External threats like phishing, brand impersonation, and credential abuse now play a direct role in many breaches, often long before an attacker touches the internal network.
This is driving Infoblox to expand its preemptive security strategy with its planned acquisition of Axur. The goal is to detect and disrupt threats earlier, outside the perimeter, and make that work scalable for both enterprises and managed service providers.
What Axur changes for Managed Service Providers
For MSPs and MSSPs already using Infoblox, the acquisition is less about adding another tool and more about expanding what can be delivered as a managed service without adding staff.
Scott Harrell, Infoblox President and CEO, told ChannelE2E, “Once the Axur transaction closes and its capabilities are integrated, we expect it to expand the kinds of managed services MSPs and MSSPs can build with Infoblox.”
He tied this directly to prevention and margins. “Infoblox’s DNS Security is the only solution in the market that stops threats in 68.4 days on average – before the majority of security vendors even know they exist. We do this with an incredibly low false positive rate: .0002%. Infoblox DNS Threat Defense is one of the best ways to prevent threats from ever hitting your customers. This is critical, as responding to incidents destroys margins in MSSP environments.”
Axur adds a new layer to that approach. “Axur will expand Infoblox-powered MSSPs’ preemptive capabilities. Axur enables MSSPs to preemptively take down actors' infrastructure that is targeted at specific enterprises before it is weaponized. This further prevents incidents and further enhances MSSP’s margins.”
Beyond prevention, Harrell pointed to new revenue opportunities. “With Axur’s digital risk and external threat capabilities, MSPs and MSSPs will be able to perform takedowns of rouge domains or other threat actor infrastructure such as social media at scale. This increases the effectiveness and differentiation of DNS-powered security services.”
He added that they can also expand recurring revenue. “Additionally, Infoblox-powered MSPs and MSSPs will be able to expand their MRR/ARR by adding additional services like brand and digital risk monitoring, phishing and fraud disruption services and monitoring for exposed data and credentials.”
Automation plays a key role here. “Because Axur was built with AI-powered workflows, they have a very high degree of automation. This, combined with their fully multitenant architecture, means MSSPs can add these kinds of services in a very margin-friendly manner.”
Why automation matters for takedowns
Brand abuse and phishing takedowns are often slow and manual, making them difficult to scale. Harrell described the problem clearly: “In most organizations, brand abuse and phishing takedowns are still handled manually: analysts collect evidence, fill out forms for multiple providers and then chase status in email. That’s hard to scale and doesn’t lend itself to profitable, repeatable services.”
Axur’s platform is designed to automate much of that work. Harrell highlighted three improvements that matter most for service providers.
First is consistency. “Standardized case handling: Incidents can be grouped, documented and tracked in a consistent way instead of treated as one-off requests. That reduces the amount of ‘reinventing the process’ for every new campaign.”
Second is reducing analyst overhead. “Automated evidence and submissions: The system can help package the right technical and legal details and submit requests to hosting providers, registrars and platforms in a more automated, consistent fashion, freeing analysts from repetitive admin work.”
Third is visibility. “Central status tracking and reporting: Rather than hunting through inboxes and spreadsheets, analysts get a consolidated view of what has been requested, what’s been removed and where follow up is needed.”
Harrell summed up the impact for service providers: “For MSSPs, that level of automation is important because it lets a relatively small team handle many more brand abuse and phishing cases per analyst, and it makes it much easier to offer this as a repeatable managed service with clear SLAs and outcomes.”
Core service or add-on
How MSPs and MSSPs package these capabilities will depend on maturity and customer demand. “For many, this could mature into a core managed, service tier – focused on brand and external threat protection,” Harrell said. “This would sit alongside their existing SOC, XDR, and managed network security services.”
Others may start smaller. “Others may start by offering it as a high-value add-on to existing services that already use Infoblox, such as adding automated takedown services to an Infoblox-powered DNS-based threat protection. That gives them a low-risk way to pilot the service with a subset of customers before expanding.”
He also placed the acquisition in a broader market context. “Gartner says that by 2030, preemptive security tools will account for over 50% of IT security spending, up from less than 5% in 2024. This is in large part due to AI-driven threats, which move exponentially faster than the threats of the past.”
Strategically, Harrell emphasized that this is about reducing exposure, not reacting late. “Strategically, we see Axur’s capabilities as an important part of a broader effort to help customers reduce their exposure to external threats and brand abuse, not just react to individual incidents.”
MSPs and MSSPs are under pressure to differentiate, automate repetitive work, and prove outcomes without hurting margins. Harrell described the common goal clearly: “The common thread is that service providers are looking for ways to differentiate, automate more of the repetitive work, and show clear outcomes to their customers.”
By combining Axur’s automated external threat disruption with Infoblox’s DNS-layer protection, the company is positioning preemptive security as something MSPs and MSSPs can actually deliver at scale, not just talk about.