The need for DNS security
Email and the web are source of nearly all security incidents and breaches, and more than 90% of malware and domain spoofing attacks target uses the web – and DNS specifically – to successfully gain unauthorized access and compromise sensitive data. Yet despite the severity of this threat, a large number of organizations don’t monitor or filter their DNS activity at all.
This DNS security problem is made markedly worse by the trend toward a more mobile workforce, with users working outside the office – and outside the protection of corporate firewalls and other defenses. Employees also increasingly use work devices to browse Internet sites unrelated to their jobs, increasing the risk of an attack that used the web to enter.
Most organizations simply don’t have DNS security solutions that can effectively monitor the DNS layer to filter malicious or unacceptable uses of the web, and many organizations lack any DNS security defenses whatsoever. For some organizations, this may be due to a lack of resources. For others, it’s the reality of being saddled with disjointed, on-premises security systems that are rapidly becoming obsolete.
Mimecast Web Security provides a cloud-based solution that addresses these issues, enabling organizations to quickly, easily and cost-effectively add a DNS security-based service to their security portfolio.
Stop threats with Mimecast DNS security solutions
As an industry leader in solutions for email security, cyber resilience and information archiving, Mimecast now also provides web and DNS security with Mimecast Web Security. This simple but highly effective service functions as a web security gateway to protect against malware and malicious web activity and usage that may be initiated by a user action.
When a user makes a request for a web-based resource – for example, clicking a link or typing an address into a browser – the request is sent to Mimecast Web Security for resolution, inspection and filtering. Mimecast evaluates the safety and acceptability of the web resource based on advanced threat intelligence gathered from visibility into tens of thousands of email and web security clients globally as well as using multiple types of analytics and threat intelligence sources. Mimecast also evaluates the web resource based on the organization’s acceptable use controls and bypass exceptions, which may deem certain websites or categories of web resources unacceptable for business use.
If the web resource is determined to be safe and acceptable, the user is allowed access immediately, without delay. But if the resource is found to be malicious or inappropriate, the user is blocked from accessing it and notified via a customizable block page.
Advantages of Mimecast DNS security services
Mimecast Web Security solutions are easy to implement and manage, and enable organizations to improve web security by:
- Blocking users from visiting malicious sites or sites that are inappropriate for business use.
- Protecting data from exfiltration.
- Protecting employees whether they are on or off the organization’s network.
- Preventing devices containing malware from communicating with the cyber criminals
- Inspecting files downloaded from the web to make sure they are free of malware and safe to open.
- Controlling the types of websites that employees are able to browse.
- Getting greater visibility into how employees use the Internet for work.
- Simplifying administration via a cloud-based solution that can be managed from a single administrative console.
Mimecast Web Security services are built on a multi-tenant cloud architecture that enables fast and easy scaling, and IT teams can leave the monitoring, management and upgrading of the DNS security system to Mimecast.
Security for email and the web in a single service
Mimecast Web Security integrates with the Mimecast email security service to provide a cloud-based solution for email and web leveraging DNS. This integrated service protects the two most targeted vectors – email and the web – while enabling security policies to be consistently applied throughout the organization. Administrators can automatically apply policy configurations, directory synchronization, user accounts, roles and permissions, branding and audit reporting to both email and web security, accelerating deployments and simplifying administration.
DNS security FAQs
What is DNS security?
DNS security refers to technology, protocols and other protective measures intended to prevent cyber criminals from initiating malicious attacks on an organization’s Domain Name Server, or DNS, the technology that converts user-friendly web addresses to IP addresses that computers can read. The DNS layer can also be used as a point of enforcement for an organization’s outbound web requests, ensuring that employees and the organization’s systems can only reach acceptable and non-malicious web sites.
Why is DNS important for web security?
Using DNS as a point of web security enforcement is critical point in a multi-layered defense. Email and the web are used to manage and deploy 99% of malware1, and the Domain Name System is typically central to this activity.