The dilemma that Perimeter 81 has always sought to address is simple: In a world where mobile and cloud have moved the network perimeter, how do we provide a complete, scalable security solution that moves along with it?
With our Zero Trust Network as a Service, we’ve so far helped IT teams to pivot their security strategies around users rather than sites or resources, and this month we’re excited to introduce a new feature that makes it easier to implement this type of agile network security.
Perimeter 81’s new DNS filtering tool is a great addition to the array of network security features we offer in our Zero Trust NaaS, but it’s also one of the first one to be offered as a part of our vision to build a complete Secure Access Service Edge (SASE) platform.
Thanks to our highly talented team, and some excellent feedback from our users, we can now offer DNS filtering immediately. We’re excited to show you how to use it to more effectively secure networks for your remote and on-premise employees.
DNS Filtering Feature Goes Live
With a user-centric approach to network security, it’s easier for IT teams to monitor and stay aware of those accessing their organization’s resources, but it’s often not enough. Active measures for blocking entry to certain websites is a cornerstone of any truly secure access management model. This is especially true when hackers create over 300,000 new pieces of malware every day, and when at any given time, it’s estimated that a full 1% of the internet’s 1.5 billion websites are infected.
Being aware of risky internet browsing habits does little to secure your network against the malware that often lurks on these sites – gambling, pornography, and others. This is why as of March 2020, DNS filtering is being rolled out to customers of Perimeter 81 who are using the Premium or Enterprise plans.
How Does DNS Filtering Work?
We recognize that the Domain Name System, or DNS, is used for mapping written URLs to IP addresses, and DNS filtering can be used in the same processes for an opposite result. By typing a URL into your Perimeter 81 DNS Filtering dashboard, you’re telling the DNS Resolver not to resolve the website associated with its IP address and display in internet browsers.
Instead, Perimeter 81 steps in and tells it to show a custom page indicating to the user that the content they’re trying to access is blocked. There are a few ways that IT teams can broaden or narrow which sites are blocked on network-connected devices.
Blacklisting: When any URL is entered into a browser, the DNS Resolver receives a query, and if the name matches any of those that have been typed directly into the Blacklisted URLs field in Perimeter 81 (or uploaded as part of a list), then it cannot be reached by users.
Whitelisting: Web filtering also acts in the other direction as a whitelisting tool, which gives IT administrators more control over the list of web destinations that employees are allowed to access. This two-pronged strategy is vital for herding users away from the bad and towards the good.
Category-Based Filtering: It’s easy to block access to the most popular and often compromised websites by category. Social media, pornography, news sites, gambling and gaming sites, and other categories can be removed in their entirety, and then supplemented with individual additions to either the Blacklisted URLs or Whitelisted URLs fields.
Why DNS Filtering is In Demand
The primary goal of DNS filtering is to block access to resources which shouldn’t be accessed from the company’s network, whether from a PC or user devices that may be accessing resources thanks to a BYOD policy. Blocking serves many purposes, sites may be malware infected, copyright-infringing sites, or just distracting sites. People use their personal devices differently than they do a work laptop, for example, and thankfully web filtering has utility for blocking malicious websites but also phishing emails.
- Block websites: Compromised websites can go about infecting you with malware in many different ways. A drive-by attack simply downloads the malware onto your employee’s computer once the page loads, for instance. It may also try to trick them into downloading malware by clicking a button or banner.
- Phishing emails: A phishing email is intended to get the recipient to go to a fake, yet official-looking website. If the DNS filter is aware of the most notorious fakes and phishing domains it can save a fatal error from being made, and block access to the problematic domain immediately.
More Gateways in New Places
We wouldn’t leave the update at DNS Filtering. Network security features must also be applied efficiently and non-intrusively across networks of any size, granting remote access that is as fast as it is expansive. In pursuit of this need, and thanks to requests from our loyal customers, we’ve continually strengthened our global backbone of data centers (and plan on continuing this trend) by adding the following gateway locations:
- San Jose
Six will be added in the very near future, bringing the total new data center additions to ten.
Sprinting Into 2020
We’re confident that these updates, and those coming in the future thanks to the combined power of SonicWall and Perimeter 81, will bring a better experience for users and we stand by to help you implement them. With a quickly expanding toolkit of network security features, our race towards a holistic, cloud-based SASE platform is happening at a breakneck pace, so stay tuned: It’s only a matter of time until we announce the next steps toward the future of network security.
For a free demo to see how DNS filtering and other Perimeter 81 features work in real-time, click here.