Businesses need to implement defenses to prevent malware and ransomware from being downloaded onto their networks. An email security solution is important for blocking threats delivered by email and a DNS filtering service provides protection against web-based threats.
Web-based threats include phishing, malware, viruses, and ransomware, all of which can result in a costly data breach and significant downtime. Anti-virus software may have been implemented on all endpoints, but most antivirus software solutions use signature-based detection methods. These solutions are good at identifying and quarantining known malware but are far less effective at blocking new malware variants. If an unknown threat is downloaded by an employee as a result of a visit to a malicious website, the malware may not be detected by an endpoint security solution.
Benefits of a DNS Filtering Service
A DNS filtering service provides protection against web-delivered malware by preventing end users from visiting malicious websites. A DNS filtering service also blocks access to certain websites and webpages that an administrator defines as not suitable for work. By exercising control over the types of content that can be accessed by employees it is possible to increase staff productivity.
A DNS filtering service has other useful benefits such as bandwidth control. There will only be a certain amount of bandwidth available for all users and that bandwidth can easily be used by just a small number of employees. A DNS filtering service can be used to block bandwidth-heavy activities or apply time-based controls restricting those activities to quieter times of the day to ensure there is always sufficient bandwidth available.
How Does a DNS Filter Work?
A DNS filter works at the DNS lookup stage of a web request. When a user attempts to visit a website, via a hyperlink click or by entering a web address into their browser, that resource must be located by performing a DNS lookup. A DNS server is contacted, and the domain name of the website is matched with an IP address to allow the website to be found.
If a web resource violates company policies, if the site contains illegal content, or if the site is known to be used for phishing or hosting malware, the IP address for the site will not be passed to the browser. Instead, the user will be presented with a block page advising them that they are not permitted to access the website.
A DNS filter performs checks of the website without downloading content, so there is no latency with this form of internet filtering.
Cost of a DNS Based Filtering Service
Filtering the internet used to require a physical appliance to be purchased, so there was a sizeable upfront cost. A DNS based filtering service requires no hardware as all filtering takes place on the service provider’s servers. Many DNS based filtering solutions are available with monthly billing, so there is no large upfront cost to cover.
The cost of DNS filtering can vary considerably from provider to provider. Low-cost solutions are available for a cost of around $1 per user per month, which is a small price to pay for the protection provided against malware, ransomware and phishing. That cost can easily be recovered from the gains in productivity that are possible by exercising control over the internet sites that employees can access.