IoT is making networks smarter and more efficient, but comes with significant security trade offs. With 91% of malware using the DNS protocol, each new connection creates opportunities for DNS attacks to infiltrate the network and exfiltrate sensitive data. BlueCat’s Threat Protection is a security feed which provides security teams with a strong defense against malicious attacks at the device layer.
When the Threat Protection security feed is activated as part of our DNS Edge product (or purchased for use with BlueCat Integrity), it enables rapid detection, investigation, and remediation of advanced threats through:
- Comprehensive Threat Coverage - Defend against attacks with the most active repository of threat intelligence in the industry.
- Continuous Updates & Expertise - Enrich DNS data with insights from an elite team of threat analysts and security researchers.
- Enhanced Threat Classification - Prioritize threat activities based on severity, frequency, and confidence.
- Elimination of SIEM Blind Spots - Correlate detailed information with other data sources by integrating with popular SIEMs.
Let’s look at how the BlueCat Threat Protection feed blocks malicious domains from a network architecture perspective.
Say a global retailer wants to protect all devices, such as mobile apps and POS devices, which operate on its network. They would start by pushing all device queries through a BlueCat Service Point. Sitting at the first hop of any networking query, the service point provides full visibility and control over queries before they advance to internal or external locations. This is where BlueCat Threat Protection does its work, running every DNS query against an active repository of threat intelligence for Comprehensive Threat Coverage.
Here’s how to activate the Threat Protection feed in BlueCat DNS Edge:
Step One: In the domain list menu, select the threat intelligence feed you want to activate
Step Two: When you click on the policy, you can activate it and make any modifications
Step Three: Within minutes, you’ll see Threat Protection at work blocking malicious domains in the Policy Actions column
Step Four: Investigate and remediate any endpoint accessing a bad domain