Using IPAM and Core Network Services to Defend Your Business
BlueCat is solely focused on delivering IP address management, DNS and DHCP solutions, which means that security is a big part of everything we do. More and more, we are speaking with security teams that recognize that IPAM and core services can be a powerful tool for enhancing security operations and emergency response.
The ability to manage, map, audit and track every connected device and user, as well as centrally control business-critical DNS and DHCP services is the core functionality that we provide for customers around the world every day. We’ve always worked closely with network and data center teams to build more agile and elastic networks, but a recent trend we’re seeing is that network and security teams are moving out of their traditional silos and working together to solve network and security challenges because their roles are becoming so intrinsically linked.
As a security operator, you’re asked to assess and mitigate risk daily – and fight the fires that will inevitably occur. But without adequate visibility and a single point of truth to know the “who, what, where and when” of network activity, responding to threats can be onerous and time consuming. Pinpointing the source of threats often starts with trawling logs and trying to reverse-engineer security events. BlueCat’s unique ability to audit and track every user (laptops, tablets, phones, etc.), as well as every device (smart swipe cards, IP-enabled video cameras and door locks, wireless access points etc.), and consolidate this information in a single system of record is a huge benefit to security teams as part of their arsenal in managing and responding to threats and events.
In addition to the advantages of centralized IPAM, BlueCat Threat Protection for DNS Server is a new product that stops malicious activities in DNS before they can reach business-critical data and applications. BlueCat Threat Protection leverages a hosted BlueCat Security Feed to automatically update BlueCat DNS servers with the latest data on known sources of threats including malware, botnets, exploits, viruses and spam.
The security feed filters all outbound DNS requests, allowing security teams to detect, respond to, or block infections and malware before an outbreak occurs. It also makes it faster and easier for an administrator to detect ‘patient zero’ (the first laptop to start connecting to a command and control botnet server or the first user to browse to a site infected with malware or a javascript injection). Logging all DNS requests and linking them back to a specific device or user also assists security teams when doing lawful intercept or dealing with an HR incident (an attack from within).
By linking IPAM and core services with device registration and DNS-based threat protection, BlueCat allows security teams to detect when new devices enter the network, and contain them until they identify and authenticate themselves. This is especially beneficial in environments where there’s a highly transient user base, such as colleges and universities or guest Wi-Fi networks, for example.
BlueCat delivers three unique capabilities for ensuring secure network connections:
- A single authoritative source for information about every user and device connected to your IP network, and a single version of the truth to assist with security investigations
- The ability to detect, register and authenticate new users and devices entering the network, reducing the threats posed by unknown or rogue devices
- The ability to detect “patient zero” and contain and control infections before they become outbreaks
These are just a few of the ways that security operations and response teams can leverage our solutions and expertise in the networking domain to help secure the business and sleep better at night. Ultimately, this additional layer of defense helps everyone in the organization – because no one wants to have to deal with a stressed-out security guy!