企业 IT 架构与安全服务

别再等待零号病人

从生成式 AI、一次性恶意域名与攻击基础设施出发,解析 Protective DNS 和 Infoblox 如何在连接建立前识别威胁,并给出企业 DNS 安全升级评估清单。

别再等待零号病人内容摘要

文章重点

  • 解释 AI 驱动的一次性攻击为何削弱事后 IOC 模式,以及 Protective DNS 如何在连接建立前处置风险。

评估方法

  • 从 DNS 覆盖、首次查询阻断、DGA 与隧道检测、DoH/DoT 纳管、告警关联和仿冒域名下架评估建设成熟度。

数据口径

  • Infoblox 产品效果数据来自公开报告、产品页面和遥测口径,实际效果需通过现网评估与试点验证。

参考资料

  1. [1] https://www.infoblox.com/news/news-events/press-releases/infoblox-unveils-2025-dns-threat-landscape-report-revealing-surge-in-ai-driven-threats-and-malicious-adtech/
  2. [2] https://www.cisa.gov/sites/default/files/2025-05/Approved%20CSSO-Protective%20DNS%20FAQ%202024.pdf
  3. [3] https://www.ncsc.gov.uk/files/NCSC_Annual_Review_2024.pdf
  4. [4] https://csrc.nist.gov/pubs/sp/800/81/r3/final
  5. [5] https://learn.microsoft.com/zh-cn/windows/security/operating-system-security/network-security/zero-trust-dns/
  6. [6] https://www.infoblox.com/solutions/ransomware/
  7. [7] https://www.infoblox.com/products/threat-defense/
  8. [8] https://www.infoblox.com/blog/company/why-the-axur-acquisition-marks-a-turning-point-for-preemptive-security/
  9. [9] https://www.infoblox.com/news/news-events/press-releases/infoblox-and-google-cloud-announce-partnership-to-deliver-cloud-native-networking-and-security-solutions-reducing-complexity-for-enterprise-customers/