A DNS filtering service is an alternative to more traditional hardware and software-based solutions for filtering the Internet. A DNS filter works by redirecting the IP address of an organization´s router to that of the service provider and then allowing administrators to set the filtering parameters via an online browser-based portal.
Because a DNS web filtering service is quick to implement, has low maintenance overheads and is inexpensive to operate, it is quickly becoming the “go to” solution for organizations wanting to increase their online security postures and protect their networks from web-borne threats. A DNS filtering service has other benefits for organizations as well.
The Importance of a DNS Filtering Service with SSL Inspection
SSL inspection is a tool within a DNS filtering service that decrypts the content of a “secure” website, checks the content for its integrity, and then re-encrypts the website before allowing an Internet user access to the site. The reason why SSL inspection is so important is because three-quarters of websites – including websites with SSL certificates – have been identified as having security vulnerabilities.
This does not mean that three-quarters of websites harbor malware, but that the potential exists for a hacker to exploit a vulnerability and install malware or phishing forms on the website. Without SSL inspection, an Internet user – even one trained on the dangers of web-borne threats – could inadvertently download malware onto their device from an apparently “safe” website, and then infect the whole of an organization´s network.
Malware downloads can be devastating for an organization. Once an infection spreads through the network, data can be stolen, corrupted, or encrypted. The cost of resolving the infection and the damage it has caused can be substantial, and an organization operating in an industry such as healthcare, insurance or banking could be subject to a regulatory fine and possible civil legal action depending on the damage caused by the malware.
A DNS filter mitigates the risk of downloading a web-borne threat by blocking access to websites known to harbor malware and preventing the download of files types most commonly associated with web-borne threats. A DNS web filtering service can also be configured to eliminate the risks of phishing attacks – thus enhancing an organization´s online security posture further still. Many DNS filtering services check the URL/domain against blacklists of known malicious websites and also check the content of sites in real-time to block new phishing web pages that have yet to be reported as malicious.
Other Benefits of a DNS Filter
In addition to protecting an organization´s networks against the risk on web-borne threats, a DNS filter can be used to restrict access to productivity-sapping websites that employees may utilize for “cyberslacking”. Research has indicated that the average employee wastes around two hours each day on gaming websites, online shopping portals, social media platforms and – significantly – pornographic websites.
It has been suggested some personal web time at work can promote productivity. However, openly viewing pornographic and other objectionable content can result in HR issues and possible legal issues if an organization is taken to court by an upset employee for failing to provide a safe working environment. A DNS web filtering service can prevent this scenario before it occurs and restrict access to other productivity-sapping online activities by individual user, user-group or by time.
The time-based controls on a DNS filtering service are particularly useful if your organization experiences bandwidth issues. By setting the filtering parameters to block access to video streaming websites and online bandwidth-hogging applications, organizations can prevent bandwidth wastage and the scenario in which employees are unable to access the Internet or their emails due to a shortage of bandwidth.
Finally, for organizations in the retail industry, a DNS filter enables you to offer a protected WiFi service to your customers. Free WiFi services are a great marketing tool in an age when consumer decisions are influenced by where they can be online. However, if customers´ devices are infected by malware – or customers are exposed to objectionable content due to an organization offering an unprotected WiFi service – the organization will likely lose more customers than it gains. By using DNS based web filtering, businesses can ensure that all WiFi users – employees, guest users, and customers – are protected from online threats.
The Features of WebTitan´s DNS Web Filtering Service
The primary features and benefits of WebTitan´s DNS web filtering service – WebTitan Cloud – are worth highlighting because many organizations evaluate web filtering solutions based on cost and maintenance overheads – rather than how effective the solution is at doing its job.
WebTitan Cloud has a three-tier mechanism for filtering the Internet using blacklists, category filters and keyword filters. Blacklists blanket-block access to websites known to harbor malware or that disguise their true identity behind a proxy server. Category and keyword filters restrict user access to websites that fall within a certain category or contain a certain keyword.
Organizations have the option to apply whichever category and keyword filters they wish and – with WebTitan Cloud – have the opportunity to create their own customized categories. The three-tier mechanism delivers an exceptional level of granularity so that organizations can fine-tune the content employees and visitors to their business can access.
Malicious URL Detection and Phishing Protection
Our malicious URL detection software checks each request to visit a website against a blacklist of IP addresses from which spam emails are known to have originated. Nine out of ten spam emails in 2016 contained ransomware or linked to a website from which users could inadvertently download ransomware. Websites that have been discovered to have been used for phishing or have been detected as hosting exploit kits or malware are similarly blocked. IP address blacklists are updated in real time as new threats are identified.
Similarly, our phishing protection software is updated in real time as new websites are discovered that have been constructed with the purpose of executing phishing attacks. 99.5% of websites with the word “PayPal” in their URL are fake sites and, due to the sophistication with which cybercriminals are constructing their phishing emails and their fake websites, phishing attacks are getting harder to identify and prevent.
As mentioned at the top of this page, WebTitan Cloud´s filtering parameters can be set and adjusted via an online browser-based portal. This makes it possible to fine-tune the DNS filtering service from any Internet-capable device and eliminates the necessity for organizations with multiple locations to visit each location every time there is a change to an acceptable use policy.
The WebTitan Cloud DNS filter has the all-important SSL inspection that was discussed earlier, plus accommodates multi-lingual filtering as online infections are not an exclusively English language problem. The flexibility of our DNS web filtering service allows for the blocking of a website application, without blocking access to the website itself (useful for organizations that engage in Facebook Marketing but do not want their employees to be able to use Facebook Messenger for example).
Compatibility and Scalability
As WebTitan Cloud is a DNS filtering service that works by redirecting a router´s DNS, there are no compatibility issues. In the event that your organization wants to integrate WebTitan Cloud with existing management tools (Active Directory, LDAP, etc.), our DNS web filtering service is provided with a suite of APIs for backend integration.
Scalability is not an issue either. There is no upper limit to the number of devices that can be protected by our DNS filtering service. Consequently WebTitan Cloud will always be an appropriate web filtering solution should your organization expand. If you need to reduce your workforce, this can easily be accommodated by TitanHQ so you do not end up having to pay for a subscription that you are not using. Details of how this works are given in “DNS Filtering Service Pricing” below.
Due to the SSL inspection process being performed in the cloud, WebTitan Cloud filters the Internet with imperceptible latency. This means that, irrespective of how many devices are using the DNS filter, any delay between typing in a URL or clicking on a hyperlink, and having a permissible website delivered to the device, is unnoticeable.
There are no bandwidth restrictions on our DNS web filtering service; so, if you decide not to block video streaming websites, WebTitan Cloud can cope with the volume of Internet traffic. This can be of particular importance to organizations that operate a WiFi service with multiple hotspots or for an organization with multiple Internet users engaged in bandwidth-sapping activities.
There are a number of good reasons for taking advantage of WebTitan Cloud´s automated reporting. Firstly the reports inform administrators of any web-borne threats that have been blocked and where they originated from. This information can help shape future acceptable use policies or nip potential HR issues in the bud before they develop into more serious problems. The reports also advise administrators of any attempts to circumnavigate the filtering parameters.
The reports also reveal the web-browsing habits of Internet users. If your organization is in the retail industry, and you provide a free WiFi service to customers, this can be a useful tool for creating targeted marketing campaigns and special offers for your customers. It might be ambitious to claim that a DNS filtering service can help increase your sales – but the possibility exists.
DNS Filtering Service Pricing
DNS filtering service pricing is very easy to explain. As there is no hardware to purchase or complicated software installation to perform, there are zero set-up costs. Once implementation of the DNS filtering service is compete, organizations pay a subscription to receive the service – typically around $15.00 per user per year based on the following factors:
- How many people you want to protect.
- Your preferred deployment option.
- Which payment cycle works best for you.
Discounts are available to organizations committing to long-term contracts and monthly payment options exist for organizations on a budget. There is significant flexibility in the licensing terms and licenses can be adjusted upwards or downwards as necessary. For an accurate calculation of WebTitan´s DNS filtering service pricing, please visit our Instant Quote Calculator.
Speak with WebTitan about our DNS Filtering Service
If you have any questions about DNS content filtering in general or our DNS filtering service, our industry-leading customer support team would be delighted to hear from you. Once you have spoken with us, we will invite you to try WebTitan Cloud free for thirty days with no obligation on you to commit to a subscription at the end of your trial period. We believe once you have experienced how DNS based filtering ensures threat-free Internet browsing, you will never want to return to the malware-invested World Wide Web again.