What is DNS Web Filtering?

The number of cyberattacks now being reported by healthcare organizations is forcing a revaluation of cybersecurity defenses and many healthcare organizations are now looking at DNS web filtering to block web-based threats. DNS web filtering is a technique used to control the internet content that can be accessed through an organization’s wired and wireless networks by employees and guests. It is vital cybersecurity measure for blocking phishing, malware, and ransomware attacks.

Why is DNS Web Filtering Important?

The HHS’ Office for Civil Rights publishes summaries of data breaches and its breach portal makes one thing abundantly clear. Cyberattacks on healthcare organizations are increasing and attacks are being reported at unprecedented levels.

The industry is being targeted by hackers and scammers and healthcare organizations are struggling to block cyberattacks. Phishing is a major problem in healthcare and is the leading cause of healthcare data breaches and malware and ransomware attacks have also increased significantly.

Email is the most common attack vector, but phishing attacks also have a web-based component. It is on the internet that credentials are harvested. Email is also used for malware delivery, with hyperlinks included that direct users to webpages where malware is downloaded.

DNS web filtering can be used to block the web-based component of these cyberattacks by preventing network users from visiting malicious websites. If a malicious email bypasses email security defenses and reaches an inbox, a DNS web filtering solution provides time-of-click protection and prevents the user from connecting to a malicious website. Rather than a connection being made to that website, the user is redirected to a local IP address and is presented with a DNS block page explaining that the website cannot be accessed.

DNS web filtering provides protection against malicious content, but it also allows organizations to enforce their acceptable internet usage policies. Policies can be applied to prevent users from accessing NSFW content. A DNS web filter can also be used to block access to illegal content and to control bandwidth usage. In addition to improving an organization’s security posture, content control can result in productivity gains and can prevent HR issues.

How Does DNS Web Filtering Work?

DNS web filtering lets IT teams block malicious web content and control how the internet is used, but how does DNS web filtering work? In order to understand that, it helps to know a little about the process involved in visiting a website and what the Domain Name System (DNS) is.

The Domain Name System (DNS) was developed by Paul Mockapetris in 1983 to support the growth of email communications on the ARPANET and it is now essential for the functioning of the internet. Websites are hosted on computers and are located using a unique IP address; however, IP addresses are very difficult for people to remember. The solution was DNS. This allowed alphabetic website names to be used, which are easier to remember, while computers could still use IP addresses. The DNS connects the domain name of a website to its IP address.

When a user enters a domain name in their web browser, a DNS lookup is performed. A query is sent through the DNS to find the IP address needed by the browser to access the website. A reply is received, the IP address is sent to the browser, and a connection is made to the web server and the website is displayed. This process takes about a tenth of a second.

A DNS web filter uses DNS blocking to prevent access to certain websites. Since DNS is used, this method of web filtering is very quick. Rather than use standard DNS infrastructure to find IP addresses, a web filtering service provider’s DNS infrastructure is used.

The service provider maintains a database of categorized websites and the DNS lookup is made to the service provider. The service provider uses variety of techniques to determine whether a website is malicious, including real-time content scanning, threat intelligence, and blacklists. Policies are also set by administrators on the categories of web content that are permitted and prohibited.

If a user attempts to visit a website that is known to be malicious or violates an organization’s policies, the IP address will not be provided, a connection not made, and the user will be directed to a local block page. If the website is determined to be acceptable, a connection to the IP address occurs and the user can view the website content.

How Much Does a DNS Web Filter Cost?

There are two issues with the cost of a web filter. The first is whether the cost is affordable and the second is how to justify the cost to senior managers. There are many different cybersecurity solutions that can be implemented to improve security and block cyberattacks and only a limited budget available. Senior managers will need to be shown there will be a significant return on the investment.

A cloud-based DNS web filter is likely to be the most cost-effective web filtering solution. There is no need to purchase a costly appliance, these solutions are easy to manage, they do not add to the IT departments patching burden as they are updated by the service provider, and it is usually possible to pay for the solution monthly to spread the cost. That cost is also very low considering the level of protection provided. Licenses for powerful DNS filtering solutions start at a cost of around $1 per user, per month.

It is also easy to justify that cost and provide evidence of the benefits to senior managers by taking advantage of a free trial with a DNS filtering service provider. Over the course of a 2-week trial, you will gather a significant amount of data and can generate reports to show the threats that have been blocked by the solution. You can also show areas where productivity is being lost and identify areas where gains can be made.