What is DNS Malware Protection?

In order to best answer the question what is DNS malware protection, it is advisable to have an understanding of how DNS filtering works. Fortunately, you do not have to be technically-aware to grasp the basics, and a little knowledge of the subject can help businesses better protect their networks against web-borne threats such as malware, ransomware, and phishing.

A Brief Explanation of DNS Filtering

DNS filtering is based on the Domain Name System (DNS) – a system of assigning IP addresses to websites. When an Internet user clicks on a link or types a domain name into their browser, the browser locates the IP address for the target website and connects the user. The system works very much like how a telephone exchange connects phone users by phone number rather than by name.

How DNS Filtering WorksHowever, not all websites are safe to visit. Therefore an Internet filter with DNS filtering checks the IP address against a database of IP addresses to make sure it has not been flagged as unsafe. Because IP addresses are numeric, the process is much quicker than if a server had to check an alphanumeric domain name against an alphanumeric database of blacklisted websites.

The primary benefits of DNS filtering are that the process is quick and it uses minimal bandwidth. DNS filtering helps protect networks by only processing valid IP addresses and by blocking access to unsafe websites. Please note the functions of a DNS-based filter should not be confused with those of a Domain Name Server, which accelerates the speed at which devices can find websites, but does not offer any form of protection against malicious websites.

Maximizing the Effectiveness of DNS Malware Protection

The effectiveness of DNS malware protection is subject to what databases are used to check IP addresses, and how frequently they are updated. At a minimum, Internet filters should use a DNS Black List database (DNSBL) that updates in real time, but to maximize the effectiveness of DNS malware protection, it is advisable for a filter to also use URIBL and SURBL databases.

URIBL databases contain lists of IP addresses that are vulnerable to exploitation by cybercriminals and that likely harbor malware and ransomware or other malicious software such as adware, spyware, and browser hijacking software. SURBL databases contain IP addresses relating to websites linked to in spam emails. These websites are likely candidates to be phishing websites.

Using all three databases only marginally slows the DNS filtering process, but significantly increases DNS malware protection. Typically Internet users do not even realize their browsing experience is being filtered until such time as access to a website they want to visit is blocked. The bottom line is the more databases used, the greater the protection against malware, ransomware and phishing.

The Secondary Capabilities of Internet Filters

As well as there being levels of DNS malware protection according to the number of databases used, the secondary capabilities of Internet filters can often help determine which is most appropriate for a business. These include, but are not limited to category-based content filtering, keyword-based content filtering, SSL inspection, and multi-language support.

Category-based content filtering is probably the most important for many businesses. This capability blocks access to websites according to the category of their content, and can help improve productivity in the workplace by preventing employees viewing online porn, visiting online retailers, or cyberloafing on sports websites or social media platforms.

Keyword-based content filtering is an extension of category filtering that blocks access to online content and web applications by keyword. In order for this capability to be effective, the Internet filter has to have SSL inspection (in order to be able to read the content of encrypted websites) and support multiple languages as cyberloafing activities are not exclusively English.

Find Out More about Web Threat Protection

If you would like further information about DNS filtering, DNS malware protection, or the secondary capabilities of Internet filtering, do not hesitate to contact us. Our team will be happy to answer any questions and explain about our DNS filtering service – WebTitan Cloud – which uses DNSBL, URIBL and SURBL databases to maximize DNS malware protection.

If you would like to experience the high level of protection and the versatility of WebTitan Cloud´s secondary capabilities in your own environment, please do not forget to ask about our free trial offer. This gives you the opportunity to compare WebTitan Cloud against your existing Internet filtering solutions to witness its ease of use and extensive range of tools to better protect your network against malware, ransomware and phishing.