BlueCat Brings DNS-based Security to Splunk

BY Anna Ralph

Interested in downloading DNS Edge for Splunk? Download it from Splunkbase.

Today’s cyber security professionals and IT administrators are overwhelmed by an avalanche of data. With so many sensors and systems to monitor, the strategic vision of network security and network performance is easily lost.

Splunk provides a “single pane of glass” where IT administrators can see all their relevant metrics of network infrastructure and security in one place. By bringing together data feeds from across the network, Splunk empowers administrators with the high-level perspectives they need to assess (and ultimately improve) system performance.

DNS data provides critical insights into both security and performance, yet the sheer volume of information can be difficult to digest, even in a SIEM application like Splunk.  With clients and servers constantly spitting out IP addresses, it takes a degree of technical savvy to capture which information is meaningful.  So while it’s tempting to simply direct a raw DNS feed into Splunk, that’s hardly the way to provide actionable insight into network operations.

With its new DNS Edge app for Splunk, BlueCat highlights only the refined DNS data which is directly relevant to network security and performance. On the back end, BlueCat’s powerful DNS Edge platform does the heavy lifting, capturing DNS information at the client level. When that DNS information runs afoul of the policies set by administrators or shows signs of manipulation, it gets kicked to Splunk as an alert. Users can then use DNS Edge to apply security policies based on those alerts.

The integration between DNS Edge and Splunk is seamless. Splunk customers can maintain their current instance. All the data users see in the DNS Edge management screen can now be ingested into Splunk. Need to apply a policy based on a pattern of malicious activity you notice in Splunk?  It’s as simple as navigating from the app to the Edge management console. Want to add DNS data to your primary dashboard? Now you can. Looking for an alert when network activity goes against DNS policies? No problem.

If you have DNS Edge already, taking advantage of the Splunk app is as simple as downloading it from Splunkbase.

If you’re a Splunk customer who has always wanted to monitor DNS data, maybe it’s time to consider everything that DNS Edge can do for you.  Learn more about DNS Edge here.

Anna Ralph

Anna is a passionate content writer who's always eager to learn something new about cyber security.

View more articles by Anna Ralph