Cisco Live 2023: Introducing Zero Trust DNS

At Cisco Live Las Vegas 2023, BlueCat’s booth presentations were especially popular, as were personalized demos with BlueCat technical experts.

The BlueCat team at BlueCat’s booth on the World of Solutions floor at Cisco Live 2023 in Las Vegas.

But we were really excited to introduce a new concept: Zero Trust DNS. At a basic level, DNS security is about leveraging your DNS to better secure your enterprise network.

BlueCat solutions offer three crucial elements that comprise Zero Trust DNS:

• continuous verification,
• least-privilege access
• and context and response.

In this post, we’ll touch on why security is so important when it comes to DDI solutions. (DNS, DHCP, and IP address management, often referred to collectively as DDI, provide the core services that enable network communications.) We’ll share the highlights of our presentation introducing Zero Trust DNS as well as our integration with Cisco Umbrella and BlueCat Edge. And finally, we’ll explore the take-home message from Cisco Live that the future is simplicity.

By the way, now that BlueCat is now a Cisco SolutionsPlus partner, it’s even easier to adopt BlueCat solutions.

Security is critical for DDI solutions

Security tops the list of the most critical requirements sought in DDI solutions, according to a recent survey conducted by Enterprise Management Associates (EMA) of 227 IT professionals from medium and large enterprises across North America and the United Kingdom.

A crowd gathers for a booth presentation at BlueCat’s booth on the World of Solutions floor at Cisco Live 2023.

DNS was built to correctly and efficiently respond to queries, not question their intent. As a result, DNS has real vulnerabilities and potential as a vector for cyberattacks.

As the threat of DNS attacks continues to grow, 59% of EMA survey respondents deemed security their top requirement when looking for a DDI solution. Sought-after features include both DNS security protection and monitoring, such as support for the DNSSEC protocol or a DNS firewall to filter and block malicious activity.

A number of factors are driving this demand for security in DDI solutions, including an increasing reliance on IP address forensics to prevent and remediate breaches. Other contributing factors include an emerging regulatory environment and demands for compliance and organizational alignment.

DNS as part of your security solution offers numerous benefits, including the ability to:

• Take proactive and early kill-chain action;
• Prevent data exfiltration;
• Prevent command-and-control breaches;
• Segment your network;
• Get visibility and context for all DNS queries;
• Detect lateral threat movements;
• Remediate breaches faster; and
• Prevent distributed denial-of-service (DDoS) attacks.

Even Gartner recognized DNS security as crucial for improving the overall defense of your network.

Introducing Zero Trust DNS

Martin McNealis, BlueCat’s Chief Product Officer, introduces Zero Trust DNS to Cisco Live attendees at the World of Solutions’ Content Corner at Cisco Live 2023.

Martin McNealis, BlueCat’s Chief Product Officer, introduced Zero Trust DNS to Cisco Live attendees at the World of Solutions’ Content Corner.

In general, zero trust is a security framework that requires authentication, authorization, and continuous validation for all users before getting or keeping access to applications and data. Users can be on the local network, in the cloud, or in a hybrid environment.

How BlueCat solutions provide Zero Trust DNS

During his session, “Unlocking the hidden value of your DDI data,” McNealis broke down the specifics of how BlueCat’s solutions foster Zero Trust DNS:

• Malicious domains: Keep malicious domains at bay with domain control lists, alerts for newly observed domains, and real-time threat updates.
• Policy enforcement: Enforce policies with intelligent forwarding or steering, policy tiers, and full query and response audits.
• DNS tunneling: Ward off DNS tunneling with advanced pattern recognition, volumetric analysis, and data exfiltration detection.
• Most compromised endpoints: Find your most compromised endpoints with cumulative risk scoring, traffic and tunneling analysis, and typosquatting detection.
• Advanced DGA detection: Detect domain generation algorithm (DGA) attacks with machine learning models while accelerating threat scanning and optimizing storage costs.
• Trust policy: Ensure the trustworthiness of your network by qualifying domains and client device IP addresses, accelerating responses, and suppressing false positives.

What your DNS query and response data can tell you

Furthermore, BlueCat’s solutions offer an extensive trove of both DNS query and response data.

With this data, you can identify attack sources and their source IP addresses, and you can append user identity information. You can discover unsecured entry points used during an attack. And you can engage in faster threat hunting during a security incident response.

What’s next for Zero Trust DNS

McNealis also previewed what’s to come for Zero Trust DNS from BlueCat. Future features will include identity provider integrations; device, user, and endpoint scoring; threat policy aggregation; API event channel integration; and actionable analytics.

Cisco Umbrella and BlueCat Edge

BlueCat and Cisco can deliver a fully integrated, automation-driven, security-focused network. With these integrations, you can bring core DDI infrastructure into tools like Cisco Umbrella.

Because of its critical position in the network, and because of the unique data that BlueCat manages, BlueCat Edge can improve the security profile of the modern enterprise.

And with BlueCat Edge and Cisco Umbrella, you can get a new level of context and actionable data that security teams can use to rapidly identify and mitigate threats.

BlueCat Edge uses client-facing service points to collect granular information about devices and user activity at the first hop in any network query. It sends the source IP of every DNS query, down to the individual endpoint IP address, to Cisco Umbrella. BlueCat applies security policies to and logs internal (east-west) queries. It shares that data with Cisco Umbrella’s monitoring of external (north-south) queries. This creates a more comprehensive view of all network traffic in one user interface.

The result is greater context for analyzing your DNS traffic, more granular security policies, and enhanced network security.

Watch this clip of BlueCat in action on the floor talking about our Cisco Umbrella integration:

And take note: BlueCat also integrates with Cisco DNA Center and Cisco ACI.

The Cisco Live message: Security needs simplicity

A key message at Cisco Live 2023 was that networks must eliminate complexity and sprawl to be effective, particularly when it comes to security.

A crowd gathers for a booth presentation at BlueCat’s booth on the World of Solutions floor at Cisco Live 2023.

Network security has mostly evolved in a patchwork-like manner. The market is now saturated with about 3,500 security vendors, and a typical large enterprise may utilize 50 to 70 of them for their own networks, according to SDxCentral.

Cisco is evolving toward a consolidated, end-to-end platform approach. Last year, Cisco unveiled Security Cloud, which consolidated its more than two dozen security services into a few product suites. And at Cisco Live, the company announced Cisco Networking Cloud to manage all Cisco networking products from one place.

Similarly, with BlueCat’s Zero Trust DNS, you can manage your DNS security from one consolidated platform that provides total visibility across your entire network.

Learn more about BlueCat Edge and how our solutions can bring you Zero Trust DNS.