As Managed Service Provider, would you pounce at a tangible opportunity to increase your revenue flow? Would you like to attract more clients from the industry sectors, you are already strong in, and from entirely new sectors? Below we explain what role DNS filtering plays in reaching the mentioned goals and how MSP can use DNS filtering for its own ends and purposes.
What DNS filtering is
Based on the DNS (Domain Name System) protocol, DNS filtering is a technique of blocking dangerous, explicit and unwanted websites or groups of websites with the similar content. DNS filtering allows internet users to access only the useful, entertaining, educational content and avoid heinous and gross stuff like adult and child sexual abuse, pornography, hate and racism-related content, etc.
DNS filtering is a more reliable filtering technique, than any other. DNS filtering helps to block HTTPS (encrypted) sites as well as HTTP (unencrypted) ones. It is possible because the DNS protocol is higher up in the internet protocol hierarchy, than most other protocols. This ability to filter out HTTPS sites is imperative due to the fact that the number of these sites grows by the day as encryption improves user security.
According to cyber security researchers, over 90% of malware uses DNS to carry out malicious campaigns. That is why controlling and filtering DNS is of paramount importance for protection against dangerous and inappropriate internet resources. That is why DNS-layer web filtering contributes significantly to the multi-layered cyber security, not internet censorship. DNS filtering is what SafeDNS provides and what can be of immense help for MSP to protect its clients against cyber threats.
How DNS filtering works to make MSP customers' internet safer
DNS filtering is efficient at improving cyber security of MSP’s clients and their well-being. At the heart of any DNS filtering solution is analyzing and processing user DNS queries. If MSP redirects DNS queries of its client’s network users to filtering servers of a DNS filtering vendor, each of these DNS queries will be analyzed to make sure the users are requesting a site that is allowed by the filtering rules, applied to network users individually or a group of users or to MSP client’s entire networks.
Allowed sites belong to categories of content, considered useful and innocuous – thus, allowed on the client’s networks. If the requested site is recognized as one from such a category, the DNS query is successfully resolved into this website.
Besides, DNS filtering vendors usually provide MSP and its customers with an opportunity to create white lists of internet resources, which are excluded from the overall filtering rules. Whitelisted sites are always freely accessible to the network users. These white lists can also be applied to network users individually or to a group of users or the entire networks of MSP clients.
If the requested site is not allowed by the filtering rules or belongs to a black list of internet resources, which are always banned, the requested site will be blocked. It means this site is not loaded on your client’s user devices and they can not access a single page of this site. Instead of the requested website, users see a block page with some information on why this site is blocked.
DNS filtering is indispensable for MSP to protect customers against the growing amount of phishing and malware on the internet. Cyber criminals love to use phishing links to get web surfers’ personal and corporate information. Phishers’ victims bear the consequences which vary from mildly negative to tremendously devastating, like loss of large sums of money from bank accounts.
Malicious resources are no lesser evil. They infect web-connected devices with any kind of malware damaging the devices’ operating system. Through the infected devices malware creeps onto any network they connect to. Once malware infection occurs, it’s pretty difficult and expensive to detect and get rid of it. That’s why it is much wiser to altogether prevent users from reaching phishing and malicious sites. MSP should not miss an opportunity to block all security-related categories with DNS filtering.
Social media feeds, video steaming sites and other distracting online content are a productivity drainer at all kinds of organizations. If staff’s irrelevant internet activity becomes a serious issue for your corporate customers, MSP can offer employers DNS filtering as an effective tool to block access to any and all non-work related sites. It will be great if MSP reminds the corporate customers to also block content categories which might cause HR and legal issues – for example, porn, sexual abuse, pirated content.
Protecting kids against harmful, gross, and age-inappropriate sites is necessary everywhere the children go online – at home, school, public WiFi hotspots. MSP can work with parents, educators, public WiFi owners to secure networks from any content which is not child-friendly.
Internet-savvy people know that web surfers often see the unwanted stuff even without intentionally looking for it. For example, inappropriate images can appear in online ads, found all over the internet, whether site visitors want to see such ads or not. Some DNS filtering solutions allow users to block web ads. Ad blocking contributes to web surfers’ safety as online ads are often used to distribute malicious payloads.
What to pay attention to when choosing a DNS filtering solution
It is next to impossible to know in advance how good or bad this or that unknown site is. As there are millions of resources on the internet that are extremely harmful and inappropriate for most web surfers. DNS filtering has got MSP and its clients covered. To choose a high quality DNS filtering solution out of dozens of them, MSP should consider its technological foundation, the domain database. It should be precise and include, at the very least, the world’s most popular sites.
The database should be capable of categorizing domains correctly in real or near real time. Only then the DNS filtering solution can recognize the content categories a specific website belongs to. If this is not the case, users of this filtering solution will have the so-called false positives and issues with either overblocking or underblocking.
This means that poor web categorization quality leads to instances of miscategorization, meaning sites are categorized incorrectly. Then good and useful sites are blocked while dangerous and unwanted ones are allowed. Such issues cause customer complaints and more tickets for MSP. You definitely do not need that.
SafeDNS has created a huge, exceptionally precise, dynamically updated web categorization database with over 105M internet resources, distributed into 60 content categories. SafeDNS filtering causes no overblocking/underblocking issues. This has been proved for 4 consecutive years during tests conducted by AV-Comparatives, a world-known test lab. During all the 4 years of testing SafeDNS has had no false positives.
DNS filtering can be applied at an individual device level or at WiFi router/firewall/server level. It is up to MSP and its customers to decide how to implement the filtering – with an appliance, software or cloud-based filtering service. Each implementation method has its advantages.
Usually, web filtering appliances fit in well with what enterprises need. However, clients representing big business are few and far between. The SMB sector is much larger. Among SMB cloud-based filtering services are in demand as they are more reasonably priced, require no additional hardware and software, hence no CAPEX and maintenance. MSP can get more revenue selling SOHO and SMB a DNS-layer cloud filter, than chasing multinational corporations as prospective customers.
SafeDNS offers a lucrative Partnership Program allowing MSP to increase its revenue. The company’s cloud filtering service provides centralized management for all MSP clients of any size and their locations via a simple, intuitive online service dashboard.
It might be important to consider if a DNS filtering provider allows only MSP to create and manage filtering settings or there’s an opportunity for both MSP and its customers to manage the filter. Whatever variant MSP chooses, ensure the filtering solution management meets your demands. Is there a reseller panel for MSP to choose the necessary service plans for its clients and manage all customer settings? Can MSP manage the filtering remotely? Are there any auto provisioning options? These things are vital to make the MSP work much easier and rid you of headache.
Another crucial point is what filtering statistics and reports are available to MSP and the clients? The stats shows internet usage policy compliance, detect any breaches of it and allow MSP to vividly demonstrate to customers how DNS filtering contributes to their network user safety online.
If MSP needs a custom domain for its clients, its logo in the filtering management panel, ask a prospective filtering vendor if it provides white labeling options. White labeling usually adds to the pricing of the filtering solution but white label is a must for those MSP that want to show only their brand to their customers.
How MSP business benefits from DNS filtering
By expanding its range of products and services with DNS filtering MSP can get more revenue, increase ARPU and customer lifetime value. You will avoid capital investments and make profit while making the online environment for the clients cleaner and safer. That is really cool.
There’s another important factor to consider – DNS filtering enables MSP to enter the market segments you haven’t yet worked in. If MSP previously has had nothing to offer non-profits, public WiFi hotspot owners, educational and religious institutions, DNS filtering provides you with a wealth of new possibilities to grow your business in these segments. Waste no time in using the opportunities DNS filtering provides.