If you’ve landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS standard used by numerous websites, such as online banking, to protect your privacy when dealing with sensitive information display.
While there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be a major security risk for businesses. That’s because DoH effectively wraps DNS requests in encryption protocols, which prevent traditional DNS or web filtering security solutions from being able to filter requests to malicious, risky, or otherwise unacceptable or inappropriate websites.
Although some DNS filtering solutions are now making moves to modernize, many of them simply provide the option to either allow or block all DoH requests, rather than offering any sort of nuanced control.
“That’s really where Webroot® DNS Protection differs from the competition,” says George Anderson, product marketing director at Webroot, an OpenText company. “Ours is currently the only DNS security product that lets businesses fully leverage DoH and its privacy benefits. Our solution encrypts data using HTTPS to route DNS requests through secure Webroot resolvers to prevent eavesdropping, manipulation, or exploitation of data.”
How a Commercial DNS Filtering Service is a Game Changer
According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.
- First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
- Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
- Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
- It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
- With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
- Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
- A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
- In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
- Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
- Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.
As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.
“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”
– George Anderson, product marketing director at Webroot, an OpenText company
Learn more about Webroot’s answer to DNS filtering or take a free trial of Webroot DNS Protection here.