Skip to content

Security

Bill Morton edited this page Sep 24, 2019 · 2 revisions

BlueCat solutions enhance security by providing full change control and access to granular data about network activity. This control and assurance capability can be integrated with SDN and SDWAN offerings so those services provide best in class DNS and DHCP across the networks that they orchestrate.

BlueCat's DNS service point passes all query data to a data sink, and analyzes that data in real time to detect improper internal access attempts, and activity from external malware, and DNS tunneling activity. BlueCat can update blacklists and DNS security policies on the fly to prevent such activity and alert security personnel accordingly.

BlueCat DNS resolution data and IP address lease data can be exported in real time to on-site data sinks such as Spunk or Qradar, along with MSSP cloud offerings such as Symantec or KDDI's LAC.

Integration Description Support
Symantec This integration places BlueCat service points between the existing internal DNS resolution system and the endpoints at each location. Query data is then uniformly passed from all locations across a global enterprise to the Symantec cloud, where they are further analyzed and correlated with other network service data to detect risks that can not be seen through DNS data alone. This positions Symantec to provide your enterprise with a global security service, without the need to first rebuild the existing DNS system
LAC This integration places BlueCat Service Points between the existing internal DNS resolution system and the end points at each location, and uniformly passes the query data from all locations across in global enterprise to the KDDI LAC data sink, where they are further analyzed and correlated with other network service data to detect risks that can not be seen through DNS data alone. This positions KDDI LAC to provide your Enterprise with a global security service, without you having to first rebuild the existing legacy DNS system
SPLUNK This integration places BlueCat service points between the existing internal DNS resolution system and end points, passing the query data to Splunk, where it can be further analyzed and correlated with other network service data . This positions your SOC to gain full insight into DNS in real time, whilst optimizing your Splunk data volume costs using the BlueCat risk detection filter, so that a subset of DNS data is passed to Splunk. In addition, BlueCat offers the capability to the full DNS data set so that east-west spread of detected risks can be isolated, and subsequently cleaned Community
KAFKA and Apache Spark This integration exists within our telco-grade DNS resolver and passes the query data to SPARK where it is analyzed and summarized so that risks can be observed and blacklists updated on the fly. DNS service access trends can be viewed through real-time online reports. This is available to large scale Telcos for use in 4G and 5G networks, to control and resolve massive amounts of subscriber DNS queries. For Telcos that are concerned about DNS tunneling being used by subscribers to avoid paying data fees, this solution will prevent such fee avoidance. Contact your BlueCat representative to learn more about the use cases and to receive trial copy of the integration assets.
You can’t perform that action at this time.