A new model for securing deployments of DNS Edge

At BlueCat, we’ve recently taken steps to become more reliable in our deployment model and more robust in our back-end security practices.

Last updated: September 15, 2025

An avatar of the author
BlueCat
Blue cloud-shaped padlock symbolizing shared cloud security responsibility for DNS Edge deployments
Key Takeaways
  • Monitoring DNS data on VPC-assigned IP addresses enables detection of cloud performance issues and security anomalies, including misconfigurations, malicious code, abnormal VM behavior, and DDoS activity.
  • BlueCat automates IP address assignment for AWS VPCs using Gateway workflows orchestrated by Rundeck, standardizing deployment and reducing manual setup steps.
  • The structured IP allocation to VPCs allows BlueCat to monitor individual customer accounts for security events and performance metrics via its back-end security tools.
  • The updated deployment model supports customer self-service for provisioning DNS Edge service points, improving operational efficiency and consistency.
  • These changes lay the groundwork for multitenancy by enabling logical separation of customer accounts and detailed auditing of account-specific activity.
  • Continuous monitoring and scanning at VPC IP address entry/exit points helps streamline evidence collection for FedRAMP and SOC compliance requirements.

The shared responsibility model for cloud security separates out accountability across customers, stakeholders, and solution providers.  At BlueCat, we take responsibility for our part of cloud security very seriously.  That’s why we’ve recently taken steps to become more reliable in our deployment model and more robust in our back-end security practices.

Security monitoring through IP addresses

Most cloud resources in AWS require the creation of a Virtual Private Cloud (VPC) instance.  (BlueCat uses AWS, but every cloud provider has a similar service.)  Each of these VPCs runs through a set IP address assigned by the user.  As the designated paths of information to and from any VPC, these IP addresses are a significant source of data for both cloud security and performance management. 

By monitoring the DNS data flowing through that IP address, network administrators can learn a lot about how their cloud resources are performing.  Security teams can use the same information to detect anomalies and monitor traffic for indicators of compromise.  If someone left a port open, if malicious code was added to the cloud instance, if VMs are behaving erratically, if a DDOS attack is underway – all of this activity can be detected by triangulating DNS data with other information such as syslogs.

Assuring performance and security

DNS Edge, BlueCat’s SaaS security product, deploys through VPCs (along with other resources) in the AWS cloud.  BlueCat now leverages the IP addresses assigned to those VPCs to ensure optimal performance and strengthen security controls on the operational back-end.

Here’s what we’re doing:  BlueCat has created a series of automated workflows through its Gateway platform to assign IP addresses to VPCs in the cloud.  These workflows are scheduled to run in sequence through Rundeck.  The way these IP addresses are assigned allows BlueCat to monitor individual accounts for security and performance issues through its back-end security tools.

This process also avoids some of the manual set-up steps previously required of users, and ensures a common approach to deployment.  It will also allow customers to set up and deploy DNS Edge service points on their own. 

The path forward

With this deployment model in place, BlueCat is also starting down the path toward multitenancy – the ability to support multiple customers through a single account.  In this phase of the journey, we are enabling the separation of customer accounts, and the ability to audit activity on those accounts. 

These changes will also make information for FedRAMP and SOC compliance easier to obtain.  Both standards require vulnerability scans at critical entry/exit points – by monitoring the IP address assigned to VPCs for DNS Edge, BlueCat will now be able to perform those scans continuously.

Published on: May 14, 2019

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more
Three colleagues at monitors collaborating, overlaid with network, analytics, cloud, and gear icons.
Blog

Agentic AI adoption in network observability propels NetOps teams

Network observability is crucial for today’s networks and even more capable with agentic AI, according to new Omdia and BlueCat research.

Read more

⏳ Cisco Live is almost here. Put BlueCat on your agenda for smarter, more secure networks.

Get the details