What is DNS Content Filtering?

DNS content filtering is another term for a cloud-based Internet filter. Rather than use hardware appliances or software installations to protect networks from malware and ransomware, cloud-based Internet filters provides an option for business and Managed Service Providers (MSPs) that do not require a high level of maintenance or place a strain on network resources during the filtering process.

How DNS Filtering WorksThe term “DNS content filtering” derives its name from the way the filtering solution is implemented. Businesses and MSPs simply have to redirect their DNS server settings towards the service provider´s server and the cloud-based Internet filter is ready to go. DNS content filtering is compatible with every type of operating system and automatically configures itself once implemented.

Once configured, network administrators can apply user policies via a web-based management portal. The portal also allows network administrators to monitor Internet activity in real time and pull historical reports to assist with risk assessments and identify unusual port activity – usually a sign of attempts to circumnavigate the filtering parameters.

Cloud-based Internet filtering is just as effective at preventing network users from visiting unsafe or prohibited websites as hardware-based or software-based Internet filtering. Furthermore, as software updates are conducted in real time by the service provider, DNS content filtering is a “set and forget” solution for filtering the Internet with the added advantage of improved network performance.

Why SSL Inspection is an Important Function

Before explaining how DNS content filtering improves network performance, it is important to look at one of the most important functions of any Internet content filter – SSL inspection. During the SSL inspection process, an Internet content filter decrypts, reads and re-encrypts the content of encrypted web pages to ensure they are free from malware and their content complies with user policies.

More than half of the world´s most visited websites use encryption to ensure the integrity of confidential transactions and user conversations, and – more recently – to enhance their rankings in Google´s Search Engine Results Pages (SERPs). However, an https:// prefix or a green padlock symbol no longer means a website is secure – indeed, far from it.

In 2017, online security researchers found that 37% of supposedly secure websites harbored malware rootkits, malware drive-by downloads or malvertising. They also determined that every major ransomware family identified since January 2016 has been distributed at some point via an encrypted website – a threat that can only be stopped by an Internet content filter with SSL inspection.

How DNS Content Filtering Improves Network Performance

The problem with SSL inspection is that it is resource-intensive. Decrypting, reading and re-encrypting encrypted web pages places a tremendous strain on CPUs and, at times of peak web activity, Internet speeds can suffer. It is also possible that some web-based applications such as email will be temporarily unavailable due to the SSL inspection process devouring network resources.

Whereas a possible solution to this problem is whitelisting – allowing trusted websites to bypass the filtering process to relieve the strain on CPUs – whitelisting can be a labor-intensive task for network administrators, and it has its risks. There is no guarantee a trusted website will remain malware-free. An update to the trusted website could expose a vulnerability that is exploited by hackers.

DNS-based content filtering overcomes this problem, and improves network performance, by conducting the SSL inspection process in the cloud – effectively placing the strain on the service provider´s CPUs rather than the business´s CPUs. The filtered Internet service is delivered to network users with imperceptible latency and with no effect on business-critical web-based applications such as email.

DNS Content Filtering Solutions from WebTitan

WebTitan is a leading developer on online security solutions for business. We have been helping businesses protect their networks from web-borne threats for almost two decades and, using feedback from our existing clients, we have developed two cloud-based Internet filtering solutions that have incredible versatility but which have ease-of-use as one of their main features:

  • WebTitan Cloud is a DNS content filtering solution with SSL inspection that protect networks from malware and ransomware, and network users from the threat of phishing. Network managers can control access to non-work related activities in multiple locations from one web portal and choose from a range of pre-configurable reporting options.
  • WebTitan Cloud for WiFi has been especially developed for wireless Internet services. Particularly suitable for businesses that offer a publicly-accessible wireless service or operate a BYOD policy, WebTitan Cloud for WiFi also has SSL inspection to protect networks operating from a single wireless router or a nationwide network of WiFi hotspots.

To find out more about DNS-based content filtering solutions, or to request a free trial, do not hesitate to get in touch. Our team of Sales Technicians will be happy to answer your questions and will discuss your current online security and network configuration to determine which WebTitan solution will be more appropriate for your circumstances. Contact us today, and you could be protecting your network against malware and ransomware with a DNS content filtering solution in less than twenty minutes.


If I use the WebTitan DNS filter, will there be any impact on Internet speed?

WebTitan is a DNS-based web filter, which means filtering occurs at the DNS lookup stage of a web request before any content is downloaded. That means there is no latency, so there will be no perceivable difference in page load, upload, or download speeds, in contrast to more traditional web filtering solutions.

Is it possible to bypass the WebTitan DNS filter?

There are ways that the web filtering controls can be bypassed, and that is true of any web filtering solution. You can block access to anonymizer services, which are commonly used to bypass web filters and you should lock down computers to prevent DNS settings from being changed. If an administrator wants to allow web filtering controls to be bypassed temporarily, it is possible to issue a cloud key, which can be used for a limited time to access content that would normally be blocked.

Will the WebTitan DNS filter cover remote workers?

Yes. WebTitan allows administrators to carefully control the content that can be accessed using all corporate devices, no matter where they are used to access the Internet. You may wish to apply different content controls for remote workers than office-based workers. Administrators have full control and can quickly and easily enforce Internet policies through the web-based user interface.

Does TitanHQ have an MSP program?

Yes. The TitanSHIELD MSP program allows managed service providers to implement and deliver the full range of TitanHQ cybersecurity solutions directly to their client base. Members of the TitanSHIELD program have a dedicated account manager, assigned sales engineer support, access to the partner program hotline and knowledge base, and they get 24/7 priority technical support and access to online technical training material and a host of sales enablement tools.

Is the WebTitan DNS filter equivalent to Cisco Umbrella?

In many respects, the WebTitan DNS filter is a direct swap for Cisco Umbrella but has several important advantages. It is easier to use, the cost is far lower, and customers benefit from industry-leading customer support. WebTitan also has many features for MSPs that are not provided by Cisco. We recommend taking advantage of our free trial to put the solution to the test and see for yourself.