The real-time analytics feature of Infoblox BloxOne Threat Defense is a good one as well.
The threat intelligence feature, specifically predictive threat intelligence, is one of the core selling features of Infoblox BloxOne Threat Defense. The automated policy enforcement in minimizing human error is quite easy as well. However, I would like to mention that if you block those lists which are whitelisted in your organization by mistake, then nobody is going to access that because it is working on the DNS layer.
What needs improvement?
I believe that blacklisting in Infoblox BloxOne Threat Defense cannot be simplified. From the perspective of what I can modify, there is nothing and no improvement needs to be required. You need to be cautious when you are deploying the policy. Otherwise, it is quite easy to deploy. With just a single click, you can deploy it, and with just a single click you can set whether you are allowing the traffic or blocking it.
For how long have I used the solution?
I have been dealing with Infoblox BloxOne Threat Defense for more than a year.
How are customer service and support?
I rate my experience with their technical support above ten. They are really good at it.
How was the initial setup?
Integrating Infoblox BloxOne Threat Defense was quite easy. You just need to deploy a single VM and you need to start a service on it and then you are good to go.
What's my experience with pricing, setup cost, and licensing?
I find the pricing of Infoblox BloxOne Threat Defense reasonable. They have recently changed the pricing model and shifted to a token-based system. I believe that this is a more modern method being utilized by all the security vendors nowadays.
What other advice do I have?
I believe that there is no improvement needed for Infoblox BloxOne Threat Defense. I believe that it is a really up-to-date product. Regarding additional features in the future to make Infoblox BloxOne Threat Defense even better, we contact Infoblox regarding different features. Looking at their labs feature, they are introducing those features as well. You can now discover new assets regarding Oracle as well. You can integrate your vulnerability assessment tools with it. There are a lot of things that are coming up in Infoblox, so I believe there is nothing that I would add at this moment. I rate this product 9.5 out of 10.
reviewer2703357
Valuable analytics integration improves data insights but needs fewer restrictions
Reviewed on May 16, 2025
Review provided by PeerSpot
What is our primary use case?
I can describe some of the use cases for the product in general. I'm working with the Infoblox BloxOne Threat Defense for the government, but I'm not sure if I can provide much information about that because it's secret-related.
What is most valuable?
What is valuable about the Infoblox BloxOne Threat Defense is especially the monitoring and reporting, which provides valuable information. The integration with any SIEM is very valuable for getting DNS query analytics, and this is very important.
The threat analytics tools in the Infoblox BloxOne Threat Defense improve security response through integration with another platform, allowing you to gain insights on your own data happening within your own Infoblox BloxOne.
What needs improvement?
Many things can be improved with the Infoblox BloxOne Threat Defense. I don't have specific improvements in mind, but there are many tools that can be enhanced.
I can give you an example: having too many restrictions in a platform is not a good thing for the developers.
For how long have I used the solution?
I have had 4 years of experience with the Infoblox BloxOne Threat Defense.
How are customer service and support?
I would rate their customer service or technical support as not always good. You can be fortunate if you meet someone knowledgeable because most people try and get you to a certain point. It depends on your level of technical expertise. From my perspective, I would say it's not good. From my experience, it seems to vary, and it's less relevant from an objective perspective.
Which other solutions did I evaluate?
The main differences between BlueCat and Infoblox BloxOne depend on your licensing, and there are various aspects to consider.
I think the pricing for the Infoblox BloxOne Threat Defense is very expensive. I believe the competitor, BlueCat, offers better prices.
What other advice do I have?
I know that the Infoblox BloxOne Threat Defense supposedly has AI integrated according to suppliers, but personally, I don't use any AI tool to work with it. That being said, it's a black box, and it's not a Linux machine that you can add features to at will.
Overall, I would rate the Infoblox BloxOne Threat Defense as 8.5 out of 10.
reviewer2702031
User-friendly interface and powerful analytic reporting enhance threat defense capabilities
Reviewed on May 06, 2025
Review provided by PeerSpot
What is our primary use case?
I primarily use Infoblox BloxOne Threat Defense in the banking sector and oil and gas industries.
What is most valuable?
The most useful aspect of Infoblox BloxOne Threat Defense is its user-friendly interface and its powerful analytic reporting. The product has been implemented in the banking sector.
What needs improvement?
If Infoblox invests in network observability, especially from the perspective of DNS and IP address observability, it could be a significant improvement.
For how long have I used the solution?
I have experience with this product for eight months.
What do I think about the stability of the solution?
I have faced quite a few problems in my eight months of experience with the product in GTS, despite it being a relatively short period.
What's my experience with pricing, setup cost, and licensing?
Infoblox BloxOne Threat Defense can be expensive for the commercial sector, particularly in Egypt, as this sector does not have a huge budget compared to banking or oil and gas, as the regulations are not as strict.
What other advice do I have?
My overall rating for Infoblox BloxOne Threat Defense is eight out of ten.
reviewer2183721
Improving DNS security posture with comprehensive threat detection
Reviewed on Mar 12, 2025
Review provided by PeerSpot
What is our primary use case?
We use Infoblox BloxOne Threat Defense for protecting against DNS tunneling, malware detection, DGA, and other threats. All our requests in the direction to the internet go through Infoblox BloxOne Threat Defense .
What is most valuable?
The most valuable features include malware detection, phishing, DNS tunneling detection, DGA, and DNS firewall feeds. Our network's DNS security posture has improved because of these features. It is important for us because the tool helps us handle security issues effectively.
What needs improvement?
The UI performance could be better in the future, as sometimes there are delays. Additionally, DNS resolution speed could be improved to match that of Google DNS or Cloudflare DNS .
For how long have I used the solution?
We have used the solution for more than a year.
What was my experience with deployment of the solution?
We did not face any challenges during the initial setup. The setup is quite easy, and the implementation took about two to three months. We simulated all traffic and spent time tuning rules before full deployment.
What do I think about the stability of the solution?
The stability of Infoblox BloxOne Threat Defense is near perfect at a rating of ten. Stability is critical for us because each DNS call is crucial for our services, and any issues with Infoblox BloxOne Threat Defense would impact our services.
What do I think about the scalability of the solution?
Infoblox has to manage scalability, so we can't do much about it. However, it is quite scalable, with a rating of eight or nine.
How are customer service and support?
Customer service is rated as an eight. They responded quickly and effectively when we experienced some over-blockings recently.
Which solution did I use previously and why did I switch?
We previously used solutions from Spamhaus and others. We switched to increase our security maturity, as many attacks are related to DNS, and we needed to detect such issues.
How was the initial setup?
The initial setup was rated an eight, indicating it was mostly easy with no significant challenges.
What about the implementation team?
Two people were involved in the deployment process.
What's my experience with pricing, setup cost, and licensing?
Infoblox BloxOne Threat Defense is quite expensive, especially due to the significant increase in the subscription fee after the first year. This unexpected increase was a problem for us.
Which other solutions did I evaluate?
We evaluated other vendors, but Infoblox BloxOne Threat Defense was chosen. Specifics on other evaluations were outside my scope.
What other advice do I have?
I rate Infoblox BloxOne Threat Defense as an eight overall. While the tool offers valuable features and stability, the unexpected subscription price increases remain a concern.