Working together, BlueCat and Cisco Umbrella extend the breadth and depth of domain name system security across the enterprise. The combined solution delivers valuable context and comprehensive visibility through the DNS infrastructure you use every day. With BlueCat and Cisco Umbrella, security teams get the granular information they need to mitigate threats in real time.
Digging deeper into DNS security
Find threats faster with endpoint visibility: The BlueCat-Cisco Umbrella integration provides instant access to endpoint-level Domain Name System (DNS) data, expanding the scope and reach of Cisco Umbrella’s industry leading DNS security platform. This allows security personnel to match threat intelligence with IP addresses used at the endpoint for quick, effective mitigation of malicious activity before it spreads. (Mizuho Securities called this level of visibility "a game changer for cybersecurity".)
"Who makes a query, I don’t know. I can’t tell where this DNS request originated from. Sometimes I see it and sometimes I can't."
Control the 60% of network traffic flowing through internal DNS: The data flowing through internal DNS services is a treasure trove for security teams. BlueCat adds visibility into this “east-west” traffic to Cisco Umbrella’s strong “north-south” perspective, providing a complete picture of what’s flowing through DNS servers for the full range of threat hunting, forensic investigations, and preventive application of security policies across the enterprise.
Deploy granular DNS security policies: With combined visibility into (and control over) internal and external data flows, security personnel can implement targeted security policies based on specific attack patterns. Through BlueCat's Cisco DNS integrations in products like Cisco ISE, Cisco ISRs, Active Directory, and other core network management elements, BlueCat implements security policies consistently across internal and external access points. This is more than a simple DNS firewall. This is an integrated security system which touches the entire enterprise through the power of DNS.
Optimize SD-WAN deployments: Using the power of service points, DNS routing policies can be deployed anywhere, including the data center, campus, or branch, to deliver sophisticated LAN-side DNS traffic-steering services that facilitate internet breakout in SD-WAN deployments. This can assist with global DNS resolution, hybrid cloud deployments and simplified DNS resolution.
"The fact that BlueCat can just forward external queries to Umbrella without creating a separate policy is a big benefit as well. It means less work, and less potential for error."
Adding new visibility
Here’s how it works. BlueCat sits at the “first hop” of any network query, acting as the initial recursive server for all internal DNS records. This gives BlueCat direct visibility into both the source IP as well as the “east-west” queries which sit underneath the external network boundary. This happens not through clunky and expensive hardware, but through lightweight service points which can be deployed quickly across the enterprise at a much lower cost than traditional DDI solutions.
Through an integrated solution, BlueCat sends Cisco Umbrella IP addresses used at the endpoint, along with other contextual data, allowing visibility into device-level infections through a simple user interface. This integration makes the process of applying granular security policies and identifying infected endpoints seamless and fast. For its part, Cisco Umbrella sends the threat information gleaned from inbound DNS queries to BlueCat, providing additional context around the digital signatures of malicious domains.
BlueCat DNS Edge can also capture all internal DNS queries and apply internal policies to endpoints.
Easy, lightweight deployment
It gets better. Normally this kind of insight would require deployment of additional sensors and tools across the network - a logistical challenge to deploy and manage. With BlueCat sitting at the first hop as a DNS resolver, all of that information is collected without all of that extra effort – you simply get the visibility you need across all devices.
Even better than that: if you have BlueCat and Cisco Umbrella today, there’s nothing to download or install. This integration is already available – all you have to do is configure the connection and you’re ready to go.
Learn more about BlueCat integrations with Cisco Umbrella, Cisco DNA Center, Cisco ACI, and more.