Infrastructure Assurance: Proactively find and fix security flaws and outage risks
Get network and security automation to find and fix the root causes of downtime and risk before they become issues.
Request a demoJoin hundreds of users rating BlueCat products on Gartner Peer Insights
Solve issues before they impact service delivery
Proactively identify health issues so you can fix them before they create downtime.
Optimize performance of security infrastructure
Streamline IT operations with automation so teams can focus on optimizing security services elsewhere.
Reduce mean time to resolution
Accelerate troubleshooting by conducting automated root cause analysis without human intervention.
Stay on top of best practices
Automatically assess devices for alignment with changing configuration recommendations from vendors and the knowledge of a community of network practitioners.
Automate maintenance
Reduce errors and save time when you automate routine tasks like configuration backups and checking for license expiration.
Avoid network disruption with deep visibility and automation
Network teams are overwhelmed, and multiple sources of complexity are converging to make networks harder to safeguard 100% of the time. It’s virtually impossible to guarantee the security, performance, and uptime of critical network infrastructure using current tools:
More complexity
Troubleshooting complexity rises in proportion with multi-vendor tech stack (across DDI, firewalls, load balancers, web-proxies, and more)
More tools
Reactive, SNMP-based monitoring prioritize historical insight instead of preventive action and create too much manual work
More criticality
Downtime, outages, risk and non-compliance carry ever-greater costs for always-on organizations.
What is Infrastructure Assurance?
Infrastructure Assurance is a proactive observability, troubleshooting, and remediation solution for network and security infrastructure like DDI, firewalls, and load balancers. It provides deep visibility and automation to prevent network disruption.
Infrastructure Assurance continuously scans your network and security infrastructure for the signals of risk, performance, and availability issues, and automatically serves up proven solutions that engineers would otherwise have to find and implement manually.
Infrastructure Assurance happens in three stages:
1
Continuous measurement
of security, performance and configuration metrics, cross-referenced with benchmark data defined by internal policies or external standards.
2
Auto-triage and root-level diagnosis
of issues as soon as they occur – like errors, misconfigurations, vulnerabilities, downtime and more, with contextual awareness of related issues.
3
Automatic remediation recommendations
and certified, production-ready automation elements, based on a knowledge base curated by a global community of experts.
Ready to start driving automatic security, reliability, and availability across your network and security infrastructure?
How does Infrastructure Assurance work?
Infrastructure Assurance uses SSH, REST API and SNMP protocols to connect and run collection scripts on management servers and network devices, using CLI commands, SNMP data polling, or even vendor-specific APIs.
Management servers
- Palo Alto Networks Panorama
- Check Point MDM and Management Servers
- BlueCat Address Manager
Network devices
- DNS/DHCP Servers (like BDDS)
- Firewalls (like Check Point, Cisco, Fortinet, Juniper, Palo Alto Networks)
- Load balancers (like F5 and more)
Use cases
Infrastructure Assurance for firewalls
Critical service connectivity
Ensure communication with critical external services (like Syslog services; NTP, DNS, and identity servers; and threat prevention policies) is available at all times.
Auto-detect security risks and ensure compliance
Use hundreds of automation elements and security control validations to find security risks and compliance violations.
Automate maintenance tasks
Maintenance tasks seldom feel like the most urgent item on the ever-growing to-do list. But they’re critical to maintaining high availability. Automate tasks like certificate renewal and device configuration backup to maintain firewall health and performance.
Automated troubleshooting
Automatically apply proven, device-specific domain knowledge to analyze the root causes of issues as they occur.
Stateful health checking
Compare expected device configurations against current status to find common issues like:
- Debug mode enabled
- Next hop inaccessibility
- Policy-based forwarding errors
Misconfigurations
Verify configurations against gold standard frameworks to identify and resolve configuration drift issues like:
- Unavailable routes (or changes to) static routing tables
- Time zone configuration doesn’t match requirements
- Misconfigured authentication profiles
High availability readiness
Find cross-device inconsistencies that jeopardize high availability, such as:
- Unsynchronized cluster configurations
- Preemption enabled on clusters
- H/A interface not receiving traffic
Infrastructure Assurance for Firewalls
Infrastructure Assurance for DDI
Stateful health checking
Continuously assess the health of your address manager and DNS/DHCP servers to preemptively find and address issues like:
- DNS lookup failure
- High rate of failed DNS query
- Failed change propagations across secondary servers
Connectivity issues
Firewall policy changes can break connections between DNS services – get proactive alerts ahead of connectivity issues, like:
- Broken connection between to DHCP failover servers
- Communication breakdown between address manager and DNS/DHCP servers
- Communication breakdown between primary and secondary DNS servers
High availability readiness
Find cross-device inconsistencies that jeopardize high availability, such as:
- Alerts if xHA server, cluster or cluster member is down
- Identify if xHA configuration is not synchronized
- Identify if DHCP failover state has changed, or if failover servers are down
Misconfigurations
Verify configurations against gold standard frameworks to identify and resolve configuration drift issues like:
- DNS server configuration doesn’t match address manager
- NTP/DNS/Syslog server configured doesn’t match requirement
- Manual override enabled
Infrastructure Assurance for Integrity
See Infrastructure Assurance for yourself
Enough marketing already. Book a live demo of Infrastructure Assurance and get your technical questions answered.
Related content
BlueCat Infrastructure Assurance for Palo Alto Next-Generation Firewalls
Infrastructure Assurance proactively alerts Palo Alto Networks Next-Generation Firewall users to issues and provides remediation steps to resolve them.
BlueCat Infrastructure Assurance for Fortinet Fortigate
BlueCat Infrastructure Assurance proactively alerts Fortinet FortiGate users to issues and provides remediation steps that IT operations teams can use to…
Deepen your security insight with Infrastructure Assurance 8.3
BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.
BlueCat Infrastructure Assurance
BlueCat Infrastructure Assurance provides automated DDI issue detection and insight into remediation to help proactively reduce network downtime.