Many cybersecurity companies offer DNS content filtering for MSPs but finding the best solution can be time-consuming. The features included in DNS filtering solutions can vary considerably from provider to provider as can the cost. In this article, we will explain the features you should be looking for to help you make a shortlist of products to test.
DNS Content Filtering for MSPs
Your clients may want to start filtering the Internet to enforce acceptable Internet usage policies and prevent access to certain types of web content. This is a key consideration for schools and libraries in the United States who need to prevent access to web content that is harmful to minors for compliance with the Children’s Internet Protection Act (CIPA). Content filtering is also important for businesses to reduce legal risk and to allow them to provide sanitized WiFi access.
To avoid excessive support calls and keep clients happy, you will need to choose a solution with granular content controls that accurately categorize web content and offer keyword-based filtering in addition to category-based filtering for more careful control of Internet activity. Look for a solution that provides extensive coverage, including the Alexa Top 1 million websites, and has content filtering in multiple languages.
A solution that integrates with directory services (AD, LDAP) will make applying control controls much easier for different users, roles, departments, and locations, and will help keep the management overhead low. You should also ensure that your admin control panel allows you to apply bulk content control settings as well as set controls for specific clients – This can save you many hours of admin time. Some clients may wish to have control over whitelisting and blacklisting sites. A solution that allows you to delegate controls to clients can save you considerable support time and will ensure any miscategorized web pages can be quickly unblocked.
To give clients flexibility, look for a solution that offers time-based filtering. Some clients may wish to relax their content filtering rules outside of office hours. A company that provides the option of a temporary override of certain content controls is also advantageous, to avoid having to manually relax and then reconfigure controls.
Some solutions allow you to apply filtering and security controls for users when they are on the network, but you should be able to apply those controls for off-network users and be able to support businesses that have a hybrid working policy. This is usually achievable through a provider-supplied agent that is installed on individual devices.
Important Security Features of DNS Content Filters for MSPs
While content control is an important feature of DNS content filters for MSPs, the primary purpose of DNS filtering for many businesses is to improve their security posture by blocking access to malicious websites, such as those used for phishing or malware distribution. Surveys of SMBs suggest they believe their MSPs should be held responsible for any phishing attacks, after all, they pay MSPs to prevent cyberattacks. MSPs should therefore pay particular attention to security features. Many providers offer DNS content filtering for MSPs, but the security features can vary significantly.
DNS content filters block using blacklists of known malicious websites. You should choose a solution that incorporates blacklists that are updated from multiple sources and permit custom blacklists to be added. Try to find out how those lists are updated, and how frequently. Some solutions are fed intelligence from hundreds of millions of endpoints websites, ensuring malicious content is blocked for all users within a few minutes of detection.
Blacklists will block known malicious websites, but additional protection is provided by solutions that support SUBRL and URIBL filtering and check the reputations of websites. Controls can then be applied by scoring URLs on the likelihood of them being malicious. This allows MSPs to tailor filtering based on an organization’s level of risk tolerance.
One of the most important features – surprisingly lacking in some products that provide DNS content filtering for MSPs – is SSL inspection. SSL inspection will ensure that encrypted content is not opaque to the filters. Sites with SSL certificates will be decrypted, inspected, then encrypted. Without SLL inspection, many malicious websites would not be blocked.
Investigations and Reporting
Solutions with a wide range of pre-configured reports will allow you to generate reports for clients without having to create them manually. Clients may want access to information on Internet activity in real-time, so a solution that provides easy access to detailed metrics and has the capability to schedule and automate the sending of reports will cut down on the time you need to invest in management. You may need to conduct investigations, so the more detailed information provided by the solution, the easier this will be. Reports can help to demonstrate to clients the value of the service, such as the number of malicious sites that are being blocked, and the users that are attempting to visit blocked sites. This information will allow them to take proactive steps to reduce risk.
Ease of Use
Ease of use is a huge consideration. One of the biggest bugbears with solutions providing DNS content filtering for MSPs is the amount of time that needs to be spent configuring and maintaining the solution. Some DNS filters provide an extensive range of features, but they are complicated and there is a steep learning curve, requiring extensive staff training. Having a solution that requires little in the way of technical ability to set up and use can save many headaches down the line. With the right solution, once configured, DNS content filtering for MSPs can be a very low-maintenance service.
One of the best ways to check this is to visit business software comparison sites, where genuine users of the solutions provide feedback from their own experiences. This can help MSPs get a real idea of what the solution is like to use. Sites such as G2, Gartner, Expert Insights, Spiceworks, Reddit, and PeerSpot are good sources of information. Also, take advantage of any free trials to see for yourself how easy a solution is to use before committing to one vendor.
MSP-Focused Content Filtering Solutions
While products are marketed as providing DNS content filtering for MSPs, many solutions lack important MSP-friendly features. For example, you may want to host the solution in your own data center or in a private cloud. Some providers only offer hosting in their own cloud. Some vendors refuse to provide their solution in a white label form, which means you will not be able to add your own branding. The ability to integrate the solution into your own back-office systems is a big plus, so look for a company that supports these integrations, such as by providing APIs to make this easy. You should also choose a fully multi-tenanted solution that allows you to manage all clients through a central administration panel.
When considering DNS content filtering for MSPs, the cost is an important factor. You may want to provide the best possible protection and have the broadest feature set, but that is likely to come at a cost that many of your clients may not be willing to pay. Cost can vary considerably, and you may have to balance the features with what will be affordable for your clients. Many vendors offering DNS content filtering for MSPs have a flexible pricing policy that is well suited to MSPs, such as providing usage-based pricing to match MSPs fluctuating seat numbers, with some offering monthly billing. It is worthwhile investing some time into research to find a solution that will meet your needs.