New BlueCat Networks Appliance Models Integrate with Thales nShield Hardware Security Module (HSM)
Toronto, Canada – June 11, 2012– BlueCat Networks, the IPAM Intelligence™ company, today announced that its DNS, DHCP and IP Address Management appliances are now integrated with the award-winning Thales nShield Connect hardware security module (HSM) to deliver simple and secure DNSSEC key management for organizations that demand the highest levels of security.
“Security is one of the top concerns of every CIO,” said Brad Micklea, Vice President of Product Management, BlueCat Networks. “The Domain Name System is a critical public service that is on the front line, so attacks on DNS can severely impact business operations and undermine customer loyalty. By adding support for the Thales HSM to our existing DNSSEC solution, BlueCat Networks is once again demonstrating its commitment to providing the smartest, simplest and most secure solutions available for managing and securing enterprise networks. BlueCat Networks combines the ultra-high security of HSM-based DNSSEC with the simplicity of fully automatic key rollover for all key types, as well as flexible support for a broad range of encryption algorithms.”
DNSSEC uses strong public key cryptography to bring far greater security to any enterprise by protecting the DNS core network service from attacks like cache poisoning which can be leveraged for web site spoofing and phishing. In order to optimally secure your web site you must implement DNSSEC. However, there are two challenges to implementing DNSSEC that remain unaddressed:
|1.||Secure Key Storage: Standard DNS servers are not designed to be tamper or invasion proof, leaving keys potentially exposed to theft or misuse.|
|2.||Key Rollover: Implementation and management of off-box DNSSEC keys can be complex, costly and time consuming in part because if handled manually, security teams must spend a large portion of their time generating, administering and validating the many DNSSEC keys in use.|
The combined BlueCat Networks and Thales solution for HSM-enabled DNSSEC solves both aspects. Keys are generated and secured via the Thales nShield appliance that is FIPS 140-2 Level 3 and Common Criteria EAL4+ certified. However, unlike more manual solutions, BlueCat’s DNSSEC integration with Thales retains the simplicity of interaction that BlueCat’s existing DNSSEC solution was known for. BlueCat Networks reduces the inherent complexity of DNSSEC with centralized key management, single-click signing policies, fully automated key rollover and emergency manual key rollover. With BlueCat Networks, organizations can control DNSSEC signed zones from a central location, gain a comprehensive view of all DNSSEC-related data and demonstrate compliance during security audits.
“Recent highly publicized cyber attacks like Stuxnet are a clear reminder that digital signature keys that underpin services like DNS are vulnerable to theft or mis-use and must be protected,” said Cindy Provin, president of the Americas, Thales e-Security. “DNSSEC is already being widely adopted by government, financial services and healthcare organizations where the security of sensitive information is of paramount importance, but DNSSEC is only as good as the security of an organization’s cryptographic keys. The Thales nShield Connect HSM ensures that keys are generated and stored by an ultra-secure device that is both physically and electronically protected against tampering and invasion. When the Thales HSM is used in conjunction with BlueCat Networks’ smart, simple DDI solutions, organizations get the benefit of market-leading DDI and key security in an intuitive solution.”
Deployed at some of the most demanding and secure organizations in the world, BlueCat Networks’ DNS, DHCP and IP Address Management solutions provide an essential technology for helping organizations build smarter networks and manage IP-dependent services including cloud, virtualization and BYOD.
About BlueCat Networks
BlueCat Networks provides a smarter way to manage BYOD, mobile devices and cloud. With powerful IT self-service, automation and workflow delegation, BlueCat Networks software solutions give organizations the power to manage “everything IP” in their network including devices, users and IP activity from a single pane of glass. The result is a dynamic network that is more resilient, cost effective and easier to manage.
With tightly integrated IP core services, BlueCat Networks’ simple and scalable IP Address Management (IPAM) solutions have helped Global 2000 companies and government agencies reduce costs and solve today’s most critical IT challenges – from BYOD and mobility to data center virtualization and cloud computing. We also help organizations manage growth and change by easing the transition to new technologies such as IPv6 and DNSSEC. To learn more, visit: https://bluecatnetworks.com.
Adonis, Proteus, Triton, IPAM Intelligence and BlueCat Networks are trademarks of BlueCat Networks, Inc. and/or BlueCat Networks (USA) Inc. Other products mentioned herein may be trademarks and/or registered trademarks of their respective owners.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.
On the road to platform hardening, consider a STIG
Security Technical Implementation Guides standardize security configuration on networks, servers, and devices. BlueCat uses them and you can, too.
IT pros debate: Who should own DNS in the cloud?
Six networking pros dig into who should own DNS in the cloud during the third Critical Conversation on Critical Infrastructure hosted in Network VIP.
Flexibility and security can co-exist for the Red Cross
American Red Cross CISO Vikas Mahajan discusses flexible security strategies for front-line operations and his roadmap for moving toward a SASE model.