03:42 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

BlueCat Networks Partners With Thales To Deliver Ultra Secure DNS Security Extensions

New BlueCat Networks appliance models integrate with Thales nShield HSM

Toronto, Canada ­ June 11, 2012 ­ BlueCat Networks, the IPAM Intelligence company, today announced that its DNS, DHCP and IP Address Management appliances are now integrated with the award-winning Thales nShield Connect hardware security module (HSM) to deliver simple and secure DNSSEC key management for organizations that demand the highest levels of security.

³Security is one of the top concerns of every CIO,² said Brad Micklea, Vice President of Product Management, BlueCat Networks. ³The Domain Name System is a critical public service that is on the front line, so attacks on DNS can severely impact business operations and undermine customer loyalty. By adding support for the Thales HSM to our existing DNSSEC solution, BlueCat Networks is once again demonstrating its commitment to providing the smartest, simplest and most secure solutions available for managing and securing enterprise networks. BlueCat Networks combines the ultra-high security of HSM-based DNSSEC with the simplicity of fully automatic key rollover for all key types, as well as flexible support for a broad range of encryption algorithms.²

DNSSEC uses strong public key cryptography to bring far greater security to any enterprise by protecting the DNS core network service from attacks like cache poisoning which can be leveraged for web site spoofing and phishing. In order to optimally secure your web site you must implement DNSSEC. However, there are two challenges to implementing DNSSEC that remain unaddressed: 1. Secure Key Storage: Standard DNS servers are not designed to be tamper or invasion proof, leaving keys potentially exposed to theft or misuse. 2. Key Rollover: Implementation and management of off-box DNSSEC keys can be complex, costly and time consuming in part because if handled manually, security teams must spend a large portion of their time generating, administering and validating the many DNSSEC keys in use. The combined BlueCat Networks and Thales solution for HSM-enabled DNSSEC solves both aspects. Keys are generated and secured via the Thales nShield appliance that is FIPS 140-2 Level 3 and Common Criteria EAL4+ certified. However, unlike more manual solutions, BlueCat¹s DNSSEC integration with Thales retains the simplicity of interaction that BlueCat¹s existing DNSSEC solution was known for. BlueCat Networks reduces the inherent complexity of DNSSEC with centralized key management, single-click signing policies, fully automated key rollover and emergency manual key rollover. With BlueCat Networks, organizations can control DNSSEC signed zones from a central location, gain a comprehensive view of all DNSSEC-related data and demonstrate compliance during security audits. ³Recent highly publicized cyber attacks like Stuxnet are a clear reminder that digital signature keys that underpin services like DNS are vulnerable to theft or mis-use and must be protected,² said Cindy Provin, president of the Americas, Thales e-Security. ³DNSSEC is already being widely adopted by government, financial services and healthcare organizations where the security of sensitive information is of paramount importance, but DNSSEC is only as good as the security of an organization¹s cryptographic keys. The Thales nShield Connect HSM ensures that keys are generated and stored by an ultra-secure device that is both physically and electronically protected against tampering and invasion. When the Thales HSM is used in conjunction with BlueCat Networks¹ smart, simple DDI solutions, organizations get the benefit of market-leading DDI and key security in an intuitive solution.²

Deployed at some of the most demanding and secure organizations in the world, BlueCat Networks¹ DNS, DHCP and IP Address Management solutions provide an essential technology for helping organizations build smarter networks and manage IP-dependent services including cloud, virtualization and BYOD.

About BlueCat Networks BlueCat Networks provides a smarter way to manage BYOD, mobile devices and cloud. With powerful IT self-service, automation and workflow delegation, BlueCat Networks software solutions give organizations the power to manage ³everything IP² in their network including devices, users and IP activity from a single pane of glass. The result is a dynamic network that is more resilient, cost effective and easier to manage.

With tightly integrated IP core services, BlueCat Networks¹ simple and scalable IP Address Management (IPAM) solutions have helped Global 2000 companies and government agencies reduce costs and solve today¹s most critical IT challenges ­ from BYOD and mobility to data center virtualization and cloud computing. We also help organizations manage growth and change by easing the transition to new technologies such as IPv6 and DNSSEC. To learn more, visit:

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.