DNS content filtering is another term for a cloud-based Internet filter. Rather than use hardware appliances or software installations to protect networks from malware and ransomware, cloud-based Internet filters provides an option for business and Managed Service Providers (MSPs) that do not require a high level of maintenance or place a strain on network resources during the filtering process.
The term “DNS content filtering” derives its name from the way the filtering solution is implemented. Businesses and MSPs simply have to redirect their DNS server settings towards the service provider´s server and the cloud-based Internet filter is ready to go. DNS content filtering is compatible with every type of operating system and automatically configures itself once implemented.
Once configured, network administrators can apply user policies via a web-based management portal. The portal also allows network administrators to monitor Internet activity in real time and pull historical reports to assist with risk assessments and identify unusual port activity – usually a sign of attempts to circumnavigate the filtering parameters.
Cloud-based Internet filtering is just as effective at preventing network users from visiting unsafe or prohibited websites as hardware-based or software-based Internet filtering. Furthermore, as software updates are conducted in real time by the service provider, DNS content filtering is a “set and forget” solution for filtering the Internet with the added advantage of improved network performance.
Why SSL Inspection is an Important Function
Before explaining how DNS content filtering improves network performance, it is important to look at one of the most important functions of any Internet content filter – SSL inspection. During the SSL inspection process, an Internet content filter decrypts, reads and re-encrypts the content of encrypted web pages to ensure they are free from malware and their content complies with user policies.
More than half of the world´s most visited websites use encryption to ensure the integrity of confidential transactions and user conversations, and – more recently – to enhance their rankings in Google´s Search Engine Results Pages (SERPs). However, an https:// prefix or a green padlock symbol no longer means a website is secure – indeed, far from it.
In 2017, online security researchers found that 37% of supposedly secure websites harbored malware rootkits, malware drive-by downloads or malvertising. They also determined that every major ransomware family identified since January 2016 has been distributed at some point via an encrypted website – a threat that can only be stopped by an Internet content filter with SSL inspection.
How DNS Content Filtering Improves Network Performance
The problem with SSL inspection is that it is resource-intensive. Decrypting, reading and re-encrypting encrypted web pages places a tremendous strain on CPUs and, at times of peak web activity, Internet speeds can suffer. It is also possible that some web-based applications such as email will be temporarily unavailable due to the SSL inspection process devouring network resources.
Whereas a possible solution to this problem is whitelisting – allowing trusted websites to bypass the filtering process to relieve the strain on CPUs – whitelisting can be a labor-intensive task for network administrators, and it has its risks. There is no guarantee a trusted website will remain malware-free. An update to the trusted website could expose a vulnerability that is exploited by hackers.
DNS-based content filtering overcomes this problem, and improves network performance, by conducting the SSL inspection process in the cloud – effectively placing the strain on the service provider´s CPUs rather than the business´s CPUs. The filtered Internet service is delivered to network users with imperceptible latency and with no effect on business-critical web-based applications such as email.
DNS Content Filtering Solutions from WebTitan
WebTitan is a leading developer on online security solutions for business. We have been helping businesses protect their networks from web-borne threats for almost two decades and, using feedback from our existing clients, we have developed two cloud-based Internet filtering solutions that have incredible versatility but which have ease-of-use as one of their main features:
- WebTitan Cloud is a DNS content filtering solution with SSL inspection that protect networks from malware and ransomware, and network users from the threat of phishing. Network managers can control access to non-work related activities in multiple locations from one web portal and choose from a range of pre-configurable reporting options.
- WebTitan Cloud for WiFi has been especially developed for wireless Internet services. Particularly suitable for businesses that offer a publicly-accessible wireless service or operate a BYOD policy, WebTitan Cloud for WiFi also has SSL inspection to protect networks operating from a single wireless router or a nationwide network of WiFi hotspots.
To find out more about DNS-based content filtering solutions, or to request a free trial, do not hesitate to get in touch. Our team of Sales Technicians will be happy to answer your questions and will discuss your current online security and network configuration to determine which WebTitan solution will be more appropriate for your circumstances. Contact us today, and you could be protecting your network against malware and ransomware with a DNS content filtering solution in less than twenty minutes.