To block malicious network activity, you only need two things. First, you need a way to filter network traffic through security policies. Second, you need a threat feed to populate those security policies with up-to-date, meaningful intelligence.
Thankfully, network security teams are spoiled for choice on both fronts. There are tons of firewalls and filtering tools out there, each with a unique way of intercepting malicious traffic on the network. There are also plenty of threat feeds, each of which identifies malicious activity through different forms of intelligence gathering.
Here at BlueCat, we think that a DNS firewall is the most elegant, efficient, and consistent way to deploy security policies on a network. Using a service point as the “first hop” in any network query allows you to apply security policies to both internal, “east-west” traffic as well as external “north-south” traffic, all without the use of on-device agents. Since they’re VMs, BlueCat’s service points can also be deployed anywhere and everywhere, catching traffic in the cloud and the network edge.
We realize, however, that the mechanism for applying policies is only as good as the intelligence behind those policies. That’s why BlueCat offers a wide variety of threat feed options as well. From best-in-class threat intelligence powered by Crowdstrike to an integration with Cisco Umbrella to custom policies for your specific network, BlueCat has you covered.
Here are some of the options BlueCat offers to increase your defense against advanced threats. All of these are part of our DNS Edge security product.
BlueCat Threat Protection
Threat Protection, BlueCat’s flagship threat feed, is powered by Crowdstrike, the new standard in threat intelligence and a “leader” in Gartner’s latest Magic Quadrant for endpoint protection. Crowdstrike’s threat intelligence contains over two million high-fidelity domain indicators of compromise, including extensive context for every threat indicator. When you activate the Threat Protection feed in DNS Edge, you’ll have the option of applying different levels of Crowdstrike’s security intelligence to your DNS traffic. The best part? When you get DNS Edge, Crowdstrike comes as part of the package. There’s no need to purchase a separate license. For more information, check out our Threat Protection data sheet.
Threat intelligence from Cisco Umbrella
BlueCat partners with Cisco to offer an integration with its powerful Umbrella product (formerly known as OpenDNS). Through this Cisco Umbrella integration, DNS Edge users gain access to threat intelligence contained in Talos, a feed that uses Cisco’s enormous user base to create one of the most comprehensive sources of threat intelligence on the planet. For more information, take a look at our Cisco Umbrella integration page.
Other third-party threat feeds
The combination of Crowdstrike and Talos offers comprehensive coverage of known malicious domains. But maybe you’ve got another threat feed that you’ve had success with, or one that contains vertical-specific intelligence. Users who want to supplement our existing threat feed offering can just as easily plug in any third-party product into DNS Edge using our open API.
Custom policies you create
With DNS Edge, you can create custom security policies to lock down specific areas of your network or control specific types of activity. For example, you can build a security policy to restrict access of IoT devices to certain servers only. You can keep employees from finding sensitive data outside their normal purview by blocking DNS queries to servers in other departments. You can block access to inappropriate sites. And you can protect against domain generation algorithms, DNS tunneling, and other malicious activity. It’s as easy as developing a domain list and rolling it out through our easy to use interface.
Custom policies created by BlueCat Professional Services
“I’d love to have all of those sophisticated custom policies,” you might be thinking. “But who has the time to build them?” When your security team is already maxed out on just keeping the lights on, BlueCat Professional Services is there to create the custom policies you need. We’ll map out a plan for security policies which fits your business needs, and then implement it as we work alongside your team. Our Stevie award-winning customer service organization has the expertise and insights you need to create the most effective security policies for your business.
Learn more about DNS Edge and BlueCat’s threat feed options.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
BlueCat’s DDI Adaptive Plugins and Applications help IT teams better leverage ServiceNow, Ansible, Microsoft, and more
A growing suite of Adaptive Plugins and Applications will help automate existing BlueCat capabilities along with adjacent customer technologies.
Technical Know-How: Deploying DDNS with BlueCat
Dynamic DNS automatically updates DNS records when an IP address changes. Learn how to deploy DDNS on the BlueCat Address Manager and DNS/DHCP server.
To better see the threats on your network, try DNS
DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.
A Simple Replacement for Complicated GSLB
BlueCat’s Global Server Selector makes it easy to deliver highly available services and distributed applications, without increased network complexity.