What is DNS protection?
Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.
By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses and MSPs can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.
Why businesses need DNS protection
Uncontrolled internet access is a high-risk activity for any business, regardless of size. Faced with today’s sophisticated attacks, endpoint security alone is no longer enough to stay safe from modern cybercrime. In fact, a recent report from EfficientIP found that 77% of businesses around the world suffered at least one DNS cyberattack in 2018. What’s even more worrying: on average, businesses got hit with as many as seven attacks throughout the year.
Per the report, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’ success (and survival).
Why Webroot DNS Protection is different
Skip the hardware and software
This fully cloud-based, secure, and resilient service takes just minutes to set up. Protect your DNS connection, network, and users from cyberattacks.
Get detailed reports on-demand
Drill down into reports on all threats the business would've been susceptible to without DNS Protection in place, and get full visibility into risk and usage.
Enable policies by group, device, IP
Control internet usage for your users using pre-configured and custom policies by group, device or network.
Block threats at the domain level
Over 80 URL categories give you granular, policy-based control to automatically block dangerous and questionable sites (such as Malware and Adult) or unwanted sites (such as streaming media).
Apply leading web classification
Webroot® threat intelligence backs all Webroot products, and is trusted by over 100 leading technology vendors to enhance their services.
Reduce costs relating to infections
DNS filtering stops up to 88% of known malware at the domain layer, so it never reaches your network. It saves you time and money, while also minimizing unproductive web usage.
Built for DoH and the Internet of Tomorrow
Our DNS Protection agent was built for the future, supporting both IPv6 and DNS over HTTPS (DoH), so businesses are prepared for the next generation of internet protocols and requests. This means you can protect your users at the DNS layer on modern networks, like public hotspots, without sacrificing security, privacy, visibility, or admin control.
"With the prevalence of DNS-over-HTTPS likely to accelerate rapidly, organizations need to be planning now on how to maintain strong security controls while ensuring the right level of employee privacy. Rather than simply modifying existing capabilities to address DNS-over-HTTPS, Webroot is ahead of the curve in developing new features and technology to specifically resolve this issue."
— John Grady, Analyst, Enterprise Strategy Group
DNS Protection Now Running on the Google Cloud Platform
Webroot® DNS Protection recently moved to the Google Cloud Platform (GCP) for increased security, performance, and reliability. It now runs on the Google Cloud’s high-redundancy, low-latency networks in 16 regions worldwide to maximize performance.
Our DNS protection also benefits from Google's built-in DoS prevention and mitigation, which enables us to stop attack traffic before it hits the agent core. And because regional deployments can auto-scale with spikes in traffic, even drastically increasing loads won’t increase wait times for requests.