Product Updates & Enhancements

June 2025

In Case You Missed It

Last month's product updates can be found in May's communication.

Now Available

Infoblox Universal DDI™ Management: Stale DNS Records, Fault Tolerant Caching
Infoblox Universal Asset Insights™: Asset Explorer, Asset Tagging, Advanced Network Information
NIOS-X as a Service: Shared and Optional WAN IP
NIOS-X Server: Kubernetes Version Upgrade
NetMRI 7.6.1: Security Hotfix
Infoblox Threat Defense: SOC Insights Enhancements
Infoblox Threat Defense: New Point of Presence (PoP) in Hyderabad, India

Coming Soon

Infoblox Universal DDI Management: DHCP Ping Before Offer
Infoblox Threat Defense: Security Workspaces and Monitors
Infoblox Threat Defense: Detect Mode
Infoblox Threat Defense: Protection Before Impact
Infoblox Threat Defense: Suspicious to Malicious Monitor
Infoblox Threat Defense: Asset Discovery and Asset Inventory Access
Ecosystem: Cisco ISE
Ecosystem: CrowdStrike EDR
Ecosystem: Google SecOps SIEM

End-of-Life Announcements

NetMRI: End-of-Life Announcement

NETWORKING

Infoblox Universal DDI™ Management: Stale DNS Records, Fault Tolerant Caching

Now Available

Stale DNS Records: The DNS Record Classification Monitor monitors and reports on DNS records that have not been queried within the last 180 days. This feature enhances security by reducing the likelihood of dangling or abandoned DNS records that could become targets for malicious actors.

Fault Tolerant Caching: You can configure recursive NIOS-X DNS Servers to use expired DNS responses if an authoritative server isn’t reachable.

Infoblox Universal Asset Insights™: Asset Explorer, Asset Tagging, Advanced Network Information

Now Available

Asset Explorer: The Asset Explorer helps users visualize and navigate discovered assets based on their physical or cloud-based locations.

Asset Tagging: When creating or editing asset information, users can now specify tags for each asset. This helps categorize, search and organize assets discovered across networks.

Advanced Network Information: Detailed network information is now included in the Advanced tab in the Asset Inventory, including Wireless Controller IP, SSID, Access Point, VLAN ID, Upstream Switch and Switch Interface.

NIOS-X as a Service: Shared and Optional WAN IP

Now Available

Shared WAN IP: Allows multiple VPN tunnels or access locations to be established from a single public IP address.

Optional WAN IP: With this feature, when the WAN IP is not specified, the tunnel becomes dynamic and can be established from any available router IP on the device, enabling the tunnel to toggle between multiple IP addresses.

NIOS-X Server: Kubernetes Version Upgrade

Now Available

Timeframe: Beginning mid-May, Kubernetes on NIOS-X servers will undergo phased upgrades through the end of June. Updates follow the "Schedule Software Updates" settings on the Infoblox Portal.

Impact: Most deployments will see no impact (appliances and VMs). However, NIOS-X Bare-metal deployments (i.e. Docker, containerd) may experience up to 5 minutes of service interruption. Bare-metal upgrades will be scheduled for weekends to minimize impact unless a specific software update is already scheduled for a different day of the week.

Validation: You can verify the upgrade has occurred on the "Configure/Servers” page of the Infoblox Portal. The updated version is v1.30.9 and is visible by clicking “View all Tags” for a NIOS-X server and looking for “host/k8s_version.”

NetMRI 7.6.1: Security Hotfix

Now Available

Hotfixes are available to correct known security vulnerabilities in NetMRI 7.6.1 and subsequent releases (7.5.3, 7.5.4 and 7.6.0). It is recommended that NetMRI customers patch or upgrade to the latest version of NetMRI (version 7.6.1). The fix resolves the following security issues:

Infoblox Universal DDI Management: DHCP Ping Before Offer

Coming Soon

With DHCP Ping Before Offer, you will be able to configure NIOS-X DHCP Servers to check whether an IP address is in use before offering it to a DHCP client. This feature will improve network performance and stability by avoiding IP address conflicts, which can cause disruptions and connectivity issues.

Quick Links for Universal DDI

Quick Links for NIOS DDI

Subscribe to the Infoblox Status Page to receive real-time notifications on maintenance upgrades.

SECURITY

Infoblox Threat Defense: SOC Insights Enhancements

Now Available

Enforcement Prioritization: The SOC Insights dashboard now highlights unblocked threats first, allowing teams to act quickly on the most urgent and potentially threatening issues.

Traffic Exclusion: The traffic exclusion feature filters out unimportant data, such as guest network traffic, so analysts can stay focused on what matters. In the Insight setting, users can add exclusion traffic for insight generation. It can be based on subnet or DFP (DNS forwarding proxy).

Infoblox Threat Defense: New Point of Presence (PoP) in Hyderabad, India

Now Available

Infoblox has expanded its global infrastructure with the addition of a new Point of Presence (PoP) in the AWS ap-south-2 region (Hyderabad, India). This enhancement improves performance and resiliency for regional DNS security services.

The Regional Anycast IP addresses for the new PoP are 52.119.41.64 and 103.80.6.64.
The CNAME ap-south-2-geo.threatdefense.infoblox.com resolves to 52.119.41.64.

For more information, see Forwarding DNS Traffic to Infoblox Platform.

Infoblox Threat Defense: Security Workspaces and Monitors

Coming Soon

We're introducing Security Workspaces & Monitors, a powerful new addition designed to streamline threat visibility and accelerate security workflows.

Unified Threat View: Gain a holistic, correlated view of threats across your environment, helping you better understand impact, prioritize risks and drive operational efficiency.
Key Security Metrics: Easily view key metrics on security workspaces, including threats blocked, threats allowed, policy violations blocked, threats by level, first to detect and bandwidth savings.
Streamlined Workflows: See how centralized, intuitive access to critical security data can elevate your threat investigation speed and decision-making confidence.

Drill downs will also be available for each of these monitors, such as number of detections, threat class and last detected timestamp, letting users see what’s happening in their environment and tune policies accordingly.

Threat Defense preemptively blocks malicious, high-risk and unwanted traffic before it consumes bandwidth, leading to optimized performance, lower infrastructure costs and improved overall network efficiency. The bandwidth savings monitor will enable you to easily see these savings quantified by threat type.

Infoblox Threat Defense: Detect Mode

Coming Soon

Threat Defense (TD) Detect Mode will eliminate technical challenges that IT or Network Architects face when trying to prove the value of the Threat Defense product without redirecting external queries to the cloud for resolution. This will allow security teams to learn the value of Protective DNS practices with Threat Defense without intrusive infrastructure changes. Detect Mode will be available on all supported Infoblox NIOS versions and works by forwarding DNS query/response logs (not queries) to Threat Defense in the cloud for full threat detection capability. Any detected threats and context can then be sent to SOC tools, such as SIEM/SOAR, for investigation and response.

Infoblox Threat Defense: Protection Before Impact

Coming Soon

The Protection Before Impact feature will help customers understand the time advantage of Infoblox’s early detection in staying ahead of threats. It will highlight the average number of days Infoblox proactively blocked threats before users ever accessed the associated domains. It includes two metrics:

Infoblox Time Advantage – Highlights how much sooner Infoblox identified an indicator before the rest of the industry.
Protection Time Advantage – Highlights how much sooner Infoblox identified an indicator before it was first detected in a customer environment.

Infoblox Threat Defense: Suspicious to Malicious Monitor

Coming Soon

This feature will showcase indicators initially flagged as suspicious in customer environments that are later confirmed as malicious. It will include drill downs for each indicator to view current and historical states of associated feeds and policy actions. Customers will easily be able to see the value of Infoblox’s early threat detection and accurate classification, highlighting the ability to provide preemptive protection before threats fully materialize.

Infoblox Threat Defense: Asset Discovery and Asset Inventory Access

Coming Soon

Asset Discovery and Asset Inventory Access will be integrated into Threat Defense to allow for faster triage with contextual investigations. Asset Discovery will include on-prem, cloud (AWS, Azure, GCP) and 3rd Party (CrowdStrike, ServiceNow) discovery sources. On-prem discovery for NIOS is simplified with auto-configured discovery jobs for ‘NIOS Grid Connector,’ which can be enabled as needed. Threat Defense users also get unified asset threat views using Asset Workspace for a more confident response.

Quick Links for Security

Subscribe to the Infoblox Status Page to receive real-time notifications on maintenance upgrades.

ECOSYSTEM

Ecosystem: Cisco ISE

Coming Soon

We are adding Ecosystem support for Cisco ISE APIs to enable quarantining assets identified by Threat Defense or SOC Insights threats. These threats will be shareable directly with Cisco ISE for use in their “authorization policies.” When Infoblox detects and blocks internet threats, like command-and-control attempts or DNS tunneling, Cisco ISE can immediately limit access or impose other restrictions on those assets, including internal access, external access or other limitations, until the investigation is complete. Configuration options will be available to customize by network, confidence and threat level.

Ecosystem: CrowdStrike EDR

Coming Soon

Infoblox is adding Ecosystem support with a new integration between Infoblox Threat Defense, SOC Insights and CrowdStrike. This upcoming capability will enable detected threats—such as DNS-based data exfiltration, command-and-control attempts and domain-generated algorithm (DGA) activity—to be automatically sent from Infoblox to CrowdStrike. Once received, CrowdStrike can instantly quarantine the affected endpoint, stopping threats at both the network and device level.

Ecosystem: Google SecOps SIEM

Coming Soon

Infoblox will soon have a supported deployment guide for syslog integration with Google SecOps SIEM using the Infoblox Cloud Data Connector (CDC). This integration will enable sending Infoblox IPAM asset data, threat data and insights to the SIEM for enrichment, assessment and response. Once available, customers will be able to access the deployment guide with clear integration steps and assurance of integration support from the Ecosystem portal.

END-OF-LIFE

NetMRI: End-of-Life Announcement

Projected Date: April 2027

Reminder: On April 30, 2025, NetMRI will reach its Last Order Date (LOD) milestone, with the End-of-Life (EoL) scheduled for April 30, 2027. NetMRI renewals will be allowed after the LOD until the EoL date. For more information, please visit the Infoblox Support Portal’s End-of-Life Announcements and subscribe to receive product lifecycle updates by email. If you require planning or migration assistance, please contact your preferred Infoblox partner or your Infoblox account team for service options.