IT attacks come in waves, with hackers picking up on trends like fashionistas spotting the latest clothes styles.
The latest is going after point of sales devices. Inevitably attackers will find another vulnerability, but for the time being that’s one of the weakest vectors. IT security vendors are jumping to plug the holes.
The latest is Toronto’s BlueCat Networks, which makes IP address management solutions. On Wednesday it released Threat Protection for DNS/DHCP Server, which the company creates a ‘DNS firewall’ that stops malicious activities in domain name servers before they can reach business-critical applications or data.
The software, which protects any device with a DNS address, can be added to existing BlueCat customers’ DNS servers or can be purchased as a stand-alone solution. It can also be integrated with security information and event management solutions including IBM QRadar and HP ArcSight via pre-built connectors.
BlueCat said in a release that Threat Protection leverages core network services to add a new layer of security across all connected devices. It can take action based on up-to-the-minute data about known sources of malicious content through the hosted BlueCat Security Feed. IT mangers can configure policies to allow threat requests to be blacklisted, black-holed, redirected or whitelisted.
Using DNS Zone Transfer, the DNS server will download security feed data to store locally on the server as a Response Policy Zone, BlueCat says. Updates are then downloaded periodically according to the refresh time of the BlueCat DNS Server Response Policy Zone. When a device attempts to connect to a malicious site, the DNS query occurs before the application request. This query signals the intent to connect and can expose unexpected or unwanted behaviors. Threat Protection can ﬂag the query and log the event. Base on policies set by administrators, the traffic can be held or released.
“The Domain Name System is a critical component of any defense in-depth security strategy,” BlueCat chief technology officer Andrew Werkin said in a statement. “Threat Protection provides additional value to our customers without having to purchase or maintain additional appliances.”