Webroot™ DNS Protection
Protective filtering for security, visibility, privacy and control. Minimize risks, maximize safety and productivity on the web.
By using a protective DNS service like Webroot® DNS Protection organizations control their networks and maintain the security, privacy and visibility they need to protect IT infrastructure and users, even those working remotely.
Let our Solutions Specialist help you Today!
Overview
Why do you need a protective DNS service?
Today's businesses need secure, private, manageable and visible control over internet traffic.
- The current domain name system (DNS) simply resolves internet requests through a global system of servers, then translates those requests into their unique Internet Protocol (IP) addresses. But this vital service was not designed with security in mind and many DNS exploits and vulnerabilities now exist.
What does a protective DNS service do?
Webroot BrightCloud® Internet Threat Intelligence to automatically block requests to undesirable, dangerous or malicious internet domains, even encrypted DNS over HTTPS (DoH) requests.
- This filtering alone stops most internet threats before they can infect networks or endpoints. It helps organizations achieve the management control over their DNS connection recommended by the joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS.
Webroot® DNS Protection was built for the future, supporting both IPv6 and DoH so businesses are prepared for the next generation of internet protocols and requests. This means you can protect your users at the DNS layer on modern networks like public hotspots without sacrificing security, privacy, visibility or admin control.
Key Features
How Webroot's DNS Protection service is different?
This fully cloud-based, secure, resilient and reliable DNS service takes just minutes to set up and start protecting your connection, network and users from cyberattacks.
Use reports to drill down into threats blocked by Webroot® DNS Protection and achieve full visibility over internet threats and risky web usage.
Control internet use for users using pre-configured and custom policies by group, device or network - like guest WiFi.
Webroot® BrightCloud Threat Intelligence forms the backbone of our service. Its accuracy, timeliness and reliability is trusted by over 130 of the world's leading technology vendors.
Over 80 URL categories plus Google SafeSearch give you granular, policy-based control to automatically block dangerous and questionable site categories (Adult, Gambling, etc.) and unwanted sites like streaming media.
DNS filtering stops up to 88% of undesirable internet traffic the domain layer, so it never reaches your network. This saves you time, money and minimizes support costs.
Dive Deeper into DNS Protection
Roaming and VPN Users
- Secure your mobile workforce without interfering with the VPNs, firewalls and security tools you already use.
WiFi Hotspots
- Secure WiFi hotspots with DNS protection for guest WiFi to keep guests, customers and reputations safe.
Other Resources
Webroot® DNS Protection and NSA/CISA PDNS service attributes
The NSA and CISA advisory recommends the following attributes of a protective DNS service:
Attributes | Webroot Supported | Method |
---|---|---|
Blocks malware domains | Yes | Using Webroot BrightCloud® Threat Intelligence |
Blocks phishing domains | Yes | Using Webroot BrightCloud® Threat Intelligence |
Malware Domain Generation Algorithm (DGA) protection | Yes | Using Webroot BrightCloud® Threat Intelligence |
Leverages machine learning or other heuristics to augment threat feeds | Yes | Uses the Webroot ML/AI platform established in 2007 |
Content filtering | Yes | Uses up to 80 URL categories, plus Google SafeSearch |
Supports API access for SIEM integration or custom analytics | Yes | Several options for ensuring full logging and visibility of requests with ingestion into SIEM, XDR, MDR, etc. |
Web interface dashboard | Yes | Webroot's new UI/UX makes policy management, reporting and dashboard stats always available |
Validates DNSSEC | Yes | Webroot uses DNSSEC |
DoH/DoT capable | Yes | DoH is uniquely supported natively and is also GDPR compliant where necessary. |
Enables customizable policies by group, device or network | Yes | Comprehensive management controls exist and coverage of both the network and guest WiFi requests |
Deploys across hybrid architectures | Yes | Supports hybrid architectures |