Security

Bolster defense-in-depth with BlueCat threat feeds

Network security products are only as good as the threat intelligence you feed into them. Here are BlueCat’s threat feed options.

Last updated: September 15, 2025

An avatar of the author
BlueCat
Guarded Gate
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article explains how BlueCat's DNS Edge uses DNS firewalls and multiple threat feed options to block malicious network activity across both east-west and north-south traffic without on-device agents. It outlines threat intelligence sources available in DNS Edge — Crowdstrike-powered Threat Protection included with the product, Cisco Umbrella/Talos integration, the ability to add third-party feeds via open APIs, and customizable policies for specific network needs. The piece highlights operational benefits such as broad deployment flexibility with virtual service points, simplified policy rollout, and available Professional Services to design and implement advanced custom policies for constrained security teams.

What makes a DNS firewall via BlueCat's service points an effective choice for enforcing security policies across a network?

BlueCat argues that a DNS firewall implemented at service points is effective because it serves as the “first hop” for network queries, enabling consistent application of security policies to both internal (east-west) and external (north-south) traffic without requiring on-device agents. Service points are deployed as virtual machines, allowing flexible placement across cloud, edge, and on-premises environments so they can intercept and filter DNS traffic wherever it originates. This centralized interception model simplifies policy management and ensures uniform enforcement across distributed network segments while minimizing endpoint complexity.

Which threat intelligence feeds does DNS Edge support and how are they integrated?

DNS Edge includes multiple threat feed options: BlueCat Threat Protection powered by Crowdstrike, a Cisco Umbrella integration that exposes Talos intelligence, and support for third-party feeds via BlueCat’s open API. Crowdstrike’s feed, included with DNS Edge at no extra license cost, provides over two million high-fidelity domain indicators with contextual data and selectable security levels. The Cisco Umbrella integration leverages Talos’s broad telemetry from Cisco’s large user base. Organizations can also plug in other vertical- or vendor-specific feeds through the API to supplement these built-in sources.

How can organizations implement custom security policies with DNS Edge if their internal teams lack time or expertise?

Organizations can create custom domain-based security policies directly in DNS Edge to restrict IoT access, prevent cross-department data access, block inappropriate sites, and defend against DNS tunneling or domain generation algorithms. If internal teams are constrained, BlueCat Professional Services can design and implement tailored policies aligned to business requirements, working alongside the customer’s team. The article emphasizes that BlueCat’s Professional Services and award-winning customer service can map a security policy plan and execute it, reducing the operational burden on already stretched security teams.

To block malicious network activity, you only need two things.

First, you need a way to filter network traffic through security policies. Second, you need a threat feed to populate those security policies with up-to-date, meaningful intelligence.

Thankfully, network security teams are spoiled for choice on both fronts. There are tons of firewalls and filtering tools out there. Each has a unique way of intercepting malicious traffic on the network. Furthermore, there are also plenty of threat feeds. Each feed identifies malicious activity through different forms of intelligence gathering.

BlueCat believes that a DNS firewall is the most elegant, efficient, and consistent way to deploy security policies on a network.

Using a service point as the “first hop” in any network query allows you to apply security policies to both internal, “east-west” traffic as well as external “north-south” traffic. And you can do so without the use of on-device agents. Since they’re virtual machines, BlueCat’s service points can also be deployed anywhere and everywhere. They can catch traffic in the cloud and the network edge.

However, the mechanism for applying policies is only as good as the intelligence behind those policies. That’s why BlueCat offers a wide variety of threat feed options as well. From best-in-class threat intelligence powered by Crowdstrike to an integration with Cisco Umbrella to custom policies for your specific network, BlueCat has you covered.

Here are some of the options BlueCat offers to increase your defense against advanced threats. All of these are part of our DNS Edge security product.

BlueCat threat feed options

BlueCat threat protection

Threat Protection, BlueCat’s flagship threat feed, is powered by Crowdstrike. The cybersecurity company is the new standard in threat intelligence and a leader in Gartner’s latest Magic Quadrant for endpoint protection. Crowdstrike’s threat intelligence contains over two million high-fidelity domain indicators of compromise, including extensive context for every threat indicator. When you activate the Threat Protection feed in DNS Edge, you can apply different levels of Crowdstrike’s security intelligence to your DNS traffic.

The best part? When you get DNS Edge, Crowdstrike comes as part of the package. There’s no need to purchase a separate license. For more information, check out BlueCat’s Threat Protection datasheet.

Threat intelligence from Cisco Umbrella

Secondly, BlueCat partners with Cisco to offer an integration with its powerful Umbrella product (formerly known as OpenDNS). Through this Cisco Umbrella integration, DNS Edge users gain access to threat intelligence contained in Talos. This feed uses Cisco’s enormous user base to create one of the most comprehensive sources of threat intelligence on the planet.

Other third-party threat feeds

The combination of Crowdstrike and Talos offers comprehensive coverage of known malicious domains. On the other hand, maybe you’ve got another threat feed that you’ve had success with. Or one that contains vertical-specific intelligence. Users who want to supplement BlueCat’s existing threat feed offering can easily plug in any third-party product into DNS Edge using BlueCat’s open API.

Custom policies you create

Finally, with DNS Edge, you can create custom security policies to lock down specific areas of your network or control specific types of activity. For example, you can build a security policy to restrict IoT device access to certain servers only. You can keep employees from finding sensitive data outside their normal purview by blocking DNS queries to servers in other departments. You can block access to inappropriate sites. And you can protect against domain generation algorithms, DNS tunneling, and other malicious activity. It’s as easy as developing a domain list and rolling it out through BlueCat’s easy to use interface.

Custom policies created by BlueCat Professional Services

“I’d love to have all of those sophisticated custom policies,” you might be thinking. “But who has the time to build them?” When your security team is already maxed out on just keeping the lights on, BlueCat Professional Services is there to create the custom policies you need. Professional Services can map out a security policy plan that fits your business needs. And then they can implement it alongside your team. BlueCat’s Stevie award-winning customer service organization has the expertise and insights you need to create the most effective security policies for your business.

Learn more about network security with BlueCat.

Published in:

Security

Published on: April 8, 2020

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

BlueCat and Cisco graphic stating “Get DDI data from BlueCat in Cisco Cloud Control” for AI-driven network operations
Blog

BlueCat DDI data boosts Cisco Cloud Control AI-driven operations

BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more