Cygna DDI Guard is a network security solution that collects, monitors, and archives DHCP and DNS transactions to improve network visibility, enable real-time and historical analysis, and support cyberthreat intelligence. It forwards filtered DDI data to SIEM systems, generates alerts for suspicious activity, and ensures minimal impact on server performance. The product is deployable on various platforms, including dedicated appliances and servers running Rocky Linux or Windows 2022, and supports scalable data retention for compliance and forensic needs.

Key Features

Comprehensive DDI Monitoring Captures and archives all DHCP and DNS transactions for full visibility.

• Retains both queries and responses
• Enables real-time and historical analysis

SIEM Integration Forwards filtered DDI activity to third-party Security Information and Event Management (SIEM) systems.

• Customizable filtering criteria to reduce data bloat
• Supports cyberthreat intelligence and event correlation

Real-Time Alerts Generates alerts for defined suspicious DHCP/DNS activity.

• Alerts via SNMP or email
• Detects rogue devices and malware activity

Minimal Performance Impact Designed to monitor and archive without degrading DHCP/DNS server performance.

• Bi-directional data capture
• Real-time transaction tapping

Flexible Deployment and Retention Supports centralized, regional, or local data retention with scalable archives.

• Deployable on hardware, virtual, or cloud appliances
• Automated rollover and capacity expansion

Benefits

Enhanced Security and Forensics Improves ability to detect, investigate, and respond to cyber threats.

• Provides critical data for troubleshooting and threat investigations
• Enables proactive detection of suspicious network activity

Operational Efficiency Streamlines DDI monitoring and compliance with minimal resource overhead.

• Reduces SIEM ingest costs with smart filtering
• Simplifies scaling of data retention for regulatory needs