Webinar Description
Key Takeaways
- Infoblox presents findings from its 2026 Threat Landscape Report, drawing on analysis of trillions of DNS transactions
- The webinar examines how cybercrime has evolved into an industrialised economy with specialised services and disposable infrastructure
- Discussion covers hidden attacker infrastructure, emerging attack surfaces, and AI-enabled threat techniques
- Designed for security leaders, SOC analysts, threat intelligence teams, and incident responders
- Focus on DNS-driven threat intelligence as a mechanism for preemptive threat detection and prevention
Introduction
The Infoblox Threat Landscape Report 2026 webinar offers security professionals an in-depth examination of the current cyber threat environment through the lens of DNS-driven intelligence. Aimed at CISOs, threat intelligence teams, SOC analysts, and incident responders, the virtual event presents research findings derived from the analysis of trillions of DNS transactions. As threat actors increasingly leverage sophisticated infrastructure and artificial intelligence to conduct large-scale attacks, understanding the mechanisms behind these operations has become essential for organisations seeking to maintain robust security postures.
About This Event
This virtual webinar, hosted by Infoblox, centres on the release of the company’s 2026 Threat Landscape Report. The session features expert-led presentations that translate extensive threat research into actionable intelligence for security practitioners. Rather than focusing on reactive security measures, the event emphasises how organisations can leverage DNS telemetry to identify and neutralise threats before they compromise users, systems, or data.
The research underpinning the report draws from Infoblox’s visibility into global DNS traffic patterns, providing a unique vantage point for observing attacker behaviour at scale. This DNS-centric approach to threat intelligence offers insights that complement traditional security monitoring by revealing infrastructure and communication patterns that other detection methods may miss.
The Industrialisation of Cybercrime
A central theme of the webinar is the transformation of cybercrime from opportunistic attacks into what researchers describe as a highly efficient, industrialised economy. This evolution represents a fundamental shift in how threat actors operate, with criminal enterprises now functioning more like legitimate businesses than isolated hackers.
Modern cybercriminal operations increasingly rely on specialised services, where different actors focus on specific aspects of the attack chain. Some groups specialise in initial access, others in malware development, and still others in monetisation through ransomware or data theft. This division of labour allows attacks to scale rapidly while reducing the technical barriers for individual participants.
The use of disposable infrastructure has become a hallmark of these operations. Attackers routinely cycle through domains, IP addresses, and hosting providers to evade detection and maintain operational continuity even when individual components are identified and blocked. Understanding these infrastructure patterns through DNS analysis provides defenders with opportunities to identify malicious activity based on behavioural signatures rather than static indicators.
DNS as a Threat Intelligence Source
The Domain Name System serves as a foundational layer of internet communication, making it an invaluable source of threat intelligence. Nearly all network activity, whether legitimate or malicious, generates DNS queries. This universal dependency means that DNS telemetry can reveal threat activity that might otherwise remain hidden within encrypted traffic or evade endpoint detection tools.
DNS-driven threat intelligence operates on the principle that attackers must establish and maintain infrastructure to conduct their operations. Command-and-control servers, phishing sites, and data exfiltration channels all require domain resolution. By analysing patterns in DNS traffic—including query volumes, domain age, registration patterns, and resolution behaviour—security teams can identify suspicious activity and take preventive action.
The webinar explores how this approach enables what Infoblox terms preemptive security: the ability to block threats based on infrastructure characteristics before malicious payloads are delivered or connections are established. This represents a shift from traditional detection-and-response models toward prevention-focused architectures.
Emerging Attack Surfaces and AI-Enabled Threats
The 2026 report addresses the expanding attack surface that organisations must defend. As enterprises adopt new technologies and extend their digital footprints, they inadvertently create additional vectors for compromise. The webinar examines which of these emerging surfaces present the greatest risk and how attackers are adapting their techniques accordingly.
Artificial intelligence has emerged as a significant factor in the threat landscape, though not always in the ways that headlines might suggest. The report discusses how threat actors employ AI-enabled lures—more convincing phishing content, better-crafted social engineering, and more adaptive attack campaigns. These capabilities lower the cost of launching sophisticated attacks while increasing their effectiveness against traditional defences.
The intersection of AI and disposable infrastructure creates particular challenges for defenders. Attackers can now generate and deploy malicious content at scale, cycling through infrastructure faster than signature-based detection systems can respond. This dynamic reinforces the value of behavioural and infrastructure-based detection approaches that can identify threats based on patterns rather than known indicators.
Hidden Infrastructure and Attacker Techniques
One of the report’s focal points is the hidden infrastructure that supports modern cyberattacks. Threat actors invest considerable effort in obscuring their operational infrastructure, using techniques such as fast-flux DNS, domain generation algorithms, and bulletproof hosting to maintain persistence while evading takedown efforts.
Understanding these concealment techniques is essential for security teams seeking to identify threats at the infrastructure level. The webinar presents research findings on how attackers structure their operations and how DNS analysis can reveal these hidden components. By identifying the infrastructure supporting an attack campaign, defenders can potentially disrupt multiple threats simultaneously rather than addressing each incident in isolation.
Who Should Attend
The webinar is designed for security professionals responsible for protecting organisational assets and reducing cyber risk. This includes security leaders such as CISOs and CIOs who must make strategic decisions about security investments and architecture. Threat intelligence teams will find value in the research methodology and findings, while SOC analysts and incident responders can apply the insights to their daily detection and investigation activities.
Organisations most likely to benefit include medium to large enterprises with significant digital footprints, government agencies facing sophisticated threat actors, and managed security service providers seeking to enhance their detection capabilities. The content assumes familiarity with network security concepts and is presented at an executive and practitioner level rather than as introductory material.
Building Organisational Resilience
Beyond specific threat findings, the webinar addresses the broader goal of organisational resilience. In an environment where complete prevention is unrealistic, resilience—the ability to withstand attacks, minimise damage, and recover quickly—has become a primary security objective.
DNS-driven security contributes to resilience by providing an additional layer of visibility and control that operates independently of endpoint and perimeter defences. When integrated into a comprehensive security architecture, DNS intelligence can identify threats that bypass other controls while providing enforcement points that work across all devices and users on a network.
The shift toward preemptive security represents an evolution in defensive thinking. Rather than accepting that breaches are inevitable and focusing primarily on detection and response, organisations can use infrastructure-level intelligence to prevent many attacks from reaching their targets. This approach does not replace traditional security controls but augments them with capabilities that address the realities of modern threat operations.

