DNS content filtering for MSPs: What to look for when evaluating SaaS vendors’ solutions and tips for choosing a product that protects against web-based threats and requires minimal maintenance by the MSP.
Cyberattacks have been increasing and no business is too small to be attacked, with many cybercriminal groups now focused on attacking SMBs. The rewards for a successful attack are much lower than an attack on a large enterprise, but the effort required is lower and the attacks are less likely to attract a major law enforcement response. SMBs are increasingly turning to MSPs to protect against damaging cyberattacks as SMBs tend not to have the time, resources, or technical know-how to implement and manage layered security solutions.
The key to a strong security posture is to adopt a defense-in-depth strategy, which incorporates multiple overlapping layers of protection. Firewalls are required to protect internal networks, a spam filter is required to block email-based attacks, endpoint security is needed on all endpoints, and DNS content filtering is important for protecting against web-based attacks. The latter is often missing from SMB defenses, which provides MSPs with an opportunity to easily improve their clients’ security posture. DNS content filtering for MSPs adds a vital extra layer and is an important service to add to an MSP’s software stack.
DNS content filtering allows MSPs to control the web content end users can access, prevent visits to malicious websites, block malware downloads, and block attempts to visit phishing websites. These solutions can also detect malware communications through the DNS, tipping MSPs off about malware infections that have evaded endpoint detection solutions.
DNS-based web filtering is the logical choice for MSPs, as there is no need to purchase and maintain any hardware, as the hardware is maintained by the service provider. All that is required to get up and running and start filtering out malicious and unwanted web traffic is to make a change to a client’s DNS server and point the DNS to the service provider.
There are many DNS filtering options available to MSPs, but not all have been developed from the ground up with MSPs in mind. Consequently, some solutions do not have the features MSPs need to make it easy to add DNS content filtering to their service stacks. Many solutions are available that provide excellent protection against web-based attacks, yet they are difficult to implement and time-consuming to manage. It pays to do some research to find a solution that has the features MSPs need that allows MSPs to add web filtering to their software stacks and provide a managed web filtering service to clients without having to commit a lot of valuable time and resources to manage the solution. Getting new clients set up should be a quick and easy process. Setting up new clients and new WiFi hotspots should only take a few minutes. For most clients, once the solution has been configured there should be little required in the way of maintenance.
Web filters today accurately categorize web content and have highly granular controls to prevent the overblocking of web content. When legitimate content cannot be accessed, manual changes are required to allowlist certain domains and URLs. Look for a solution with granular controls that accurately categorizes web content as this will reduce the allowlisting burden.
MSPs should look for a solution that integrates with directory services (LDAP and Active Directory) as this makes configuring the solution and applying different filtering controls faster and easier, and management will be far simpler if the solution has a single pane of glass view of all clients. Many vendors support MSPs by providing a suite of APIs that allow the solution to be incorporated into backend systems. Supporting a business with a hybrid workforce can be a problem with some DNS content filtering for MSPs. Look for a solution that includes a client that can be installed on the devices of remote workers, to extend protection to employees that work from home.
When evaluating solutions check the reporting options. The ability to automate client reports will save management time, and accessing data, such as real-time views of internet activity, should be a quick and easy process. Some solutions have overly complicated interfaces which make management a pain.
Other MSP-friendly features that are surprisingly lacking in many products billed as providing easy DNS content filtering for MSPs include the ability to host the solution within an MSP’s infrastructure, white label products ready to take an MSP’s branding, and usage-based pricing and monthly billing.
DNS content filtering for MSPs should be easy to implement and require little maintenance and should significantly improve your clients’ security posture. Consult independent review sites such as Gartner, Spiceworks, Expert Insights, G2, PeerSpot, and Reddit to get a view of the best solutions for MSPs and to get feedback from other MSPs on products that they have found to be easy to use. Also take advantage of any free trials to test the solution to assess usability and management, in addition to the product’s threat-blocking capabilities.