If you’re looking for a solution to take your organization’s security posture from good enough to robust, DNS filtration is a great next step.
Malicious actors are continually evolving their attack techniques, so antivirus, anti-spam, and firewalls – the traditional go-to security solutions – should only be part of how you secure your sensitive information.
In fact, permanently deploying a DNS filter is one of the most common recommendations The KR Group’s security team gives businesses looking for ways to bolster their security defenses.
DNS filters add another layer of protection by stopping malicious and suspicious traffic at the DNS level.
In real-time, your DNS filter compares your DNS queries to a database of unsafe or blacklisted domains. If the query shows up on that database, the DNS filter will alert and prevent the user from accessing the domain.
Finding what solution you want to do that work isn’t always straightforward, however.
A generic Google search for DNS filters will turn up multiple options, and it can be overwhelming to determine which option you should pursue.
What to look for in a DNS filter
When looking for the best DNS filter, you want one that will meet your needs and provide premium security services.
What are you looking for exactly? Any DNS filter you even consider implementing should include the following features:
- Enterprise-grade technology that can handle the amount of traffic produced by a business
- Reporting functionality to track user behavior online
- Protection for all corporate endpoints, both on-premises and remote
Not all DNS filters on the market meet those requirements. However, there are a few that our security team approves of. These include, in no specific order:
- Cisco Umbrella
- TitanHQ WebTitan
- BlueCat DNS Edge
- Webroot DNS Protection
We’ll review some of the features of each solution below. However, all of these solutions are robust, and we encourage you to research or reach out if you have more questions about the options.
Cisco Umbrella DNS Filtration
In a nutshell, Cisco Umbrella (formerly OpenDNS) is a cloud-delivered security platform that secures internet access and controls cloud app usage across networks, branch offices, and roaming users.
This single platform provides network protection through a secure web gateway, cloud-delivered firewall, DNS-layer secure, and cloud access security broker (CASB).
It also utilizes threat intelligence from Cisco Talos to uncover and block various malicious domains, IPs, URLs, and files used in an attack.
With Umbrella’s roaming client functionality (which is a paid add-on), you can source threats and attacks to remote users even when they aren’t connected to your VPN.
Of course, being managed by Cisco comes with additional perks, including seamless integration with other Cisco systems and support from Cisco’s Technical Assistance Center.
The most significant benefit of Umbrella is it’s backed by one of the largest databases of bad domains based on real-time data. You’ll be protected from emerging threats.
To be entirely transparent, this is the DNS filter The KR Group uses for our security assessments and managed IT services. It is also the option we typically recommend to clients interested in solutions to bolster their security posture.
Access our free Cisco Umbrella FAQs sheet to learn more about what this solution can do.
TitanHQ WebTitan
WebTitan is another cloud-based DNS filtration option.
TitanHQ boasts of this solution’s low overhead maintenance, filtering mechanism, and granularity. With SSL inspection, it can protect your environment against online threats and automate reports to help your IT team enforce acceptable use policies.
Two of this solution’s most significant features are how it is universally compatible and infinitely scalable.
WebTitan integrates with Active Directory, LDAP, and other management applications to make it easier for you to administer. As a cloud-based solution, the IT administrator can access the portal remotely.
BlueCat DNS Edge
BlueCat DNS Edge monitors DNS traffic at a client level and applies policies to control traffic. This helps you identify compromised devices, protect against insider threats, and spot lateral movement of malware.
In simpler terms, BlueCat DNS Edge detects, blocks, and quickly remediates cyberattacks at the DNS level.
Some of BlueCat’s noteworthy features are:
- External threat feeds to filter out known bad domains
- Ability to create custom security policies
- Protection for internal and external DNS traffic
Overall, this solution provides visibility, control, detection for enterprise networks susceptible to malware attacks.
Those looking to maximize their DNS security can integrate BlueCat with Cisco Umbrella for valuable context and comprehensive visibility.
Webroot DNS Protection
Webroot has recently entered the DNS filtration market with its own solution. Like other DNS filters, Webroot DNS Protection is cloud-based and offers insight and reports to help you analyze threats it has protected you against.
It offers 80 URL categories for you create custom policies with and provide granular control to black dangerous and susceptible sites (such as malware or adult content) or unwanted sites (such as streaming media).
Webroot’s differentiator is how it supports encryption with DNS over HTTPS (DoH), which improves network privacy, security, and overall resiliency.
By offering DoH security, Webroot DNS Protection provides control options around privacy and security to keep DNS filtering functional and customizable.
Choosing your DNS filter
How do you know which option is right for you?
It depends on what features sound like the best fit for your environment.
- If you already deploy multiple Cisco solutions, Umbrella is a good choice because it will integrate with your existing systems.
- If compatibility and scalability are a top concern of yours, WebTitan may work best.
- If you’re looking to maximize your DNS security, you may consider implementing BlueCat with Cisco Umbrella for the deepest insight.
- If DoH encryption is a significant security concern, Webroot DNS Protection has the technology to meet this need.
As a Cisco partner, The KR Group primarily sells and deploys Cisco Umbrella. However, we’re willing to talk with you about different options. If you’re ready to see what a DNS filter can do for your organization, you can also test Cisco Umbrella risk-free for 14 days.
