The shared responsibility model for cloud security separates out accountability across customers, stakeholders, and solution providers. At BlueCat, we take responsibility for our part of cloud security very seriously. That’s why we’ve recently taken steps to become more reliable in our deployment model and more robust in our back-end security practices.
Security monitoring through IP addresses
Most cloud resources in AWS require the creation of a Virtual Private Cloud (VPC) instance. (BlueCat uses AWS, but every cloud provider has a similar service.) Each of these VPCs runs through a set IP address assigned by the user. As the designated paths of information to and from any VPC, these IP addresses are a significant source of data for both cloud security and performance management.
By monitoring the DNS data flowing through that IP address, network administrators can learn a lot about how their cloud resources are performing. Security teams can use the same information to detect anomalies and monitor traffic for indicators of compromise. If someone left a port open, if malicious code was added to the cloud instance, if VMs are behaving erratically, if a DDOS attack is underway – all of this activity can be detected by triangulating DNS data with other information such as syslogs.
Assuring performance and security
DNS Edge, BlueCat’s SaaS security product, deploys through VPCs (along with other resources) in the AWS cloud. BlueCat now leverages the IP addresses assigned to those VPCs to ensure optimal performance and strengthen security controls on the operational back-end.
Here’s what we’re doing: BlueCat has created a series of automated workflows through its Gateway platform to assign IP addresses to VPCs in the cloud. These workflows are scheduled to run in sequence through Rundeck. The way these IP addresses are assigned allows BlueCat to monitor individual accounts for security and performance issues through its back-end security tools.
This process also avoids some of the manual set-up steps previously required of users, and ensures a common approach to deployment. It will also allow customers to set up and deploy DNS Edge service points on their own.
The path forward
With this deployment model in place, BlueCat is also starting down the path toward multitenancy – the ability to support multiple customers through a single account. In this phase of the journey, we are enabling the separation of customer accounts, and the ability to audit activity on those accounts.
These changes will also make information for FedRAMP and SOC compliance easier to obtain. Both standards require vulnerability scans at critical entry/exit points – by monitoring the IP address assigned to VPCs for DNS Edge, BlueCat will now be able to perform those scans continuously.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
BlueCat to the cloud- Webinar 3 (March 23rd, 2021)
Get an insider look into new capabilities and enhancements coming in BlueCat Integrity 9.3. As networks start to diversify into the cloud, NetOps struggles…
BlueCat to the cloud- Webinar 2 (Feb 3rd, 2021)
How prepared are you to tame the growing jungle of DNS forwarding rules in the cloud? Today’s seasoned network admin knows that configuring layer upon…
BlueCat Critical Conversations- Feb 19th, 2021
Critical Conversations bring together a diverse panel of IT pros to share practical advice on the realities of managing networks through profound…
BlueCat to the cloud- Webinar 1 (Jan 26th, 2021)
Where are you on the road to cloud adoption? Most network admins are struggling to keep up with Cloud and DevOps rapid delivery of new applications and…