Category Archives for "Managed Services News"

Jul 24

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 24

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 24

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

Jul 23

SonicWall Research: U.S. Outpaces Globe in Ransomware Attacks

By | Managed Services News

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

New SonicWall research shows U.S. ransomware attacks spiked nearly 110% during the first half of 2020 due to remote workforce vulnerabilities.

That’s according to the midyear update to SonicWall’s 2020 Cyber Threat Report. It highlights increases in ransomware, opportunistic use of the COVID-19 pandemic, systemic weaknesses and cybercriminals’ growing reliance on Microsoft Office files.

The SonicWall research analyzes threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories

While U.S. ransomware attacks jumped 109%, such attacks increased just 20% globally.

Dmitriy Ayrapetov is SonicWall‘s vice president of platform architecture.

SonicWall's Dmitriy Ayrapetov

SonicWall’s Dmitriy Ayrapetov

“The reason behind the significant jump in ransomware in the U.S. is that it’s effective,” he said. “Ransomware is where the money is, and it’s anonymous and safer to the attacker compared to other types of malware.”

Top Findings

Other findings from the SonicWall research include:

  • A 24% drop in malware attacks globally.
  • Seven percent of phishing attacks capitalized on the pandemic.
  • A 176% increase in malicious Microsoft Office file types.
  • Twenty-three percent of malware attacks leveraged non-standards ports.
  • A 50% rise in IoT malware attacks.

The United States, United Kingdom, Germany and India all saw less malware.

“Cybercriminals are increasingly choosing ransomware instead of malware because there is an additional step to monetization between general malware and ransomware,” Ayrapetov said. “With malware … the attacker then needs to take additional steps toward monetization, which are fraught with risks. They have to either sell or actively use the stolen information in order to monetize, which poses an inherent risk as the act of marketing and selling the data may expose the attacker and lead to law enforcement action.”

Also, there are additional risks if the attacker decides to act directly and access systems with stolen credentials or perform identity fraud with stolen personally identifiable information (PII). This also requires more work, he said.

“With ransomware, the victim is instructed to pay directly via cryptocurrency, and from the attacker’s perspective, the process is anonymous and safe,” Ayrapetov said. “With the increase in remote work setups, there are new opportunities to target people via work-related topics because their systems and networks may not be as protective as an office network.”

Phishing and Email Scams

The combination of the global pandemic and social-engineered cyberattacks has proven an effective mix for cybercriminals using phishing and other email scams. Dating back to early February, SonicWall researchers detected a flurry of increased attacks, scams and exploits specifically based around COVID-19.

With over 1.1 million sensors globally collecting threat intelligence around the clock, the SonicWall research highlights the riskiest U.S. states for malware attacks.

In the U.S., California ranks the highest for total malware in 2020. However, it was not the riskiest state, or even in the top half of those ranked. Rounding out the top five riskiest states based on malware spread: Virginia, followed by Florida, Michigan, New Jersey and Ohio.

Interestingly, organizations in Kansas are more likely to experience a malware encounter, as nearly a third of sensors in the state detected a hit. In contrast, just over a fifth of the sensors in North Dakota logged an attempted malware attack.

Attacks over non-standard ports were the highest since SonicWall began tracking the attack vector in 2018. By sending malware across non-standard ports, assailants can bypass traditional firewall technologies. That ensures increased success for payloads.

Two new monthly records were set during the first two half of 2020. In February, non-standard port attacks reached 26% before climbing to an unprecedented 30% in May.

The increase in IoT attacks mirrors the number of …

Jul 23

DNS Requests: DoH Can Help Balance Privacy, Control & Visibility

By | Managed Services News

DoH, applied across the entire system, helps ensure privacy over DNS requests while maintaining control and visibility into network activity.

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS–also known as DNS over HTTPS, or DoH–obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying Ahead of the Curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy Plus Security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, as well as the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When people open a browser on their home network and go to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

 Jonathan Barnett is a Product Manager for Webroot’s business network solutions. With 20 years’ experience as a Network Engineer and MSP, Jonathan has a deep understanding of both the technical and business challenges of the SMB and MSP market. Jonathan currently leads Webroot’s DNS Protection solution, which he has helped guide and shape since its release in 2017.

Jonathan Barnett-Webroot

This guest blog is part of a Channel Futures sponsorship.

>