The number of cyberattacks now being reported by healthcare organizations is forcing a revaluation of cybersecurity defenses and many healthcare organizations are now looking at DNS web filtering to block web-based threats. DNS web filtering is a technique used to control the internet content that can be accessed through an organization’s wired and wireless networks by employees and guests. It is vital cybersecurity measure for blocking phishing, malware, and ransomware attacks.
The HHS’ Office for Civil Rights publishes summaries of data breaches and its breach portal makes one thing abundantly clear. Cyberattacks on healthcare organizations are increasing and attacks are being reported at unprecedented levels.
The industry is being targeted by hackers and scammers and healthcare organizations are struggling to block cyberattacks. Phishing is a major problem in healthcare and is the leading cause of healthcare data breaches and malware and ransomware attacks have also increased significantly.
Email is the most common attack vector, but phishing attacks also have a web-based component. It is on the internet that credentials are harvested. Email is also used for malware delivery, with hyperlinks included that direct users to webpages where malware is downloaded.
DNS web filtering can be used to block the web-based component of these cyberattacks by preventing network users from visiting malicious websites. If a malicious email bypasses email security defenses and reaches an inbox, a DNS web filtering solution provides time-of-click protection and prevents the user from connecting to a malicious website. Rather than a connection being made to that website, the user is redirected to a local IP address and is presented with a DNS block page explaining that the website cannot be accessed.
DNS web filtering provides protection against malicious content, but it also allows organizations to enforce their acceptable internet usage policies. Policies can be applied to prevent users from accessing NSFW content. A DNS web filter can also be used to block access to illegal content and to control bandwidth usage. In addition to improving an organization’s security posture, content control can result in productivity gains and can prevent HR issues.
DNS web filtering lets IT teams block malicious web content and control how the internet is used, but how does DNS web filtering work? In order to understand that, it helps to know a little about the process involved in visiting a website and what the Domain Name System (DNS) is.
The Domain Name System (DNS) was developed by Paul Mockapetris in 1983 to support the growth of email communications on the ARPANET and it is now essential for the functioning of the internet. Websites are hosted on computers and are located using a unique IP address; however, IP addresses are very difficult for people to remember. The solution was DNS. This allowed alphabetic website names to be used, which are easier to remember, while computers could still use IP addresses. The DNS connects the domain name of a website to its IP address.
When a user enters a domain name in their web browser, a DNS lookup is performed. A query is sent through the DNS to find the IP address needed by the browser to access the website. A reply is received, the IP address is sent to the browser, and a connection is made to the web server and the website is displayed. This process takes about a tenth of a second.
A DNS web filter uses DNS blocking to prevent access to certain websites. Since DNS is used, this method of web filtering is very quick. Rather than use standard DNS infrastructure to find IP addresses, a web filtering service provider’s DNS infrastructure is used.
The service provider maintains a database of categorized websites and the DNS lookup is made to the service provider. The service provider uses variety of techniques to determine whether a website is malicious, including real-time content scanning, threat intelligence, and blacklists. Policies are also set by administrators on the categories of web content that are permitted and prohibited.
If a user attempts to visit a website that is known to be malicious or violates an organization’s policies, the IP address will not be provided, a connection not made, and the user will be directed to a local block page. If the website is determined to be acceptable, a connection to the IP address occurs and the user can view the website content.
There are two issues with the cost of a web filter. The first is whether the cost is affordable and the second is how to justify the cost to senior managers. There are many different cybersecurity solutions that can be implemented to improve security and block cyberattacks and only a limited budget available. Senior managers will need to be shown there will be a significant return on the investment.
A cloud-based DNS web filter is likely to be the most cost-effective web filtering solution. There is no need to purchase a costly appliance, these solutions are easy to manage, they do not add to the IT departments patching burden as they are updated by the service provider, and it is usually possible to pay for the solution monthly to spread the cost. That cost is also very low considering the level of protection provided. Licenses for powerful DNS filtering solutions start at a cost of around $1 per user, per month.
It is also easy to justify that cost and provide evidence of the benefits to senior managers by taking advantage of a free trial with a DNS filtering service provider. Over the course of a 2-week trial, you will gather a significant amount of data and can generate reports to show the threats that have been blocked by the solution. You can also show areas where productivity is being lost and identify areas where gains can be made.
Some DNS-based web filtering service providers do not have flexible pricing policies, so you will have to pay for a minimum number of users which may mean that you are end up paying for capacity that is not being used. You should also carefully check hat is included with your package. Support is not always included in the price and may cost extra with some service providers.
Most DNS-based web filters will allow you to generate reports that show you a real time view of Internet access. Reports can also be generated to show you attempts to access content that have been denied, and the reason why access was blocked. DNS filters give you full visibility in the online activities of users.
DNS filters give you total control over the web resources that can be accessed by users, and many have highly granular controls. You can set organization-wide policies, set filtering controls for certain geographical locations, departments, user groups, and individuals. Solutions that integrate with Active Directory or LDAP will make this less time consuming.
You should carefully assess the available options, as while most DNS filtering service providers cater for MSPs, many solutions are quite restrictive. An MSP-focused service provider will offer flexible billing, will charge you for number of seats and will adjust up and down without penalty, allow you to host the solution within your own environment, and provide the solution in white-label form for you add your branding.
Evaluate a few solutions before committing to a purchase, including checking review sites such as G2, Capterra, Software Advice, and Expert Insights for reviews from genuine users, and take advantage of free trials to check whether the solution works as it should and has all the features you need.