With today’s requisite focus on DHCP, DNS and security, there is a growing need to collect detailed DNS and DHCP activity data as part of satisfying compliance and auditing requirements. DDI Guard has the capability to collect DNS and DHCP activity, provide reporting and alerting capabilities, integrate with third party SIEM products as well as offering an optional searchable long term storage option.
Proactive alerting with detailed drill-down
DDI Guard monitors DHCP and DNS transactions and can generate alerts via SNMP or SMTP for detection of DNS queries for blocklisted domains. Such activity could be an indicator of malware attempting to contact a command and control (C2) center for updates or to exfiltrate sensitive information. The DDI Guard dashboard enables drill down to detailed DNS and DHCP packet data for follow-up or troubleshooting.
Transaction capture for security and compliance
DHCP and DNS transactions comprise critical information during troubleshooting and for cyber threat investigations. DDI Guard retains captured packets for a short time and can be forwarded to the DDI Guard Archive appliance for longer term storage for forensics and for addressing regulatory as well as security and compliance requirements. SIEM interfaces are also supported to facilitate aggregation of network data.
Data filtering enables focused retention
DDI Guard enables filtering of captured DHCP and DNS packets in order to reduce network traffic to a centralized archive or SIEM system. Many SIEM systems also charge by data volume stored, so this filtering mechanism enables you to minimize SIEM data retention to constrain costs without sacrificing the ability to retain critical DDI transaction data.
Multi-vendor DHCP/DNS reporting
DDI Guard installs on our QIP and runIP DDI appliances or stock ISC BIND or DHCP servers running on RedHat Enterprise Linux or Microsoft Windows. Our versatility enables you to centrally monitor your diverse base of DHCP and DNS appliances, regardless of whether they are hardware, virtual, or cloud appliances.
Cygna Labs offers a broad spectrum of DDI security products
Cygna Labs offers several options to help you secure your DDI infrastructure. From extensive DNS security features to tracking of DDI events with the VitalQIP Audit Manager, to DHCP and DNS packet capture and archiving with DDI Guard to centralized aggregation of DHCP, DNS and IPAM data and appliance metrics with the Sapphire A30 Cygna Auditor for DDI, you have the freedom to choose among alternatives for securing your network.