Bolster DNS security with BlueCat and Cisco Umbrella

Working together, BlueCat and Cisco Umbrella extend the breadth and depth of domain name system security across the enterprise.  The combined solution delivers valuable context and comprehensive visibility through the DNS infrastructure you use every day. With BlueCat and Cisco Umbrella, security teams get the granular information they need to mitigate threats in real time.

Digging deeper into DNS security

Find threats faster with endpoint visibility: The BlueCat-Cisco Umbrella integration provides instant access to endpoint-level Domain Name System (DNS) data, expanding the scope and reach of Cisco Umbrella’s industry leading DNS security platform. This allows security personnel to match threat intelligence with IP addresses used at the endpoint for quick, effective mitigation of malicious activity before it spreads.  (Mizuho Securities called this level of visibility “a game changer for cybersecurity“.)

“Who makes a query, I don’t know.  I can’t tell where this DNS request originated from.  Sometimes I see it and sometimes I can’t.”

Control the 60% of network traffic flowing through internal DNS: The data flowing through internal DNS services is a treasure trove for security teams. BlueCat adds visibility into this “east-west” traffic to Cisco Umbrella’s strong “north-south” perspective, providing a complete picture of what’s flowing through DNS servers for the full range of threat hunting, forensic investigations, and preventive application of security policies across the enterprise.

Deploy granular DNS security policies: With combined visibility into (and control over) internal and external data flows, security personnel can implement targeted security policies based on specific attack patterns. Through BlueCat’s Cisco DNS integrations in products like Cisco ISE, Cisco ISRs, Active Directory, and other core network management elements, BlueCat implements security policies consistently across internal and external access points. This is more than a simple DNS firewall. This is an integrated security system which touches the entire enterprise through the power of DNS.

Optimize SD-WAN deployments: Using the power of service points, DNS routing policies can be deployed anywhere, including the data center, campus, or branch, to deliver sophisticated LAN-side DNS traffic-steering services that facilitate internet breakout in SD-WAN deployments. This can assist with global DNS resolution, hybrid cloud deployments and simplified DNS resolution.

“The fact that BlueCat can just forward external queries to Umbrella without creating a separate policy is a big benefit as well. It means less work, and less potential for error.”

Through an integrated solution, BlueCat sends Cisco Umbrella IP addresses used at the endpoint, along with other contextual data, allowing visibility into device-level infections through a simple user interface. This integration makes the process of applying granular security policies and identifying infected endpoints seamless and fast.

BlueCat DNS Edge can also capture all internal DNS queries and apply internal policies to endpoints.