DNS threat protection with DNSFilter and SolCyber

As part of our partnership launch with DNSFilter, we talk to Dave Raphael, COO at DNSFilter and David Emerson, CTO at SolCyber about the impact of network security for the modern business and why DNSFilter was a clear partner of choice for SolCyber and an integral part of our Foundational Coverage service.

Provide us with an overview on what DNSFilter | SolCyber does?

Dave: At DNSFilter, we provide protective DNS at the recursive DNS level to mitigate threats in real-time. We rely on internally-built machine learning algorithms to help us identify new threats as our customers see them, all while providing a more secure environment for those using DNSFilter.

I think of DNS as the oxygen of the internet. As it is mostly in the background, we often don’t think about how necessary it is in our day-to-day life. Every system connected to the internet must use DNS in order to function. We provide a filter for that oxygen, zeroing in on the bad particles (sites) and making sure they don’t get through to your end users.

David: SolCyber is a modern managed security provider focused on providing businesses with top tier cybersecurity capabilities they would otherwise be challenged to build and maintain. We package organizational, technological, and policy assets together in a cohesive security program available to our customers at a transparent fee per user.

Provide us with a short description of your role at DNSFilter | SolCyber?

Dave: I’m the COO at DNSFilter, but prior to that I spent roughly a year in the role of Chief Product Officer. Our product, engineering, business operations, and labs teams—a few other things in there, too—all fall under my purview.

In order to deliver a great product that navigates end user privacy, compliance requirements, and overall satisfaction, everything needs to be in sync. I ensure that we fulfill the vision that we promise our end customers. I ensure that we’re working cross-functionally to address end user and customer needs. I see the business as an operating system, and part of my job is making sure all of the different systems are working as they’re supposed to and speaking to one another openly while driving the vision and strategy of the product.

David: I am the CTO at SolCyber, and my team operates the Security Operations Center, provides customer onboarding and support services, and builds integrations between the products we offer to customers as managed services.

Explain what DNS protection is and how it relates to web surfing?

Dave: In the simplest terms, DNSFilter is DNS protection that secures the recursive side of DNS. The moment you type in google.com or click a link, you’re sending a DNS request and the resolver (recursive) DNS will translate your request from a domain name into an IP address for you. DNSFilter will not resolve domains that customers have identified (via policies) not to allow. These can be categories (such as threats, games, gambling) or even specific sites (like a gaming website too many employees are spending time on).

While end users surf the web using networks protected by DNSFilter, there are policies in place to block particular domains that we identify as a threat. This can be particularly important in corporate environments, where you want to lock down what employees are surfing the web for, but also beneficial in public Wi-Fi environments where you don’t want customers accessing malicious or unsavory content.

How important is protecting web connections via DNS for small businesses? How can it provide a better user experience in addition to security?

Dave: DNS is often an overlooked layer because it is easy to forget about the most obvious areas that need to be locked down.  This is exactly why small businesses should protect it. With protective DNS, you stop an attack from even reaching the device in the first place by eliminating the ability for bad actors’ IP addresses to be resolved.

And while security is the primary concern, you can also block unwanted content. For instance, you can create a more productive work environment by disallowing streaming media or social networking like I mentioned earlier.

Lastly, the reporting offered by DNSFilter empowers IT administrators and network professionals with a high-level overview of what end users are accessing. You can slice and dice the data to determine when sites were accessed, on which devices (if deployed via Relay or Roaming Client), and which sites were blocked and allowed. This will enable you to build better policies and beef up your internal security training. This is a key capability required to apply a data informed holistic approach to security.

How are attackers leveraging our reliance on the web?

Dave: Phishing scams are at an all-time high. Phishing alone spiked over 400% on our network between October 2022 and March 2023 according to a recent report we produced with our Sr. Director, Labs, Rebecca Gazda. In healthcare alone, 61% of threat domains encountered were phishing and deception.

The social engineering that threat actors rely on is more comprehensive than ever before. They have social media profiles, public information, forum discussions, employment history, and so many other pieces of information that they can leverage to convince their mark to click a malicious link. You’ve probably received a dozen SMS spam texts with questionable links—you might have received a dozen this week. They’re coming at you in a variety of ways: Smishing, email phishing, malvertising—all of these campaigns are run by threat actors who are taking advantage of our reliance on the internet.

Why did SolCyber see the need to include DNS protection in their Foundational Services offerings?

David: SolCyber aims to provide a practical cybersecurity program, implementable at nearly any business. We don’t want to provide esoteric and limited-interest solutions: if you need those, you might be best suited to build your own security program. As a managed service provider, we need to select our tools and indicators carefully, such that they scale and are useful to the vast majority of our customers. These constraints incentivize the identification of common denominator technologies which we can configure, protect, and/or analyze across nearly our entire customer base. DNS is one such technology: it’s ubiquitous, informative, and critical to all our customers’ operations.

Where do you see the importance of DNS protection in the future?

Dave: DNS protection is a concern for not just every organization, but every person and every service or hardware provider out there. We must protect every click. A single bad click can lead to catastrophic consequences. I see a future where protective DNS is something that’s protected first when teams are spinning up their cybersecurity divisions, as opposed to something they’ll add down the road. The effort put in vs. the impact it makes is a no-brainer.

But I also see DNS being leveraged more in RCA for when breaches do occur. Having data logs and reporting enables you to find that root cause sooner and understand where things went wrong. Visibility and insight has become a huge factor in modern security architectures, and to me DNS is missing from current digital transformation talks. But I think you’ll start seeing it brought up more often as organizations move off legacy tech and into the cloud. Their DNS needs to move into the future, too.

David: DNS was important in the past, it’s important now, and it will remain important for the foreseeable future. This is a foundational standard in our modern world, and there’s a reason national level cybersecurity exercises simulate interruption to DNS. There are a host of vulnerabilities which made DNS a concerning standard, but on the whole, there has been no better broadly useful means of abstracting services from named locations while maintaining their relationship. Being able to say, “we protect one of the most common types of traffic on the internet while improving its performance” may not be catchy, but it’s practical, and beyond the reach of many organizations who don’t have the expertise to appropriately rank cyber risks to their operations.

If you’re considering DNS Protection as part of a managed security program solution, talk to us about how we can help.