Before we jump into this topic, we want to stress that EC has an easy to implement solution for you and your team when it comes to DNS filtering. The information below is to provide context and explanation as to the primary solution that we have found most impactful for our clients. As always, a direct consultation with our team is the best way to dig into tailored options for your business, and we would love to hear from you! For now, let’s put our heads together on the topic of DNS filtering and the value it can provide.
What is DNS Filtering?
To start, DNS stands for Domain Name System. It is an essential service that allows the internet to function as it translates domain names (such as www.example.com) into IP addresses (such as 93.184.216.34) that computers use to locate and communicate with each other. Essentially, DNS allows communication on the internet. In fact, DNS is used every time a person types a website address into their browser, clicks on a link or sends an email. The general process is this: when a person types a website address into their browser, the browser sends a request to a DNS server to resolve the domain name into an IP address. Once the DNS server resolves the domain name, the browser can connect to the website’s server and retrieve the webpage. Voila!
When it comes to managed cybersecurity, therefore, DNS plays an important role as it can be used to block or allow access to specific websites and internet domains. This is known as DNS filtering and is used to protect against cyber threats such as malware, phishing, and other malicious websites.
How exactly can DNS filtering be leveraged to enhance your cybersecurity posture? This can be done either by blocking access to known malicious domains or by allowing access to only a specific set of trusted domains.
DNS filtering is valuable to an organization because it can help to:
- Block malicious websites: DNS filtering can help prevent employees from visiting known malicious websites, which can help to protect the organization from malware, phishing, and other cyber threats.
- Protect against data breaches: By blocking access to malicious domains, DNS filtering can help to prevent employees from inadvertently exposing the organization to data breaches.
- Content filtering: DNS filtering can help organizations to control and monitor the types of content that employees can access on the internet, which can help to prevent the spread of offensive content or other inappropriate material.
- Advanced threat protection: DNS filtering, when combined with other security measures, can help to protect an organization from advanced threats such as zero-day threats and botnets.
There are multiple ways of accomplishing the above, and they are not all created equal. Some ways of implementing DNS Filtering are:
- On-premise DNS servers: Organizations can use their own DNS servers to filter traffic. This can be done by configuring the DNS servers to block or allow access to specific domains, or by using third-party software to manage the filtering.
- Cloud-based DNS filtering: Organizations can use cloud-based DNS filtering services, which are provided by third-party companies. These services typically involve redirecting all DNS queries to the cloud provider’s servers, which handle the filtering.
- Firewall-based or Router- Based DNS filtering: Organizations can use their firewall or router to filter DNS traffic. This can be done by configuring the firewall to block or allow access to specific domains or by using third-party software to manage the filtering.
- Endpoint-based filtering: Organizations can use endpoint-based filtering software to block or allow access to specific domains on individual endpoints, such as laptops and desktops.
- Network-based filtering: Organizations can use network-based filtering to block or allow access to specific domains by using network security appliances such as intrusion prevention systems (IPS) and next-generation firewalls (NGFWs).
The method(s) chosen will depend on the organization’s specific needs and resources. That said, legacy DNS filtering that only protects the office network is no longer enough. With the distributed workforce of today, something more is needed. As we have worked extensively with many partners during the transitions of the past few years, we have seen tremendous value in combining cloud-based & endpoint-based DNS filtering.
Let’s look at endpoint-based filtering, which is a method of implementing DNS filtering by installing software on individual endpoints, such as laptops and desktops, which can block or allow access to specific domains. This method is typically used in conjunction with other security measures, such as EDR (endpoint detection and response) software.
Some benefits of endpoint-based filtering include:
- Granular control: Endpoint-based filtering allows organizations to have granular control over which domains are blocked or allowed, which can help to prevent employees from visiting known malicious websites.
- Improved security: Endpoint-based filtering can help to improve security by preventing malicious software and other cyber threats from spreading throughout the network.
- Improved compliance: By installing endpoint-based filtering software, organizations can ensure that they comply with regulatory requirements that require them to protect sensitive data from unauthorized access.
- Protection even when the device is disconnected: Endpoint-based filtering software can continue to monitor and protect the device even when it is disconnected from the corporate network, which can help to prevent cyber threats from spreading.
- Ease of management: endpoint-based filtering software can be managed centrally, which makes it easy for organizations to keep the software up to date and to ensure that the software is configured correctly.
Some of the drawbacks of endpoint-based filtering can include:
- Additional cost: endpoint-based filtering software can be expensive to purchase and maintain. (Hint: we have a great per device option!)
- Additional maintenance: endpoint-based filtering software can require regular updates and maintenance to ensure that it is effective.
This is where the magic happens: The best way to implement DNS filtering for a remote workforce is to use an endpoint-based strategy and marrying it to a cloud-based DNS filtering service. This method involves redirecting all DNS queries to the cloud provider’s servers, which handle the filtering. The benefits of this approach include:
- Scalability: Cloud-based DNS filtering services can be easily scaled to accommodate a large number of employees working remotely.
- Flexibility: Cloud-based DNS filtering services can be accessed from anywhere, which is ideal for a remote workforce.
- Advanced threat protection: Many cloud-based DNS filtering services provide advanced threat protection, which can help to protect against zero-day threats and botnets.
- Management and reporting: Cloud-based DNS filtering services typically include management and reporting features, which can help organizations to monitor and control internet access for remote employees.
- Deployment: Cloud-based DNS filtering services can be deployed quickly and easily, which can reduce the time required to implement the service.
- Cost-effective: Cloud-based DNS filtering services can be more cost-effective than on-premises solutions, particularly for organizations with a large number of remote employees.
Overall, cloud-based DNS filtering services are the best way to implement DNS filtering for a remote workforce, as they provide scalability, flexibility, advanced threat protection, management and reporting.
The Value DNS Filtering
What we see in ongoing cybersecurity incidents and breaches is that phishing (and all of its variants) is becoming more and more the starting point for attacks. While Security Awareness training is the best starting point to address phishing from the human side, when it comes to technology, DNS filtering is a fantastic security layer to help combat accidental clicks that occur as the result of phishing. It is not a total solution, but a very valuable layer in the armour against cyberattacks.
The Takeaway
While there are many ways of implementing DNS filtering, and many reasons to do so, we have found that cloud-based endpoint DNS filtering allows the outcomes most needed in our work-from-anywhere world. It covers the endpoint when in the office on the office network, and everywhere else. At EC Managed IT, we specialize in equipping this type of tool for easy setup and use for your entire organization. Consult with us today!