BlueCat Threat Protection leverages data from reputable third-party sources to provide protection against malicious domains and sites that employ malware, botnets, exploits, and spam. Conventional tools and software focus on securing the end device or the communication layer.
- High—a list of suspected domains that have been associated with malicious activity within the last 60 days.
- Medium—a list of suspected domains that have been associated with malicious activity within the last 60-120 days.
- Low—a list of suspected domains that have been associated with malicious activity exceeding 120 days.
- Unverified—a list of possible suspected domains that have not yet been reviewed and classified.
- DoH Public Servers—a list public servers known to perform DNS resolution over HTTPS (DoH).
BlueCat Threat Protection leverages the pervasiveness of DNS to provide another layer of protection by controlling or preventing access to known malicious sites. BlueCat Threat Protection uses DNS Response Policies to allow administrators to define hosts and zones that they wish to block. You can configure BlueCat Threat Protection by manually defining local DNS Response Policies or BlueCat Security Feed which provides automatic updates to receive threat data in real time.
Threat Protection Reports
For information on generating Threat Protection reports, refer to article 012082 on BlueCat Customer Care.
Threat Protection Limitations
You can only deploy response policy zones that use BlueCat Threat Protection feeds to DNS/DHCP Servers that have 8GB of RAM or greater.