GovernmentSecurity

What We Learned at DODIIS

Last updated: September 15, 2025

An avatar of the author
BlueCat
Lakeside fountain with blooming trees in front of downtown Omaha skyline, illustrating the host city for the DODIIS conferenc
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

At DODIIS 2018 in Omaha, BlueCat engaged defense and intelligence agencies about DNS’s role in strategic initiatives and network security, finding cloud migration guidance (JEDI) remains unclear for many operational IT managers. The article highlights growing interest in using DNS data for security, concerns that perimeter controls leave internal DNS traffic vulnerable to advanced persistent threats, and the importance of correct placement of DNS security controls. BlueCat emphasizes that client-level DNS data collection provides deeper visibility into device behavior on complex networks, helping agencies prepare infrastructure for cloud transitions and improve security outcomes.

What did BlueCat learn about how the JEDI cloud initiative affects DOD IT managers?

BlueCat found that JEDI remains an amorphous concept for most DOD agencies: while many are aware of the large public cloud RFP, few IT managers understand what it will mean for day-to-day operations. There is a perception that planning is occurring at higher levels with little concrete guidance flowing down to combatant commands about implementation. BlueCat believes preparing for JEDI will require significant attention to network infrastructure and management, and has been discussing with agencies how DNS can support a successful cloud migration.

Why is DNS security becoming a priority for defense and intelligence agencies according to the article?

The article reports rising interest in DNS-based security because organizations are beginning to realize the value of DNS data for detecting threats and understanding network activity. Although DNS infrastructure itself is established, using DNS traffic and logs for security analytics is relatively new to many agencies, prompting ‘lightbulb’ moments when BlueCat explains its role. Additionally, claims that DNS is ‘locked down’ often overlook that perimeter filters and firewalls can leave internal DNS traffic exposed to advanced persistent threats, making placement of DNS security controls critical.

How does BlueCat propose to improve visibility into large, complex networks?

BlueCat advocates collecting DNS data at the client level to provide true visibility beyond simple network mapping. While some vendors map devices and locations (the ‘where’), they often do not reveal what devices are actually doing. Client-level DNS collection enables insight into device behavior and DNS activity, which helps agencies understand internal traffic patterns, detect anomalous behavior, and better secure networks—especially important during infrastructure changes like cloud migration.

Another fantastic DODIIS conference is in the books, and BlueCat learned a ton about how DNS plays into the strategic priorities of the defense and intelligence communities.  After three days in Omaha talking to agencies about their needs, here are some key takeaways:

  • JEDI is still an amorphous concept for most DOD agencies. Everyone seems to be aware that there’s a gigantic public cloud RFP out for bid, but few IT managers really know what that means for their day-to-day work.  There’s a sense that all the planning is happening “up there” with little guidance down to the combatant commands about how they’re going to implement the solution that comes down.  At BlueCat, we know that preparing the groundwork for JEDI will require some significant attention to network infrastructure and how it is managed.  We’ve been talking with many agencies now about the role that DNS can play in a successful cloud migration.
  • DNS security is the next big thing. It’s fun to be trendy, and that’s what DNS seems to be right now.  The underlying infrastructure of DNS is nothing new, of course.  But using all of that valuable DNS data for security purposes is something that DOD and intelligence agencies are just starting to wake up to.  As we’ve explained the critical role that DNS can play in security, we’ve seen a lot of lightbulbs go on.  Even more, DOD and intelligence agencies are starting to come to us – they’ve heard about this DNS security thing, and they want to know more.
  • When you say “we’ve got our DNS locked down” it rarely is. We’ve heard that line from quite a few people during DODIIS – “we’re all set on DNS, our DNS is locked down”.  The question is, locked down where?  When we explain that boundary-level filters and firewalls leave internal DNS traffic open to advanced persistent threats, we get a lot of surprised looks.  Placement of that DNS security is critical to truly securing the network. 
  • Visibility is key. There were quite a few folks at DODIIS who offer network mapping and other ways to figure out what large, complicated networks look like.  Unfortunately, most of these companies stop at the “where”, providing no sense of what all those devices are actually up to.  By collecting DNS data at the client level, BlueCat provides true visibility – not just into what’s on the network, but what all those devices are doing.

That’s a wrap for DODIIS 2018!  We’re already looking forward to the next iteration – see you all in Tampa next year.  (Mic drop.)

BlueCats at the ready to talk DNS!

Published in:

GovernmentSecurity

Published on: August 15, 2018

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

BlueCat and Cisco graphic stating “Get DDI data from BlueCat in Cisco Cloud Control” for AI-driven network operations
Blog

BlueCat DDI data boosts Cisco Cloud Control AI-driven operations

BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more