Bolster DNS security with BlueCat and Cisco Umbrella

Working together, BlueCat and Cisco Umbrella extend the breadth and depth of domain name system security across the enterprise.

Working together, BlueCat and Cisco Umbrella extend the breadth and depth of domain name system security across the enterprise.  The combined solution delivers valuable context and comprehensive visibility through the DNS infrastructure you use every day. With BlueCat and Cisco Umbrella, security teams get the granular information they need to mitigate threats in real time.

Digging deeper into DNS security

Find threats faster with endpoint visibility: The BlueCat-Cisco Umbrella integration provides instant access to endpoint-level Domain Name System (DNS) data, expanding the scope and reach of Cisco Umbrella’s industry leading DNS security platform. This allows security personnel to match threat intelligence with IP addresses used at the endpoint for quick, effective mitigation of malicious activity before it spreads.  (Mizuho Securities called this level of visibility “a game changer for cybersecurity“.)

“Who makes a query, I don’t know.  I can’t tell where this DNS request originated from.  Sometimes I see it and sometimes I can’t.”

Control the 60% of network traffic flowing through internal DNS: The data flowing through internal DNS services is a treasure trove for security teams. BlueCat adds visibility into this “east-west” traffic to Cisco Umbrella’s strong “north-south” perspective, providing a complete picture of what’s flowing through DNS servers for the full range of threat hunting, forensic investigations, and preventive application of security policies across the enterprise.

Deploy granular DNS security policies: With combined visibility into (and control over) internal and external data flows, security personnel can implement targeted security policies based on specific attack patterns. Through BlueCat’s Cisco DNS integrations in products like Cisco ISE, Cisco ISRs, Active Directory, and other core network management elements, BlueCat implements security policies consistently across internal and external access points. This is more than a simple DNS firewall. This is an integrated security system which touches the entire enterprise through the power of DNS.

Optimize SD-WAN deployments: Using the power of service points, DNS routing policies can be deployed anywhere, including the data center, campus, or branch, to deliver sophisticated LAN-side DNS traffic-steering services that facilitate internet breakout in SD-WAN deployments. This can assist with global DNS resolution, hybrid cloud deployments and simplified DNS resolution.

“The fact that BlueCat can just forward external queries to Umbrella without creating a separate policy is a big benefit as well. It means less work, and less potential for error.”

Adding new visibility

Here’s how it works. BlueCat sits at the first hop of any query, acting as the forwarder for both internal and external-bound traffic. This gives BlueCat direct visibility into both the source IP as well as the “east-west” queries which sit underneath the external network boundary. This happens not through clunky and expensive hardware, but through lightweight service points which can be deployed quickly across the enterprise at a much lower cost than traditional DDI solutions.

Through an integrated solution, BlueCat sends Cisco Umbrella IP addresses used at the endpoint, along with other contextual data, allowing visibility into device-level infections through a simple user interface. This integration makes the process of applying granular security policies and identifying infected endpoints seamless and fast.

BlueCat DNS Edge can also capture all internal DNS queries and apply internal policies to endpoints.

Easy, lightweight deployment

It gets better. Normally this kind of insight would require deployment of additional sensors and tools across the network – a logistical challenge to deploy and manage. With BlueCat sitting at the first hop as a DNS resolver, all of that information is collected without all of that extra effort – you simply get the visibility you need across all devices.

Even better than that: if you have BlueCat and Cisco Umbrella today, there’s nothing to download or install. This integration is already available – all you have to do is configure the connection and you’re ready to go.

Learn more about BlueCat integrations with Cisco Umbrella, Cisco DNA Center, Cisco ACI, and more.


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

BlueCat acquires Men&Mice and Indeni to add important capabilities in DDI orchestration and network infrastructure resiliency to improve visibility and management of networks.Learn more