When DNS Is No Longer Enough: What Infoblox's Axur Acquisition Signals About the Future of Enterprise Security
The completion of Infoblox's acquisition of Axur, announced on 5 May, is less interesting as a corporate transaction than as a strategic admission. For a company built on the premise that the Domain Name System is enterprise security's most powerful control point, the decision to acquire a Brazilian firm specialising in dark web monitoring, brand impersonation detection and social platform takedowns represents a meaningful shift in logic. DNS, as a security layer, catches threats when they arrive. What Infoblox is buying, in Axur, is the ability to find them while they are still being built.
The distinction matters because the threat environment that Infoblox's 6,000-plus enterprise customers face has structurally changed. Attacks no longer originate inside or at the boundary of the network. They emerge on social media platforms, in mobile app stores, on dark web forums, and across credential-sharing communities that exist entirely outside an organisation's visibility. A phishing campaign impersonating a company's executive does not touch enterprise DNS until someone clicks the link. By that point, the attacker infrastructure has already been operational, perhaps for days. Protective DNS can block the connection; it cannot prevent the campaign from being built.
This is the gap Axur was designed to close. Founded in Brazil, the company developed AI-driven capabilities to scan more than 40 million URLs daily across open, social, mobile and dark web environments, confirming genuine abuse and automating takedown requests against attacker infrastructure. The intelligence gathered is not passive monitoring; it triggers active disruption. With the acquisition now closed, Infoblox is feeding those findings directly into its Threat Defense platform so that malicious destinations can be blocked while takedowns are still in progress, and internal assets attempting to reach those destinations can be identified and attributed within minutes of discovery.
Scott Harrell, president and CEO of Infoblox, said the company is "extending its leadership in preemptive security by expanding its ability to take down malicious infrastructure before it can be weaponised against enterprises," adding that by combining Axur's external threat discovery with Infoblox's DNS-based intelligence, the company can "expand preemptive protection beyond enterprises' perimeter and into arenas like social media, app stores and the dark web." The language is deliberate: the perimeter, in Harrell's framing, is no longer a network boundary. It is wherever attacker activity begins.
According to Research and Markets, the digital risk protection sector grew from $61.49 billion in 2024 to $73.59 billion in 2025 and is expected to advance at a compound annual growth rate of nearly 20%, reaching $261.36 billion by 2032. That trajectory reflects precisely the problem Infoblox is moving to address: widening organisational attack surfaces driven by cloud adoption and digital transformation are making comprehensive external monitoring essential for operational resilience. The market pressure is not abstract. Enterprises are being forced to defend territory they do not own and cannot control, from third-party social accounts to app store listings to the dark web forums where compromised credentials first surface.
The AI dimension adds urgency. Attackers are now using generative AI to produce and deploy phishing, impersonation and fraud campaigns at a scale and velocity that manual investigation cannot match. Dr. Renée Burton, vice president of threat intelligence at Infoblox, noted that Axur "brings highly complementary data sources and expertise that meaningfully expand our intelligence portfolio," and that the combined capability will allow the company to "connect external signals with DNS-level insight to give customers clearer visibility and more confidence in how they respond." Where Infoblox has historically observed how threats behave once they are in motion across enterprise networks, Axur has mapped where they originate in the broader digital ecosystem. Together, those two intelligence layers are intended to produce something neither has independently: a view of the full attack lifecycle.
Fabio Ramos, CEO of Axur, described the close of the acquisition as "an important milestone," saying it allows Axur to "scale our mission globally and combine external threat intelligence with deep network insight to deliver a more proactive, measurable approach to security, and establish the foundation for managing threats across the full attack surface." The reference to the foundation is significant. The platform architecture being built around this acquisition is explicitly aligned with Continuous Threat Exposure Management, a framework increasingly adopted by large enterprises that replaces episodic security assessments with an ongoing, measurable approach to risk reduction. Infoblox is positioning its new Digital Risk Protection Services as the first module within a broader Exposure Management product line, signalling that this acquisition is a starting point rather than a standalone addition.
The competitive context is notable. The external attack surface and digital risk protection space is populated by specialised players, including ZeroFox, Recorded Future, ReliaQuest (which absorbed Digital Shadows), and Microsoft, which acquired RiskIQ in 2021. Analysts at Gartner and Cybersecurity News have identified DRP solutions as a critical component of enterprise cybersecurity strategies, specifically because they capture threats that traditional firewalls and endpoint tools cannot, including credential leaks on dark web forums and phishing domains impersonating a brand. Infoblox's entry into this category via acquisition, rather than organic build, is a bet on data complementarity and speed. Axur brings research capabilities and an intelligence dataset that would have taken years to replicate, and a geographic footprint rooted in Latin America that expands Infoblox's intelligence coverage into markets underrepresented in predominantly US- and EMEA-centric threat feeds.
What the deal ultimately reflects is a broader structural argument about where the security perimeter sits in 2026. The traditional model assumed that if an organisation could see and control its own network, it could defend itself. That model has been eroding for years as workloads moved to the cloud, employees extended onto personal devices and platforms, and attacker methodology evolved to exploit the exposure created by an organisation's digital footprint rather than its network boundary. Infoblox's acquisition of Axur is a direct acknowledgement that DNS, however powerful as a control point, is a layer too late if the threats it intercepts have already reached the inbox, the app store or the employee's social media feed. The new defensive logic is not to stop threats at the gate but to dismantle the infrastructure before the gate ever comes under pressure.
