With DNS exploit attacks surging, BlueCat releases new DNS security software that detects internal threats and secures vital assets.
Today, BlueCat, the Enterprise DNS company, announced powerful new capabilities for BlueCat DNS Edge™ (Edge), a solution that leverages existing DNS infrastructure to help cybersecurity and networking teams detect and block cyber attacks. The new capabilities add a much-needed layer of defense for corporate networks under siege from an explosion of malware attacks and their skyrocketing cost. According to industry research, 91% of malware uses the DNS protocol for command and control, data exfiltration or lateral movement on a corporate network.
“Networking and cybersecurity teams are under pressure to gain control of their network infrastructure and greatly increase actionable cyber intelligence,” said Michael Harris, CEO of BlueCat. “The solution lies hidden in billions of DNS queries and responses. As the leading provider of Enterprise DNS solutions for the world’s largest organizations, BlueCat is in a unique position to help customers identify, control and reduce the attack surface – especially for exploits happening inside the firewall.”
Stephen Frank, Director, Technology and Security at NHL Players Association uses Edge to secure player information from DNS exploits and exfiltration. “The NHLPA faces cyber challenges that many organizations don’t. For example, we see so many international domains because of the diverse nationalities of players,” says Frank. “As a best-of-breed DNS security offering, Edge gives us a whole new level of visibility into network activity that helps us distinguish malicious activity from good.”
Edge helps organizations:
Get unprecedented visibility into internal and external network activity for every connected client device, corporate application or service. With Edge, cybersecurity teams can access DNS data that today’s firewalls and web proxies will never see. This includes the originating host, query and response – before the cache, for both internal and external requests. This helps them observe suspicious activity, detect lateral movement and track down patient zero. It also makes it easy for cybersecurity teams to meet or exceed compliance standards for system monitoring and boundary protection like NIST 800-53.
Quickly establish smarter, more flexible policies to control internal and external DNS activity across the entire network. With Edge, network and security architects create granular policies based on a variety of factors such as the DNS query, device types (including IoT devices), sites and zones, and time of day. This flexibility helps cybersecurity teams establish least-privilege access at the DNS level to protect internal assets or lock down infected IoT devices, for example. Edge can also ingest threat intelligence feeds from any source and build on established blocklist policies.
Detect malicious behavior on the network like DNS tunneling, data exfiltration and domain generating algorithms. Edge employs smart analytics to look for patterns in DNS queries that indicate common DNS exploits. Any suspicious query data can be sent to popular SIEMS for further analysis and correlation. BlueCat recently introduced BlueCat DNS Edge for Splunk that offers additional capabilities for Splunk users, available for download on SplunkBase.
The latest version of Edge also includes new DNS-routing policies using multi-namespaces to introduce unique flexibility for administrators to configure their DNS resolution path, lighten the load on the WAN and web proxies, and eliminate duplication across namespaces. Additionally, new dashboard improvements make it easier for administrators to spot anomalies in DNS query data.