Showing results for 
Search instead for 
Do you mean 

SDN Enables Central DNS Security, Globally Delivered

on ‎04-22-2014 07:51 AM

Guest blog by: Thomas Borrel, VP of Strategic Alliances, BlueCat


BlueCat-Colour.pngThere isn't a single client we talk to who hasn't noticed how critical their network has become for their business. Originally designed to connect terminals to a mainframe, desktops to printers, and laptops to web-based services, the network is now expected to support an ever-growing number of connected things and adapt to constantly evolving needs and security requirements. For the network to become more adaptable and elastic, its core services, like DNS (Domain Name System) need to also become elastic while providing security capabilities that it has never had to before.


DNS is essential to enabling device-to-app, app-to-app and device-to-device communication, but despite an ever-increasing business dependency, DNS continues to operate based on implicit trust. Devices are assumed to be querying the proper DNS server, and the DNS server is assumed to be trustworthy and provide accurate responses. This trust-as-a-foundation approach has made DNS a very popular attack vector with highly publicized attacks involving cache poisoning, amplification and reflection, tunneling or hijacking. While recent addendums to the DNS protocol help address some of those vulnerabilities, DNS continues to depend upon the configuration and operational integrity of the devices that use it. Combine this foundation with IT transformations such as BYOD, which allow employees to connect their own personal devices to the corporate network, and you end up with an environment ideally suited for internal attacks and malware proliferation.


Despite all that, DNS is ideally positioned in the network to provide complete visibility and control. Every connection starts with a DNS lookup – that DNS lookup signals the intent to connect and can expose unexpected or unwanted behaviors. The IP address provided by the DNS response will drive the rest of the connection. Controlling which IP address gets returned means controlling where the device will connect. Network designs that include the ability to define and enforce policies directly at the DNS level will separate themselves from the rest by offering greater intelligence on devices and apps connections combined with stronger security capabilities.


So here's the challenge - How can IT administrators continue to respond to the dynamic needs of the business, provide an elastic and secure network and embrace BYOD when foundational services have not adapted to the changing landscape? How can they ensure complete visibility and control over devices they do not provision, and ensure that DNS policies are applied across all devices, irrespective of their network access and configuration? Not that long ago, the answer would have been "impossible without affecting the user experience," but today, open network infrastructures based on SDN can solve these problems.



With a combination of SDN Controller and SDN App, you can deploy dynamic rules across all edge switches to intercept DNS traffic destined to non-corporate DNS servers and redirect it to your own DNS Servers where threat protection policies will be applied across all devices, regardless of their configuration. By blocking connection to non-corporate DNS Servers, your infrastructure will also prevent the establishment of DNS tunnels used to exfiltrate corporate data, spot mis-configured or infected devices, while ensuring complete visibility and control over all DNS traffic across all devices within the enterprise. All of this, without negatively affecting your user experience.


>> Learn more about the power of BlueCat DNS Director with the HP VAN SDN Controller.


>> For details on how BlueCat's DNS Director app combined with BlueCat's DNS Threat Prevention can help secure your network, access the HPand BlueCat Solution brief here.  

>> Contact us if you’d like to give this SDN application a try.


>> For more information visit 

>> Follow HP Networking on Twitter and Google+| Join HPN LinkedIn Community | Like us HPN Facebook 


>> Register to receive the HP Networking newsletter


0 Kudos
About the Author

Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all