Click to watch an overview of how DNS Edge works.
BlueCat DNS Edge™
BlueCat DNS Edge leverages your existing DNS infrastructure to give you visibility, control, and detection capabilities to help protect sensitive data and critical systems. Detect, block and quickly remediate cyberattacks, right at the DNS layer.
Complete Visibility and Control of Your DNS Traffic
Deployed as a virtual DNS caching layer throughout your network, DNS Edge service points log every DNS query and response for every client on the network – no agents required. That means cybersecurity teams gain visibility into the intent of every device and can apply advanced, smart analytics to identify patterns of malicious behavior like data exfiltration, tunneling and domain generating algorithms (DGA).
Unlike your network firewall or web proxy, DNS Edge allows incident response analysts to gain granular insight of DNS activity of the request, the response and the originating host machine. Search and filter to identify the spread of an infection and root out patient zero. Applying granular policies such as by zone, device type and more helps block unwanted access and monitor sensitive data.
Capabilities
Deeper Visibility
- Correlate query and response logs to originating host
- View both internal and external traffic; for every client type
- Rely on logs for forensic investigations
- Root out patient zero and other infected devices
Better Control
- Gain granular policy control by device, zone, time of day, etc
- Whitelist IoT or critical systems from accessing unallowed domains
- Monitor machines accessing sensitive data; be alerted on suspicious behavior
- Integrate with a SIEM or Splunk to correlate with other tools
Greater Detection
- Apply smart analytics across all DNS queries on your network
- Detect behavior like data exfiltration, tunneling and DGA
- Ingest third-party threat intelligence to block known-bad domains
DNS Edge Makes Your Teams More Effective
DNS Edge Improves Your Existing Investments
Your network firewall
Firewalls are critical to any layered defense, but they don’t take full advantage of the DNS data you have today. For example, DNS Edge helps incident response teams track malware lateral movement and root out patient zero. It correlates DNS requests, responses and originating IP to show intent so security teams can apply granular policies for both internal and external traffic.
Your current DNS infrastructure
Logging DNS data on Microsoft servers is difficult and frequently ineffective. Even if you capture the original IP address and query, you’re lacking critical domain response information that can detect potential threats. Creating policies to block those threats across your entire infrastructure is difficult. DNS Edge integrates with your existing DNS to provide the visibility and control you need.
Your SIEM
You may be collecting and analyzing DNS data in a SIEM or Splunk™. But that can get expensive. If you’re lucky enough to detect a security incident among millions of DNS queries, what then? DNS Edge lets you send only the most interesting data to your SIEM to shorten Mean-Time-to-Resolution, and immediately set policies to block, monitor, redirect or whitelist domains before the cache. Using Splunk? Awesome – download our DNS Edge for Splunk app and start building better security policies right in Splunk.
Your Cisco Umbrella
Cisco Umbrella is a powerful suite of cybersecurity solutions, but not best of breed DNS security. DNS Edge complements Umbrella’s North-South (external) protection by monitoring East-West, or internal network traffic. As a result you can lock down sensitive internal data and applications from internal bad actors or infected devices. DNS Edge is also an ‘agent-free’ cloud solution, requiring no footprint on the end-point for IT teams to manage.
Get Hands-On with DNS Edge
Watch this demo to learn how BlueCat DNS Edge gives cybersecurity and network teams shared visibility and control over internal and external DNS traffic through a single platform to mitigate and eliminate ways attackers can exploit DNS, detect and block cyberattacks, and investigate incidents to reduce the time to remediation.