DNS Defense Cloud

Cloud DNS is a domain resolution service that is hosted and managed by an external 3rd party. Cloud DNS provides the benefits of security or content-based filtering, but unlike on-premise solutions, Cloud DNS does not require that a local (in-network) DNS server be deployed and managed.

Cloud DNS solutions are used by forwarding DNS requests to the cloud-based DNS servers providing the Cloud DNS services. Individual workstations, groups of devices, and entire networks can be configured to use a Cloud DNS service by identifying the IP address of the Cloud DNS servers and sending DNS requests to those IP addresses. Often this forwarding is configured on devices that route network traffic to and from the Internet, such as a Router, Switch, or Microsoft's Active Directory.

Organizations typically utilize a Cloud DNS service for security and/or high availability. Cloud DNS services that offer security can prevent DNS resolution of unwanted or unsafe destinations, such as a website that's hosting malware or content that's not appropriate for users to see. Additionally, Cloud DNS services can provide highly available DNS resolution for companies where functioning DNS is critical to their operations, often outperforming local or ISP provided DNS services in terms of robustness, speed, and reliability.

DNS Security (or "Protective DNS") is a vital component of a cybersecurity program because it's proactive in nature, meaning it can prevent a threat or attack prior to damage being done to a network and devices within it.

Before a given computer can connect to another computer or server over the Internet, a DNS request is made. That DNS request translates a domain or hostname, such as www.dangerous-site.com into an IP address, much like the contact list in your smartphone translates names into phone numbers.

Quality Cloud DNS services can identify and prevent these harmful DNS lookups and prevent the computer from connecting to a dangerous resource. Modern services can also report on the blocked DNS lookups to increase visibility and speed-up remediation.

Relative to other IT security products and services, Cloud DNS is typically very affordable, and offers better security performance than most other modern security controls. Cloud DNS benefits from being very easy to implement, and requires no ongoing maintenance or upgrades, making the total cost of ownership very low, while being highly effective at preventing more than 95% of threat types.

Prices for Cloud DNS services can range between $0.75 and $3.00 per protected user, per month, making it more affordable than most modern endpoint antivirus products. Since every device that connects to the Internet uses DNS (laptops, IoT, servers, etc.) everything gains security protection with a Cloud DNS service.

Differences between commercial Cloud DNS services typically come down to three areas: (1) Security coverage and accuracy, (2) Performance and reliability, and (3) Features and capabilities.

Cloud DNS providers utilize threat intelligence data to maintain a database of unsafe and unwanted domains and IP addresses that should be blocked. Some vendors use a single source of data, some use AI or other algorithms to determine if a domain or IP is malicious, and others, like ThreatSTOP, use dozens or even hundreds of threat intelligence sources to make risk and confidence determinations.

In terms of performance and reliability, Cloud DNS vendors should be hosting and managing multiple, or many DNS servers across a broadly dispersed geography to ensure redundancy and reliability, and to provide fast, low-latency DNS services that can outperform the speed of on-premise or ISP provided DNS.

Features and capabilities go beyond nice-to-have's. While basic Cloud DNS services can filter some percentage of bad DNS lookups, mature and well-rounded solutions can also report on what was blocked, the devices involved, and can provide important information about the DNS requests that were blocked, such as threat type, severity, confidence, historical data, and more. Features may include multi-tenancy, email alerts, integrations with other solutions or services, and more. 

Protective DNS is capable of preventing over 95% of active threats and attacks, this is because DNS resolution (translating a domain name to an IP address) is a component of nearly all threat variants and attack types. Everyone relies on DNS for the Internet to work, even the bad guys! By disrupting DNS resolution for malware and attackers, you prevent communication with the attacker, and stop the attack from progressing and succeeding. 

Some of the most common threat types that can be prevented by Cloud DNS include: Ransomware, Phishing, Data theft, Malware, Reconnaissance, Spam, Proxies, Anonymizers, Trackers, Objectionable content (such as porn, weapons, gambling, etc.) and more. 

Depending on the solution, Cloud DNS services can be deployed in under 5 minutes.

Some vendor solutions may take hours, or even days to deploy and become operational - it all varies based on how the solution is constructed and supported. 

Deploying a Cloud DNS solution typically requires signing-up for an account, identifying your public IP address, and configuring devices you use to forward DNS requests to the Cloud DNS servers where filtering occurs.