Menu
New DNS Armor can help detect, mitigate domain name system risks

GCP – New DNS Armor can help detect, mitigate domain name system risks

,

The Domain Name System (DNS) is like the internet’s phone book, automatically and near-instantly translating requests for websites and mobile apps from their domain names to the Internet Protocol addresses of the actual computers hosting them. As part of the bedrock of the internet, DNS and domain name lookup are also prime vehicles for threat actors to launch cyberattacks, so DNS-based protections can act as an important early layer of defense against cyberattacks. 

Using DNS to advance cyberattacks is a serious threat, and Infoblox indicated 92% of malware uses DNS for command and control communication in a study published this year. To support the security choice of our customers, we’re partnering with Infoblox to deliver DNS Armor, a cloud-native DNS security service available now in preview. 

DNS Armor provides preemptive threat detection for internet-bound DNS queries initiated from Google Cloud workloads. It complements our existing cloud-first network security product portfolio by offering a foundational security layer that identifies DNS-based threats, including requests to malicious command and control (C2) servers, DNS tunneling for sensitive data exfiltration, and malware using DNS query. 

DNS Armor benefits from Infoblox’s preemptive DNS threat defense, which analyzes over 70 billion DNS events every day, and adds 4 million new threat indicators to their database every month. This preemptive approach to detection using DNS event analysis helps identify DNS-based threats 68 days earlier than complimentary security tools.

“As a customer of both Infoblox and Google Cloud, we’re excited about the transformative potential of this collaboration. Google Cloud’s DNS Armor, powered by Infoblox, is a leap forward in cybersecurity, combining the strengths of both companies to deliver visionary, proactive threat defense,” said Alfredo Rodriguez, vice president, Cloud Platform Infrastructure, Sabre Corporation.

aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud security products’), (‘body’, <wagtail.rich_text.RichText object at 0x3e681418f2b0>), (‘btn_text’, ”), (‘href’, ”), (‘image’, None)])]>

Detecting threats early with DNS intelligence

DNS Armor provides both feed-based and algorithmic-based threat detection. 

  • Feed-based: Detects known malicious, high-risk domains, and newly-registered domains likely to be used for malicious attacks.

  • Algorithmic-based: Detects attacks using machine-learning based detection techniques, such as DNS tunneling attack techniques to prevent unauthorized data exfiltration.

DNS Armor also can help detect connections to malware distribution sites, and can pre-empt potential malicious downloads by blocking DNS queries going to malicious and high-risk domains. 

Many sophisticated cyberattacks establish a network connection with their command and control environment. You can use DNS Armor to get visibility into the earliest indicators of suspicious and malicious domains by detecting C2 activity, connections to malware distribution sites, and Domain Generation Algorithm (DGA) traffic originating from your workloads. 

For example, DNS Armor can detect evasive techniques like fast flux, which involves rapidly rotating the IP addresses linked to a single domain name, making detection of malicious domains more difficult and often missed by traditional security tools.

“The future of cybersecurity isn’t reactive — it’s preemptive,” said Mukesh Gupta, executive vice-president and chief product officer, Infoblox. “DNS sits at the foundation of every internet connection, making it the earliest — and most overlooked — opportunity to spot attacks before they begin. Google Cloud’s DNS Armor, integrated with Infoblox, detects threats weeks before they’re weaponized — helping security teams cut through noise and focus on what really matters — with a near-zero false positive rate. No more waiting for patient zero, no more blind spots. Just real-time threat visibility at scale.”

youtube video


How DNS Armor works

It takes only a few clicks to start using DNS Armor for your Google Cloud workloads. Once active, DNS Armor intercepts internet-bound DNS queries generated from your Google Cloud workloads, and the queries are automatically inspected by the Infoblox Threat Defense service in real time. 

If a threat is detected, the Infoblox Threat defense service will generate a detailed threat log and store it in Cloud Logging. You can also send these threat logs to Security Command Center, Google Security Operations, or your preferred SIEM platforms for further analytics and incident response.

image3

The DNS Armor workflow.

DNS Armor is easy to deploy and manage because it’s a turnkey managed service, with no virtual machines to manage and no impact to the performance of Cloud DNS. You can enable DNS Armor at the project-level across virtual PCs, giving you granular control over the cloud workloads that require protection.

Getting started

You can get started with DNS Armor by visiting our documentation page, and learn more about DNS security by checking out this video.

Read More for the details.

Related Posts