Cygna Labs
Book a Demo
shield

N3K becomes Cygna Labs Germany

DDI Security

Like all of your critical infrastructure, DDI components must be secured to reduce the risk of outages that will impact your user community’s ability to access and use your network. In addition, Diamond IP DDI solutions help you secure your overall network by securing your DNS transactions and by enabling rigorous IP inventory practices of inventory with discovery and reconciliation to identify and validate IP occupancy. Our Sapphire A30 IPAM Auditor appliance provides an added layer of DDI transaction forensics and trend reporting.

Secure DDI appliances

Diamond IP offers a rich set of DDI security features and capabilities to enable you to secure your DDI infrastructure within a centralized, holistic IP address management solution. For one, our virtual and hardware Sapphire appliances are built from scratch to mitigate operating system, server, or poisoning attacks. In addition, we build our proprietary operating system based on a non-commercial Linux distribution built from scratch in a secure environment with a non-modular kernel, uninterruptible boot, and protections against networking attacks such as spoofing, route and ICMP redirections, and more. The file system includes only necessary binaries which run in a sterile jailed environment and have non-privileged attributes.

Secure DDI appliances

Transaction logging for visibility and forensics

Sapphire DNS appliances support standard DNS query logging to log collectors or full DNS query and response capture with transmission to our Sapphire A30 IPAM Auditor appliance. Sapphire DHCP appliances support multiple resiliency features including hardware clustering (TwinMirror), split scope and DHCP failover server deployments. Sapphire DHCP and DNS appliances also support SNMP MIBs and traps to view and report address pool capacity exhaustion, DNS firewall hits, DNSSEC validation failures, all alerting administrators to a possible threat or to supplement address capacity.

Transaction logging for visibility and forensics

Centralized visibility and control

IPControl software or Sapphire Executive (EX) appliances provide centralized configuration, monitoring and management of deployed Sapphire DNS and DHCP appliances. IPControl provides a web graphical user interface (GUI) to configure all Sapphire, ISC, CNR or Microsoft DHCP and DHCPv6 attributes on all deployed DHCP servers, including pools, shared subnets, manual DHCP (“reservations”), options, polices, client classes and more. IPControl provides threshold and alert definitions to enable administrators to be notified in advance of address pool exhaustion.

Centralized visibility and control

AI-based risk reduction

Our prediction models facilitate planning and can dictate urgency for proactive actions. Beyond notification, alert conditions can trigger automated actions, such as provisioning of additional address space for added capacity. And IPControl supports centralized staging and distribution of updates and patches to deployed Sapphire appliances. IPControl’s Appliance Dashboard provides a centralized summary of each deployed appliance’s service status and enables drill-down for appliance level configuration and diagnostics.

AI-based risk reduction

DNS security boosts network security

Diamond IP supports several additional DNS security features including the following, which can add a DNS layer to your defense in depth network security strategy:

  • DNS firewall with support of multiple response policy feeds, block lists and allow lists to detect and prevent queries by malware to command and control centers

  • DNS tunnelling detection and optional automated shutdown helps prevent sensitive data exfiltration and theft

  • Query/response rate limiting to mitigate D/DOS and reflector/amplification attacksQueries per client and query depth to reduce impacts of bogus query attacksTransaction signatures for DNS transactions

  • Anycast support for D/DOS resiliency

  • DNSSEC signing of zone data

  • DNSSEC validation of signed responses

  • DNS service access control lists

  • DNS update policy to granularly control dynamic updates

  • Control and statistics channels ACLs

  • Appliance port access and packet rate limiting

Forensics for troubleshooting and incident analysis

The Sapphire A30 IPAM Auditor appliance provides visibility to and reporting for DNS and DHCP transactions on your servers. The IPAM Auditor appliance aggregates inputs from deployed Sapphire DNS and DHCP appliances to enable graphical reporting of all levels of DNS and DHCP traffic from time-series summary trends to drill down to specific DNS and DHCP packets for forensics analysis. Graphical dashboards for appliance-level, DNS and DHCP statistics provide easily consumable information to enable rapid detection and investigation of issues. The IPAM Auditor also aggregates DNS, DHCP and IPAM data for full DDI reporting.