DNS Filtering is a category of web security solutions that allow admins to prevent users from accessing unwanted web content. This works by filtering domains or IP addresses at the Domain Name System (DNS) level.
When enabled, DNS filtering solutions allow admins to prevent users from accessing malicious websites, or any other pages that go against company policies. DNS Filtering also gives admins more overview into the web content that users are accessing, showcasing potential risks, and alerting admins when threats have been blocked.
DNS Filtering is one of the best ways to protect your users against online threats. They block online viruses and filter access dangerous websites. They also provide reporting of user behaviour online. The products are often very easy to manage and deploy.
To help you find the right product, here’s Expert Insights’ list of the top DNS web filtering platforms. We’ll compare their effectiveness at web filtering, the threat protection they offer, the quality of reporting and the admin controls.
WebTitan Cloud is a robust web filtering solution that provides threat protection and advanced DNS filtering controls. The platform provides protection against malicious webpages, phishing webpages, viruses, ransomware and harmful web content. WebTitan filters over 500 million URLs, and offers a comprehensive policy engine, allowing admins to configure granular content filtering rules and categories. WebTitan Cloud is easy to use and provides strong threat protection for users both in the office and working remotely. WebTitan is scalable, fast and affordable, making it a strong solution for SMBs, MSPs and schools looking for DNS-based web protection.
WebTitan provides content filtering that stops users from accessing malicious or harmful web pages and ensures compliance with legal standards, with a URL classification database used by over 650 million end users. WebTitan also provides threat protection against malware, viruses, unsafe downloads and phishing attacks, with AI-powered engines that can identify zero-day phishing domains and malicious URLs. The service offers remote management and monitoring via API, with no latency. From any location, admins can configure granular polices with per user, per IP, per agent and per group policy options, and generate a variety of reports to ensure the service is effectively catching the web-based threats facing their organization.
WebTitan Cloud is a fast and scalable DNS filtering solution. It provides comprehensive threat protection and is easy to use and manage, making it a suitable solution for SMBs and larger organizations. WebTitan is also a strong solution for education environments, allowing admins to easily configure policies to protect students and ensure compliance standards are met. WebTitan is also popular in the MSP community, providing margin friendly pricing and a fully multitenant environment. Customers highlight WebTitan’s ease of use, cost-effective pricing, granular policies for content filtering and strong technical support.
Cisco Umbrella is a market leading DNS based web secure gateway service. It filters billions of webpages. Cisco carry out advanced research into online threats. This has greatly increased the effectiveness of their online threat protection and detection. The admin controls they offer are highly flexible, providing multiple security policies to make sure everyone in an organisation gets the protection they need. Cisco offer a range of pre-made and scheduled reports.
Cisco is easy to manage, offering admins three levels of content filtering. This allows you to set whether you want a low, medium or high level of filtering for your service. Umbrella is well liked by customers. We’d recommend it to companies who don’t mind paying a higher cost for an easy to use and trusted filtering service.
Webroot offers a fast, light and easy to manage web filtering service. It’s easy for clients currently using Webroot Endpoint Protection to upgrade to this service. Webroot use machine learning and a contextual analysis engine to scan the web and identify threats. This provides a high level of network security, identifying threats in real-time.
Webroot DNS Protection provides effectice content filtering, with 80 categories of URLs that admins can set to be filtered for employees. This includes websites for gambling, gaming and adult content. Admins can views logs of employee activity for full legal compliance and threat monitoring.
Webroot DNS protection is a low cost, high quality service. It’s popular with MSPs because of how easy it is to deploy and how little support it needs once set up. We recommend this service to businesses looking for market leading threat protection, in-depth reporting and logging, and flexible admin policies.
You can read our full review of Webroot DNS Protection here.
DNSFilter is a streamlined DNS Web Filtering solution. It’s a flexible service, driven by API. It is strong at protecting against web based treats, with theat detection powered by advanced machine learning algorithms, meaning it can tell if a webpage is a threat, even if it has never been seen before.
Combining this threat intelligence with anti-virus scanning means DNSFilter offers strong URL filtering. URL filtering can be tuned to company policies, which determines which websites users have access to. One of the big strengths of DNSFilter is the design. It’s very easy to manage, and has an accessible UI. This translates over to the reports, which are concise and easily understood and navigated. The service offers off-network protection for clients who work from home.
DNSFilter is a young platform. It’s lacks some features of competitors, but it is a growing platform, offering strong protection and an excellent user experience. It’s also very cost effective. We recommend this service if you’re looking for web protection which offers great protection at a good price.
Mimecast Web Security provides a comprehensive, cloud-based web security platform. It adds monitoring and security at the DNS layer, to protect users against malicious web activity and malware. With Mimecast, admins can also ensure compliance with acceptable use policies, stopping users from accessing harmful web pages.
Mimecast stops users from being able to access malicious or harmful websites, by inspecting all web traffic in real time. Admins are also able to select policies which control what categories of web pages users are able to visit to enforce acceptable use policies. This helps to protect your organization from web based cyber-attacks, include credential phishing pages. Mimecast provides fast implementation, with web security able to be installed organization wide in less than an hour.
Mimecast has advanced cyber threat intelligence, which means they can offer a high standard of threat protection. Their multi-tenant. Cloud infrastructure provides visibility across tens of thousands of customers globally, meaning they have strong intelligence into emerging threats. Mimecast’s Web Security works well with their email security solution, working across one single, easy to manage platform.
Barracuda Content Shield is a cloud based web security platform that provides content filtering, file-based protection, policy enforcement and reporting. Content Shield provides DNS filtering and URL reporting to protect users from malicious web content. It uses agent-based filtering to ensure that remote users are fully protected, even when they are off the network.
Content Shield provides real-time protection against online threats, powered by Barracuda’s threat intelligence network. It protects users against downloaded files, endpoint files, and malicious web content. Content Shield also provides businesses with visibility at a per user level at activities, and gives admins customizable alerts when malicious activity is detected.
One of the main benefits of the Barracuda platform is its ease of set up and deployment. Users say that the platform is easy to use, with strong visibility into web based threats.
Cloudflare Gateway protects teams from internet security threats, with secure DNS filtering capabilities. Cloudflare protects users by blocking malicious web content. It stops zero-day threats by moving execution of web code from users’ browsers to the Cloudflare edge. Cloudflare also provides organizations with complete visibility into traffic on and off your network.
Cloudflare is known for their DDoS and consumer DNS protection. From these platforms they will see millions of DNS lookups, data which will be unparalleled among some other vendors in the DNS Protection market. This helps to improve the threat protection that Cloudflare offers organizations. Cloudflare also provides in depth visibility into internet traffic. Admins are able to scan for threats, identify compromised devices, identify unsanctioned SaaS applications. Cloudflare is used by organizations of all sizes around the world. Users praise the diverse feature set and the ease of use for the enterprise.
The Avast Secure Web Gateway is a cloud-based web security platform that protects users from web threats before they can enter your network. It allows organizations to secure their network traffic in the cloud, with one easy to use platform. The Avast threat detection network draws from 21 different threat feeds to protect users from threats in real time. The platform has a focus on ease of use and deployment, able to be set up in three easy steps.
Avast’s Secure Web Gateway blocks malicious downloads and known malicious URLs from entering your network, using their intelligent proxy to classify sites as safe or unsafe. Admins are also able to modify sizes of pre-configured block/allow lists and set content filtering rules to ensure safe practices are followed at work. Avast has a strong threat intelligence network, with valuable data from the millions of devices using Avast’s endpoint security solutions.
Avast is designed for use by small security teams and organizations, so it has a focus on ease of deployment and use. The gateway can be deployed within minutes, with a range of security services that are all managed through one admin console.
How Does DNS Filtering Work?
DNS Filtering uses the DNS lookup process to filter access to web content for users connected to the DNS Filtering system.
DNS Filtering services can either filter web content by domain name or by IP address. When filtering by domain name, the DNS process will not take place at all for certain domains. When filtering by IP address, the DNS system will resolve the IP address and domain name, but access to the resolved domain will be blocked for the user requesting the lookup.
In practice for a user, both methods have the same result. When you look-up a blocked domain name, instead of being taken to the webpage you will be taken to a page hosted by the DNS filter. This page should explain that the webpage you have requested has been blocked for being unsafe or inappropriate.
What Features Should You Look For In A DNS Filtering Solution?
If you’re considering investing in a DNS filtering solution, there are a number of important features to look for:
- Real-Time Filtering: It’s important to look for a solution providing real-time filtering of malicious domains, to ensure the best protection against phishing and malware.
- Instant categorization of web content: We recommend solutions that instantly categorize web domains, which provides more comprehensive domain filtering.
- Flexible admin policies: Look for a solution that offers flexible admin controls around filtering, including team-based access controls.
- Comprehensive reporting: Reporting is an important benefit of DNS web filtering, so we recommend looking for a solution with advanced analytics in a reporting dashboard.
- No latency issues: We highly recommend conducting a trial to ensure whichever solution you choose does not slow down web browsing for end users.
- Flexible Pricing: For SMEs and smaller organizations pricing will be an important consideration. We suggest looking for a cloud-based solution with flexible pricing policies.