While MSPs have good reason to be apprehensive about the growing virulence and sophistication of today’s cyberthreats, you should take comfort in knowing that one time-honored security truism still remains valid: The sooner you can thwart an attack, the better. Blocking threats before they enter your clients’ networks is vastly more effective—and efficient—than coping with them after they’ve penetrated those networks and endpoint devices.
Unfortunately, finding a cost-effective internet threat vector solution that is easy to manage, reliable and offers superior protection has been a huge challenge. But there’s good news—you now have a powerful security option thanks to the growing availability of domain name system (DNS) servers with internet protection capabilities.
This availability is particularly timely, as it’s becoming increasingly obvious that organizations across the globe are facing a rapidly-escalating network security problem. The 2017 Global DNS Threat Survey Report from EfficientIP queried 1,000 organizations around the world and found that 76% of the respondents were subject to a DNS attack in the last 12 months (compared to 74% of the respondents in EfficientIP’s 2016 survey).
DNS Security Services Explained
Simply put, DNS security services enable you to quickly establish a protection barrier outside of the network. Operating at the domain layer, these services let you finely tune your clients’ web access policies, and limit access to websites that are considered a risk to their network.
By deploying cloud-based, domain layer security that protects clients externally, rather than relying solely on endpoint protection solutions, you can ensure that most internet threats are contained before they even reach your client’s network. This layered approach, with DNS protection outside the network complementing endpoint protection solutions inside the network, gives you truly comprehensive security—and at only modest cost.
Unlike internet proxy servers or web security appliances, which can be expensive to maintain and manage, DNS protection solutions are a natural fit for MSPs (and the SMB customers they support) because they are simple, lightweight, and convenient to manage and deploy.
These last points are critical because MSPs must not only consider the initial purchase cost of any security solution, but also the time required to install, configure and maintain that solution—and remediate any infections not detected and blocked by that solution.
Of course, all DNS protection solutions are not created equal. When selecting a DNS security product, there are three key criteria you should consider:
- Security: Delivers comprehensive, real-time protection from complete range of DNS-based threats.
- Ease of use: Quick deployment with simple configuration and scalability, without the expense and complexity of web proxy solutions.
- Flexibility: Includes policy management capabilities to ensure compliance with clients’ HR policies, enhance productivity by restricting web access.
Better Security, More Efficiency for Your Clients
As many MSPs could probably attest, complexity is the enemy of security: the more easily a DNS protection product can be configured, the more likely it will be effective in terms of preventing infections. That pays dividends to your clients by reducing their amount of downtime and thus increasing end user productivity.
While delivering maximum security should be the obvious objective of any DNS protection solution, it should also give you the flexibility to accommodate specific policy requirements for each of your clients. This policy management capability is particularly valuable in terms of meeting a client company’s HR compliance needs, whether based on internal policies or industry regulations.
Productivity policies can help an MSP’s clients significantly boost their end user efficiency by removing online distractions. In addition, by using those productivity policies to block undesirable types of traffic such as media streaming, you can also dramatically improve your clients’ network bandwidth.
For greater convenience, a DNS security product should include an extensive range of preset policies and granular filtering options. For example, the Webroot SecureAnywhere® DNS Protection for MSPs solution includes 80 specific site categories (Security, Adult, Productivity, etc.) to help you create the right usage policies for your clients.
Ultimately, of course, the bottom line is about stopping malware. With over 88% of the malicious DNS user requests that have been stopped by Webroot DNS Protection pointing to botnet and phishing sites, it’s more urgent than ever to block these requests before they cause damage.