Make DNS your first line of defense.

91% of malware use DNS in attacks. It's time to turn the tables. By providing visibility and control over every DNS request, response and originating IP address, BlueCat DNS Edge helps your cybersecurity teams uncover and take action against threats before, during and after a breach.

Introduction to BlueCat DNS Edge

Click to watch an overview of how DNS Edge works.

BlueCat DNS Edge™

BlueCat DNS Edge leverages your existing DNS infrastructure to give you visibility, control, and detection capabilities to help protect sensitive data and critical systems. Detect, block and quickly remediate cyberattacks, right at the DNS layer.

BlueCat DNS Edge

Complete Visibility and Control of Your DNS Traffic

Deployed as a virtual DNS caching layer throughout your network, DNS Edge service points log every DNS query and response for every client on the network – no agents required. That means cybersecurity teams gain visibility into the intent of every device and can apply advanced, smart analytics to identify patterns of malicious behavior like data exfiltration, tunneling and domain generating algorithms (DGA).

Unlike your network firewall or web proxy, DNS Edge allows incident response analysts to gain granular insight of DNS activity of the request, the response and the originating host machine. Search and filter to identify the spread of an infection and root out patient zero. Applying granular policies such as by zone, device type and more helps block unwanted access and monitor sensitive data.

Video use case: Forensic investigation using DNS


DNS Edge Makes Your Teams More Effective

For audit and cybersecurity teams that need log critical network data, DNS Edge makes it easy to meet or exceed compliance standards for system monitoring and boundary protection like NIST 800-53.
For incident response teams that need to find patient zero in the aftermath of a cyber attack, DNS Edge provides visibility. Because it logs every DNS query, response and originating IP address for both internal and external traffic, analysts can see compromised devices and when they were infected.
For network teams routinely hit with requests for DNS data but wary of expanding access to critical DNS infrastructure, DNS Edge lets cybersecurity teams view, search and filter against millions of DNS data points, without any risk of disruption.
For security architects that need to quickly block bad domains, limit access to sensitive data or lock down critical systems, like IoT devices, DNS Edge is quick and effective. Now they can create granular policies that establish least-privilege access at the DNS level. Edge can also ingest threat intelligence feeds from any source and build on established blocklist policies.
For cybersecurity teams that work to detect data exfiltration, beaconing, tunneling and domain generating algorithms (DGA), DNS Edge smart analytics detect patterns of suspicious activity in DNS data.

DNS Edge Improves Your Existing Investments

Your network firewall

Firewalls are critical to any layered defense, but they don’t take full advantage of the DNS data you have today. For example, DNS Edge helps incident response teams track malware lateral movement and root out patient zero. It correlates DNS requests, responses and originating IP to show intent so security teams can apply granular policies for both internal and external traffic.

Your current DNS infrastructure

Logging DNS data on Microsoft servers is difficult and frequently ineffective. Even if you capture the original IP address and query, you’re lacking critical domain response information that can detect potential threats. Creating policies to block those threats across your entire infrastructure is difficult. DNS Edge integrates with your existing DNS to provide the visibility and control you need.


You may be collecting and analyzing DNS data in a SIEM or Splunk™. But that can get expensive. If you’re lucky enough to detect a security incident among millions of DNS queries, what then? DNS Edge lets you send only the most interesting data to your SIEM to shorten Mean-Time-to-Resolution, and immediately set policies to block, monitor, redirect or whitelist domains before the cache. Using Splunk? Awesome – download our DNS Edge for Splunk app and start building better security policies right in Splunk.

Your Cisco Umbrella

Cisco Umbrella is a powerful suite of cybersecurity solutions, but not best of breed DNS security. DNS Edge complements Umbrella’s North-South (external) protection by monitoring East-West, or internal network traffic. As a result you can lock down sensitive internal data and applications from internal bad actors or infected devices. DNS Edge is also an ‘agent-free’ cloud solution, requiring no footprint on the end-point for IT teams to manage.

Check out our videos on DNS security use cases


Get Hands-On with DNS Edge

Watch this demo to learn how BlueCat DNS Edge gives cybersecurity and network teams shared visibility and control over internal and external DNS traffic through a single platform to mitigate and eliminate ways attackers can exploit DNS, detect and block cyberattacks, and investigate incidents to reduce the time to remediation.

Protect your sensitive data and critical systems with DNS