Enabling Preemptive Security for Google Cloud Workloads
Last year, Google Cloud announced the public preview of DNS Armor, a cloud-native protective DNS service in partnership with Infoblox that delivers preemptive threat detection for internet-bound DNS queries initiated from Google Cloud workloads.
Since then, adoption of the service has been rapid. In just the preview phase, hundreds of customers adopted DNS Armor to defend their cloud workloads. During that period, Infoblox has observed the service process more than 22 billion DNS queries and surface over 8.5 million threats, delivering protection at internet scale.
Backed by this strong early customer adoption, DNS Armor is now generally available, and customers can activate it within the Google Cloud console to start protecting their applications and workloads without additional infrastructure or complexity. Whether you’re running workloads on Google Compute Engine, hosting apps on Google Cloud Storage, or deploying Google’s AI and machine learning models, any Google Cloud workload that has an IP and uses Google Cloud’s default DNS resolver to connect to the internet can benefit from the protection offered by DNS Armor.
Cloud Adoption and Why Workload Protection Matters Now More Than Ever
Cloud adoption continues to accelerate as enterprises embrace digital transformation, yet this shift has also placed sensitive applications, data and infrastructure squarely in the crosshairs of attackers. Threat actors target cloud workloads that hold PII, intellectual property, and application code. These threats are also becoming more frequent, sophisticated (ransomware attacks surged by 132% in Q1 ’25 aided by AI deception), and damaging (the global cost of cybercrime is expected to surge to $13.82T by 2028).
Traditional security detects threats after they impact a workload and are no longer sufficient in an era where adversaries use AI to constantly mutate their malicious campaigns. In addition, most tools don’t monitor DNS activities, which provides early warning signals when it comes to detecting potential malicious activity. Finally, managing disparate non-native security solutions to protect cloud workloads adds complexity.
For years, cybersecurity strategies have been built around a simple “patient zero” model. A new attack hits an organization (also known as “patient zero”), the rest of the industry learns how it works, and then updates are made to security tools to protect other organizations. This reactive model largely worked in a pre-AI world, where attackers reused malware, attack techniques and domains long enough for security clouds to learn, share indicators, and protect everyone else after the first victim.
That assumption is now broken.
AI has fundamentally changed the economics and execution of cyberattacks. Threat actors are using AI to automate reconnaissance, generate single-use malware, personalize attacks at scale, and continuously mutate campaigns. In this new reality, every organization is effectively “patient zero.” In fact, 95% of the 25 million domains classified as malicious by Infoblox in a single year were seen at only one enterprise, highlighting how single-use infrastructure has become the norm where domains are weaponized and then disappear.
To combat this shifting threat landscape, security must become preemptive, stopping AI-driven attacks, no matter how many times they evolve and mutate.
DNS Armor Delivers Preemptive Security
DNS Armor brings Infoblox-enabled predictive threat intelligence and analytics directly into Google Cloud, enabling enterprises to secure their cloud workloads with a scalable, easy-to-manage service.
Figure 1. DNS Armor
DNS Armor analyzes DNS queries in real time and uses both threat intelligence feeds and algorithmic detection to identify malicious activity before it can impact workloads. This includes:
- Blocking DNS queries to known malicious domains
- Detecting newly registered domains likely to be weaponized
- Identifying DNS tunneling used for data exfiltration
- Spotting communication with malware C2 infrastructure
- Recognizing lookalike domains used in phishing campaigns
By combining ongoing DNS telemetry with machine learning, Infoblox, on average, blocks attacks 68.4 days before other tools detect them with a 0.0002 percent false positive rate. DNS Armor provides this proven threat detection technology to Google customers.
You can learn about the DNS Armor service in depth by viewing the Infoblox-Google webinar or reading this white paper.
The general availability of DNS Armor signals that this advanced proactive detection service is ready for production, ready for enterprise use, and ready to help organizations secure their cloud environments with confidence.
Customers Also Benefit from Broader Collaboration Between Infoblox and Google Cloud
Infoblox’s collaboration with Google Cloud goes beyond delivering DNS Armor. Infoblox integrates with Google Security Operations to provide security teams with deeper asset and threat context, enabling organizations to gain a unified and automated response to threats, with enriched visibility across the security stack. On the networking side, infrastructure-free DNS and DHCP services seamlessly integrate with Google Cloud’s Cloud WAN solution for simplified, secure and cost-effective global connectivity.
Learn more about how Infoblox partners with Google Cloud here.
