DNS: Your First Line of Defense on the Web

Web links to nefarious websites is one of the most utilized mechanisms employed by bad actors to deploy ransomware and other malware and virus.

DNS Protect filters website accessibility and is the first line of defense against web-borne attack surfaces.

Watch how DNS Protect works to keep you safe online for less than $0.05 per user per day.

DNS Protection for Security

Security isn’t something you “implement” and then forget about. It’s constantly evolving, and as external risk factors increase and end users are more likely to become the victim of cyber attack, layered security is
increasingly important.

You need your firewall. You need your antivirus. You also need DNS filtering. Because all of them do different things and protect you in different phases of your work day.

Unfortunately for all of us, hackers are really good at deceiving people. And there are a lot of them working to steal information, usually for some sort of financial gain.

Per Symantec, one in 13 web requests now lead to malware. While we’re on the subject, malware makes up 28% of all cybersecurity threats while phishing accounts for over 30%. That means that nearly 60% of cybersecurity threats are deployed at the DNS level.

Even with cybersecurity awareness training, if the hackers are motivated enough they can convince that person to click the link. They can find information from public social media pages, press releases, or even business pages and leverage that to convince end users that they are trustworthy.

And this happens quickly. When a phishing attempt is successful, over 50% of the link clicks occur in the first five minutes. So there isn’t much time for mitigation to happen if you don’t have filtering set up.

This is why solutions that block threats instantly, even when they’ve never been seen before, are necessary so that the DNS request for that malicious site doesn’t get resolved and put the end user and the entire company at a
tremendous risk.

DNS Protection for Visibility

It’s not enough to just block threats. If you have no insight into what you’re blocking, you’ll never be able to improve both security and content filtering as a whole.

Visibility gives a clearer picture of:

  • What sites users are accessing
  • The average number of threats being mitigated
  • How frequently pages are being blocked

You can then use these insights to make recommendations around both security (see above) and productivity (see below).

As an example, on a Wednesday in July 2020 we looked at the traffic on our network (this includes all customers) and we saw that 13% of all DNS requests between 8 a.m. ET and 6 p.m. ET were requests for TikTok
domains. And a very small percentage of them were actually blocked.

This is the type of query you can do in DNS Protect. If you saw a similar trend on your network, we could recommend that you:

  1. Block TikTok (this is the no-brainer)
  2. Send an email (or hold a meeting) on what sites are acceptable to access during working hours
  3. Create a written policy on what types of sites employees are and aren’t allowed to access with their work laptops (and then block all of those sites to continue to get those insights)

You can even dive into user DNS requests if you’ve deployed DNS Protect through our Active Directory integration or Roaming Clients. This is valuable information. If you notice one user repeatedly trying to access blocked sites, it might be an indication that the person is wasting their time.

Another consideration is that it could indicate that a recreational site like Facebook may be important for a marketing employee to access during their workday, and this block policy is negatively impacting their work performance.

But without visibility, you wouldn’t be able to draw any conclusions.