Bolster defense-in-depth with BlueCat threat feeds

BY Ben Ball

To block malicious network activity, you only need two things.  First, you need a way to filter network traffic through security policies.  Second, you need a threat feed to populate those security policies with up-to-date, meaningful intelligence.

Thankfully, network security teams are spoiled for choice on both fronts.  There are tons of firewalls and filtering tools out there, each with a unique way of intercepting malicious traffic on the network.  There are also plenty of threat feeds, each of which identifies malicious activity through different forms of intelligence gathering.

Here at BlueCat, we think that a DNS firewall is the most elegant, efficient, and consistent way to deploy security policies on a network.  Using a service point as the “first hop” in any network query allows you to apply security policies to both internal, “east-west” traffic as well as external “north-south” traffic, all without the use of on-device agents. Since they’re VMs, BlueCat’s service points can also be deployed anywhere and everywhere, catching traffic in the cloud and the network edge.

We realize, however, that the mechanism for applying policies is only as good as the intelligence behind those policies.  That’s why BlueCat offers a wide variety of threat feed options as well.  From best-in-class threat intelligence powered by Crowdstrike to an integration with Cisco Umbrella to custom policies for your specific network, BlueCat has you covered.

Here are some of the options BlueCat offers to increase your defense against advanced threats.  All of these are part of our DNS Edge security product.

BlueCat Threat Protection

Threat Protection, BlueCat’s flagship threat feed, is powered by Crowdstrike, the new standard in threat intelligence and a “leader” in Gartner’s latest Magic Quadrant for endpoint protection.    Crowdstrike’s threat intelligence contains over two million high-fidelity domain indicators of compromise, including extensive context for every threat indicator.  When you activate the Threat Protection feed in DNS Edge, you’ll have the option of applying different levels of Crowdstrike’s security intelligence to your DNS traffic.  The best part?  When you get DNS Edge, Crowdstrike comes as part of the package.  There’s no need to purchase a separate license.  For more information, check out our Threat Protection data sheet.

Threat intelligence from Cisco Umbrella

BlueCat partners with Cisco to offer an integration with its powerful Umbrella product (formerly known as OpenDNS).  Through this Cisco Umbrella integration, DNS Edge users gain access to threat intelligence contained in Talos, a feed that uses Cisco’s enormous user base to create one of the most comprehensive sources of threat intelligence on the planet.  For more information, take a look at our Cisco Umbrella integration page.

Other third-party threat feeds

The combination of Crowdstrike and Talos offers comprehensive coverage of known malicious domains.  But maybe you’ve got another threat feed that you’ve had success with, or one that contains vertical-specific intelligence.  Users who want to supplement our existing threat feed offering can just as easily plug in any third-party product into DNS Edge using our open API.

Custom policies you create

With DNS Edge, you can create custom security policies to lock down specific areas of your network or control specific types of activity.  For example, you can build a security policy to restrict access of IoT devices to certain servers only.  You can keep employees from finding sensitive data outside their normal purview by blocking DNS queries to servers in other departments.  You can block access to inappropriate sites.  And you can protect against domain generation algorithms, DNS tunneling, and other malicious activity.  It’s as easy as developing a domain list and rolling it out through our easy to use interface.

Custom policies created by BlueCat Professional Services

“I’d love to have all of those sophisticated custom policies,” you might be thinking.  “But who has the time to build them?”  When your security team is already maxed out on just keeping the lights on, BlueCat Professional Services is there to create the custom policies you need.  We’ll map out a plan for security policies which fits your business needs, and then implement it as we work alongside your team.  Our Stevie award-winning customer service organization has the expertise and insights you need to create the most effective security policies for your business.

Learn more about DNS Edge and BlueCat’s threat feed options.

Ben Ball

Ben Ball is the Director of Strategy and Content Marketing at BlueCat. Ben served for ten years as a Federal employee, with three tours as a Foreign Service Officer (Saudi Arabia, Turkey, Jordan), and five years at the Department of Homeland Security, where he focused on immigration issues. A graduate of the Fletcher School of Law and Diplomacy and Pitzer College, Ben lives in the San Francisco Bay Area.

View more articles by Ben Ball