To block malicious network activity, you only need two things.
First, you need a way to filter network traffic through security policies. Second, you need a threat feed to populate those security policies with up-to-date, meaningful intelligence.
Thankfully, network security teams are spoiled for choice on both fronts. There are tons of firewalls and filtering tools out there. Each has a unique way of intercepting malicious traffic on the network. Furthermore, there are also plenty of threat feeds. Each feed identifies malicious activity through different forms of intelligence gathering.
BlueCat believes that a DNS firewall is the most elegant, efficient, and consistent way to deploy security policies on a network.
Using a service point as the “first hop” in any network query allows you to apply security policies to both internal, “east-west” traffic as well as external “north-south” traffic. And you can do so without the use of on-device agents. Since they’re virtual machines, BlueCat’s service points can also be deployed anywhere and everywhere. They can catch traffic in the cloud and the network edge.
However, the mechanism for applying policies is only as good as the intelligence behind those policies. That’s why BlueCat offers a wide variety of threat feed options as well. From best-in-class threat intelligence powered by Crowdstrike to an integration with Cisco Umbrella to custom policies for your specific network, BlueCat has you covered.
Here are some of the options BlueCat offers to increase your defense against advanced threats. All of these are part of our DNS Edge security product.
BlueCat threat feed options
BlueCat threat protection
Threat Protection, BlueCat’s flagship threat feed, is powered by Crowdstrike. The cybersecurity company is the new standard in threat intelligence and a leader in Gartner’s latest Magic Quadrant for endpoint protection. Crowdstrike’s threat intelligence contains over two million high-fidelity domain indicators of compromise, including extensive context for every threat indicator. When you activate the Threat Protection feed in DNS Edge, you can apply different levels of Crowdstrike’s security intelligence to your DNS traffic.
The best part? When you get DNS Edge, Crowdstrike comes as part of the package. There’s no need to purchase a separate license. For more information, check out BlueCat’s Threat Protection datasheet.
Threat intelligence from Cisco Umbrella
Secondly, BlueCat partners with Cisco to offer an integration with its powerful Umbrella product (formerly known as OpenDNS). Through this Cisco Umbrella integration, DNS Edge users gain access to threat intelligence contained in Talos. This feed uses Cisco’s enormous user base to create one of the most comprehensive sources of threat intelligence on the planet.
Other third-party threat feeds
The combination of Crowdstrike and Talos offers comprehensive coverage of known malicious domains. On the other hand, maybe you’ve got another threat feed that you’ve had success with. Or one that contains vertical-specific intelligence. Users who want to supplement BlueCat’s existing threat feed offering can easily plug in any third-party product into DNS Edge using BlueCat’s open API.
Custom policies you create
Finally, with DNS Edge, you can create custom security policies to lock down specific areas of your network or control specific types of activity. For example, you can build a security policy to restrict IoT device access to certain servers only. You can keep employees from finding sensitive data outside their normal purview by blocking DNS queries to servers in other departments. You can block access to inappropriate sites. And you can protect against domain generation algorithms, DNS tunneling, and other malicious activity. It’s as easy as developing a domain list and rolling it out through BlueCat’s easy to use interface.
Custom policies created by BlueCat Professional Services
“I’d love to have all of those sophisticated custom policies,” you might be thinking. “But who has the time to build them?” When your security team is already maxed out on just keeping the lights on, BlueCat Professional Services is there to create the custom policies you need. Professional Services can map out a security policy plan that fits your business needs. And then they can implement it alongside your team. BlueCat’s Stevie award-winning customer service organization has the expertise and insights you need to create the most effective security policies for your business.
Learn more about network security with BlueCat.
9.3 Integrity Deep Dive On-Demand Replay
Learn how you can get more security data, ramp up automation, and adopt cloud without compromising performance.
For DNS server caching, what is the ideal TTL?
Many factors affect how to set time to live (TTL) for DNS servers. Learn more, plus how BlueCat Edge’s TTL features can bolster your network.
Comparing AWS, Azure, and GCP cloud DNS services
The public cloud presents major challenges for DNS management. Examine various capabilities and limitations of Azure, AWS, and GCP with BlueCat.
Five network pros’ manual error horror stories
Members of BlueCat’s Network VIP community detail the errors they committed, the resulting fallout, and what important lessons they learned.