Use Case 1: Cyber Forensics

Taking Cyber Forensics to the Next Level

When the network is under attack, context is a vital part of incident response and resilience. Mere visibility to data is not enough – it’s the kind of data that teams can access, and what that data can tell them that is essential to a successful remediation.

Most organizations these days have a robust and layered perimeter cybersecurity through next gen firewalls to keep bad actors out. But no organization is impenetrable.

When a breach happens (and it will happen), incident response teams have to quickly uncover the lateral spread of an infection, root out patient zero, and get the network up and running again. Fast.

Time to remediation: context is everything

Who and When

Who and When

Where

Where

What

What

How

How

Edge Forensic Findings

Click to watch an overview of how DNS Edge works.

That’s where BlueCat DNS Edge helps. Edge provides unprecedented visibility and logging advantages because it is deployed as the DNS caching layer at the ‘first hop’ on the network. This means it captures the original IP address, DNS query and response, for both internal and external resources.

Edge provides vital context which helps administrators get the network back up and running again. Cybersecurity professionals performing forensic investigations have a lot to gain with this level of DNS data at their fingertips in real-time.

Ready to schedule a demo of DNS Edge and learn more about its capabilities?

Contact BlueCat today.