Fortify Your Defenses with Cisco DNS Defense and BlueCat

In this webinar, you’ll learn: How to identify threats faster through rapid correlation of external threat data with source IP.

Abstract blue background with white connected lines and nodes forming a digital network mesh pattern
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

This webinar explains how integrating external threat intelligence with source IP correlation and internal DNS query visibility improves threat detection and network control. It addresses the real-world problem of blind spots in east-west traffic, which represents around 60% of network activity, and shows how rapid data correlation and broader threat feeds increase detection speed and scope. The outcome is actionable guidance to identify integration opportunities, engage interested end-users, and strengthen overall threat management within enterprise environments.

How does correlating external threat data with source IP help identify threats faster?

Correlating external threat data with source IP enables rapid identification of malicious activity tied to specific hosts on the network. By matching threat intelligence indicators to the originating IP addresses of DNS or network queries, defenders can prioritize investigations and respond to confirmed threats more quickly. This correlation reduces time-to-detection by converting raw threat feeds into actionable context about which internal systems are involved, enabling targeted containment and remediation efforts.

Why is visibility into east-west queries important and how much traffic does it represent?

Visibility into east-west queries is critical because lateral movement and internal communications account for a large portion of network activity; the webinar cites that around 60% of network traffic is east-west. Without insight into these internal queries, security teams may miss indicators of compromise and propagation pathways. Increasing visibility and control over east-west DNS queries helps detect suspicious intra-network behaviors earlier and apply controls to limit attacker movement and reduce operational impact.

What are the benefits of casting a wider net with enhanced threat intelligence and how can organizations engage end-users?

Casting a wider net with enhanced threat intelligence broadens the range of indicators available for detection, improving the likelihood of spotting novel or stealthy threats. Enhanced feeds provide more comprehensive coverage, which, when correlated with internal telemetry, yields richer context for prioritization and response. To engage end-users, the webinar recommends recognizing integration opportunities within existing workflows and communicating clear use cases and value — demonstrating how the integration improves detection speed, visibility, and control encourages stakeholder buy-in and operational adoption.

In this webinar, you’ll learn:

  • How to identify threats faster through rapid correlation of external threat data with source IP
  • How to increase visibility and control over internal “east-west” queries (around 60% of network traffic)
  • How to cast a wider net with enhanced threat intelligence
  • How to recognize opportunities for this integration and engage interested end-users

📣  Now live: Explore BlueCat Horizon, our SaaS-first Intelligent NetOps platform.