#trusted
partner
Who's In Your Cloud?
Who's In Your Cloud?
Episode 7: DNS and Web Filtering
/

Episode 7: DNS and Web Filtering

Dec 14, 2021 | CYBERSECURITY, Who's In Your Cloud?

Who's In Your Cloud Blog Header Image

Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. I’m Lauren Lev, Marketing Manager for TechOnPurpose, and this is Episode Seven: DNS and Web Filtering

In our last episode, we discussed endpoint security and the recent evolution into endpoint detection and response. With the help of our cyber expert cast, we learned why the vital need for endpoint security, management, and visibility has never been greater- and how to avoid compromised data through the use of Endpoint Detection and Response & Endpoint Security.

Today, we’re focusing on protective DNS and web filtering. In particular, the ability to ensure a highly secure, private and resilient connection for networks and user endpoints that incorporates threat intelligence to automatically block requests to undesirable, dangerous, or even malicious internet domains. We’re thankful to our cyber expert cast joining us today from Cisco, Scout DNS, TBI and Webroot as they help us educate our clients and prospects on the road to #secure, reliable, trusted technology!

Don’t forget we’ll be releasing a new episode every Tuesday, starting 10/20/21 through late spring of 2022, with brief time off for holidays with family and friends.  We’ll also follow each Tuesday episode release with subsequent Wednesday, Thursday, and Friday posts highlighting our (3) contributing solution partners from that week’s episode.  We hope you’ll find this an immersive, hopefully simple, educational, and enjoyable experience.  So how do you tune in?

To easily follow the journey ahead, we’ve diversified your access options to all (23) of our coming episodes. You can follow along here on our blog or by any of the following methods:

  • Email Newsletter: sign up at techonpurpose.net/blog and have each episode delivered directly to your inbox when released.
  • LinkedIn:  follow here
  • YouTube:  follow here
  • Facebook:  follow here
  • Podcast:  follow here

Buckle up – it’s time to hit the road to #secure, reliable, trusted technology!

 

 

Lauren Lev  
Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. I’m your host as always, Lauren Lev, Marketing Manager for TechOnPurpose, and this is Episode Seven on DNS and Web Filtering. In our last episode, we discussed endpoint security and the recent evolution into endpoint detection and response. If you missed any of our first six episodes of this, “Who’s In Your Cloud?” series, you can review those anytime on LinkedIn, Facebook, YouTube, or Spotify. And to make it easier on yourself, you can get direct delivery to your inbox by signing up for our blog at TechOnPurpose.net/blog. Today, we’re focusing on protective DNS and web filtering. In particular, the ability to ensure a highly secure, private and resilient connection for networks and user endpoints that incorporates threat intelligence to automatically block requests to undesirable, dangerous, or even malicious internet domains. But before we get into it, let’s introduce our cast. We have returning VIP cast member Jim Bowers, Security Architect from TBI. We always love when you join us, Jim.

Jim Bowers  
I am so glad to be here.

Lauren Lev  
Yes, it’s been a while. 

Jim Bowers 
It has been a while. 

Lauren Lev  
Well, welcome back. Next up, we have two back-to-back returning cast members joining us. We have Cisco’s Technical Solutions Specialist, Andrew Griffin and Blair Swartz, Channel Account Manager for Webroot. So, you guys must be having fun if you’re going to join us on back to back to back episodes.

Blair Swartz  
Absolutely. I missed you guys so much. And I just thought you know, any chance I can get to be on video and to talk security with you all, I’m going to hop on it.

Lauren Lev  
 Nice. I like it. 

Andrew Griffin  
100%. Yep. Especially when we’re talking about DNS and web proxying. Here, this is the the bread and butter of everything. So always, always a pleasure to be on here and appreciate the invite back.

Lauren Lev  
Awesome. That’s what we like to hear. So on the other end of the spectrum, we have an entirely new cast member joining us today, the founder of Scout DNS, Tim Adams. So you’re dealing with some veterans here, but you’ll get the hang of it really quickly.

Tim Adams  
That’s great. I heard there was a real party going on here and I was waiting for my invite. Got one, so I’m really excited to have it. So glad to be here today.

Lauren Lev  
Perfect. Yeah, we are happy to have you. So Matt, he is our last cast member for today. And as you probably know, at this point, he is the Founder and CEO of TechOnPurpose.

Matt Tankersley  
Hey everybody! 

Lauren Lev  
Awesome, awesome. Okay, so Matt, we’re gonna take it to you first, what should the audience know about DNS and web filtering right out of the gate?

Matt Tankersley  
Sure thing and let me again, thank you, Lauren and thank you to our returning guests and our many viewers who are looking to learn more about simplifying this complex conversation in cybersecurity. And, Tim, let me tell you, because you hadn’t been here before, I can’t remember if we had the pre-casting call or not, but we’ve really got two requirements here, man be sassy and be savvy. So I hope you have some fun. And Andrew laughs because he’s good at that, and of course, all these guys are. You know, let me start by clarifying the topic of the day before we give each of our cast members an opportunity to tell the audience who they are, and a bit more about their individual organizations. So DNS is a deep topic in and of itself. And we could probably dedicate an entire series to the many applications of DNS in cybersecurity and cyber risk, right? So for clarity in today’s conversation, what we’re going to do is we’re going to focus on how we can use DNS to proactively protect our networks, endpoints and users, regardless of where those users are working from. That’s very important. What you didn’t hear me say about DNS is anything to do with DDoS, or protection of our domains and our email authority. We’ll cover those in some future conversations, right? So as we get ready to turn the conversation for the day over to the real experts that are here with us, let’s talk about some very vital statistics that are driving this topic right? Number one, over 1/3 of all cyber attacks are deployed via DNS. That’s pretty important, right? 94% of malware is spread through email, and over 18,000 phishing sites are registered each day. So, what does DNS have to do with any of that? Well, we’re gonna answer that question today. And we’re gonna also address the critical necessity for DNS protect- excuse me DNS protection, and web filtering. And hopefully, it’ll be crystal clear. But for now, Lauren, let’s go ahead and meet our cast. And then we’ll get focused in usual fashion in two areas, what are the issues that warrant this focus conversation in this enhanced level of protection, and two, how do each of your contributing, each of our contributing cast members tackle the issue with our individual offers.

Lauren Lev  
Perfect. Yes. Thanks, Matt. So Jim, you know, this goes as our VIP cast member, you’re up first, tell us about your role as Security Architect at TBI.

Jim Bowers  
Absolutely. So, Security Architect at TBI, I’m a resource for all of our 2000 partners to enable them to start selling all things cybersecurity. So we have, we’re a technology distribution provider. So, we have multiple of these providers that are vendors that are on the call today and we leverage their services. So I’m the technical- I build out the cybersecurity vendor portfolio, as well as enable our partners to start selling cybersecurity in multiple fashions. For example, DNS proxy type of services.

Lauren Lev  
Tim, as our newest cast member, we’ll have you go first, tell us a little bit more about Scout DNS. 

Tim Adams  
Sure. So, Scout DNS is a company I founded back in 2017. You know, we built a product around 2016, after Cisco had acquired open DNS. And so, we felt there was a need kind of in that smaller to mid markets, for other solutions out there for, you know, DNS layer filtering. And you know, DNS filtering, I think kind of grew up pretty heavily around the idea of content filtering. But as we’ve seen over the last several years, a much bigger role for DNS layer security, that I think is- actually surpassed the content filtering aspect of it for most of the products that focus on that and the need for it in the industry. So, you know, my role here is really just kind of to guide a focus heavily on the product development, trying to meet the needs and focus on the trends where the threats are, and how we can effectively counter those for our customers. As well as you know, setting, you know, the direction for marketing, all the fun buzzwords and things that I argue with team members on what we shouldn’t shouldn’t say. But yeah, so it’s been a lot of fun. And there’s certainly been a huge demand for it over the last couple of years continuing to grow, due to not just the pandemic, but the cyber pandemic that we experienced as a result of it.

Lauren Lev  
Awesome, thank you, Tim. All right, Andrew, again, good to have you back. Tell our audience again about your role at Cisco.

Andrew Griffin  
Yes, it’s a pleasure to be back. So I am the Technical Solutions Specialist for the entire south region. If you want to get Umbrella, I am your guy. I’m going to be walking you through the trial, showing you how beneficial this is to take the protection of your business to the next level to really ensure that your business is secure. Now, of course, I cover the south region, I have plenty of counterparts that cover the whole US and the whole entire globe and they will take just as good of care of you. But I like to say that I am the- what is it, the Reddit nerd from Best Buy, to where as soon as you come in, and you may not be looking for, you know a computer to get fixed. You may not even know but I’m there. I’ll show you, you know why you don’t want to be the next business on the front cover of the news or newspaper saying you get compromised. Because I can show you how our products are cloud security products, not another physical device as well. Cloud security products can really help protect your business and help stop those connections before they are made. And we can dive into that a little deeper later.

Lauren Lev  
Perfect. All right, we look forward to it, Andrew. Blair, last but not least, remind our audience who you are and what you do at Webroot.

Blair Swartz  
Thanks, Lauren. And yeah, I appreciate the invite back. So what I do at Webroot. I’m the Channel Account Manager at Webroot. And I specifically manage the ConnectWise partnership. So, if you’re an MSP that is using ConnectWise for your RMM and you’re also using Webroot I’m the guy to reach out to. And for those who are unfamiliar with Webroot, what we do is we deliver cloud based endpoint security, network security, security awareness training and threat intelligence services, all on a multi-tenant console. We really continue to drive innovations with our endpoint product and specifically DNS protection. Now a strong focus of that has been on DOH coverage and I’m sure I’ll dive into that a little bit more but that’s, that’s going to be focusing more on the security aspect of DNS and less of the content filtering. So, again, thank you for the invite back. I’m super stoked to be here. And let’s have a great discussion today.

Lauren Lev  
All right, Matt, do you want to start us off today?

Matt Tankersley  
Thanks, Lauren. And guys, thanks so much for being here. We really enjoy having you. I think our focus for the day is clear. Our cast, you guys are all fired up. So let’s, let’s say we kick it over to our returning VIP cast member, Jim Bowers and let’s have you set the stage for the conversation. Jim, any particular thoughts on the differences in the two issues? Right? We’re talking about really, kind of two things, DNS protection and web filtering. And what do we know about the cyber risks that necessitates securing our users endpoints and networks with these tools? 

Jim Bowers  
Yeah, so first off, you know, I got to be a little bit of a character, Matt. So Andrew, my daughter has cursed me every time I hear Cisco Umbrella, I think of Rihanna. So that’s her fault. And I sing Umbrella in my head. But DNS is such a critical component, especially malware and ransomware, right? So you got like you said, you have two facets to this, it’s A: I have to protect my employee from doing something stupid, right? Not only going to a bad domain or a landing page where they can download malware, so let’s think of that employee that may be torrenting, downloading movies, that’s a big fine that that organization may get from, you know, one of the movie producers. So, we have the aspect of protecting that end user of going to a malicious site. But the bigger piece, if you look at how ransomware and malware works. It pretty much leverages DNS either via DNS domain generation algorithms, right? That enables you to get past that. But also, for that malware to communicate back out to a command and control. And if you have that DNS security protection in place, that’s going to disrupt that communication chain, right, and really going to make that ransomware ineffective. It’s not able to communicate out, not able to download encryption keys. So it’s really, if you think of everything we do today, right? When I get on my keyboard, I’m not typing in IBM type a DNS name, right, and it’s gonna resolve. And by having that DNS security, not only is it going to protect that end user from going to stupid places, going to sites that are restricted. I’ll tell you a funny story. I was working on a big account and TBI actually uses Cisco Umbrella. And I go to a company called One Up Innovations. I’m typing it in, doing a little research and it’s not resolving, not resolving. I’m like, What the heck is going on here? Well, I get on my phone, and I come to find out that One Up Innovations actually translates to an industry that has three x’s in it. So, I frantically call up my VP of IP going, “listen, I was not going here”. But you’re going to see it in Umbrella, right? So, it’s really, in today’s world and environment, especially since we’re not sitting behind firewalls, we’re not sitting behind those devices, that can maybe have some rules in place to block certain traffic, but that’s dynamically changing. We’re in a more dynamic environment, it’s very critical to provide that layer of protection up in the cloud, for that DNS layer, which malware ransomware and all uses. So the risk of not having that is permitted, right, not only from what that employee can do to the organization from going to malicious sites or downloading content, but also the main attack vector of that ransomware to work, right. And we all know, at the end of the day, threat actors want to get that ransomware in and that ransomware is going to leverage if you look how ransomware works, it’s going to leverage that DNS resolution to go talk out the servers. So the risk of not having that in place in today’s world and having that part of your defense in depth approach to security is a huge risk for the organization and moving forward. 

Matt Tankersley  
Absolutely. You know, and I think, Lauren, you’re about to pass the buck over to Blair next I think, but let me let me throw this in. Because you, you sort of implied it without saying it. And it dawns on me, because this is a critical thing that we’ve had to deal with. So there’s the, you know, we talked to there being two pieces to the puzzle here, right? And one of them is proactively protecting against a user for being dumb and clicking on stuff, right? We talked about that all the time. And that doesn’t mean they’re intentionally doing it. Right? And you talked about the unintentional implications that malware could have, where they’re there all of a sudden and you’re in that three acronym industry that you don’t want to be in. And it’s interesting, we think about cyber risks. We think about ransomware. We think about malware. And there’s another form of risk that I guess just has to be calculated as malware that we deal with on a regular basis. And that’s, imagine that you have a guest WiFi in your environment. And you have someone who’s a third party who’s in your building using your guest WiFi and let’s say that that person intentionally or unintentionally, was accessing content that’s not conducive to the rest of the people in your facility. Right. And you know, all of a sudden, you can find that you’re liable because of a complaint from another person in your building, whether it’s an employee or a visitor, because they got exposed to something inside your facility that they hadn’t planned on. Now, when that legal thing comes around, and they start talking, they’re gonna ask questions, was it on your Wi Fi or not? That’s a risk. That’s a risk in and of itself. And I guess we have to call it a cyber risk. But these are the kinds of things that we can be proactive about protecting against when we’re using solutions and technologies, like our solution partners are going to talk about today. So with that, Lauren, let’s kick it over to Blair. And again Blair, we’re gonna focus on you know, kind of what’s the issue here that necessitates the need, and when we get around to round two we’re gonna talk about specifically with you how Webroot is addressing it.

Lauren Lev 
Well yeah, I feel like Matt, Matt did my intro. So Blair, we’ll just have you go. Take it away.

Blair Swartz  
Yeah, I appreciate that, Matt. And first off, I’d really like to go over, you know, what is DNS? Because sometimes partners don’t simply know what is DNS and this acronym, and you know, what I like to picture it as, is it can be looked at as the internet’s phonebook, right? So if you’re on a browser, and you’re trying to go to, let’s say, bestbuy.com, what’s first going to happen is that browser is going to go out to a DNS server, it’s going to get the IP address that’s associated with bestbuy.com. And from there, it’s going to send it back to the browser, and you’re going to be directed to the website. Now, this system has been in place for many, many years and in my opinion, it’s pretty archaic. One, because it really exposes what you’re doing. And really, that’s, that’s the problem with DNS, right, is that it was never really meant to consider privacy or security, you know, these requests are made and resolved in plain text. And, again, it exposes what you’re doing. So I think that’s where the adoption of DOH, which is DNS over HTTPS, really comes into play. You know, this is a new standard that’s coming out. And what it’s going to do is it’s going to offer a method for encrypting these DNS requests. So it’s going to mask or shield those requests from, from any of those bad actors that are looking to, you know, that are seeking to use that information improperly. So the potential problem with DOH, and I’ve been discussing this a lot over the last year, is that the business, or you as the MSP, can potentially lose control of DNS if all these applications start managing DOH requests independently of the operating system. So what’s really cool today, is that Webroot is fully supporting DOH and it’s going to take that loss of control into account, really, by managing all communication between the agent and our Webroot resolvers via DOH. So, again, I can’t drill home enough how important the security aspect is of DNS. And we’ve mentioned it a lot and Tim mentioned it, you know, it’s, it’s more than a content filter. So yeah, that’s really what I like to drive home with DNS.

Lauren Lev 
Alright, Tim, I feel like you’ve had an opportunity to warm up and get used to things around here. So we’ll have you go next. So just to recap, we want you to discuss the differences between DNS and web filtering, and what are the risks associated with each of those.

Tim Adams  
No this is, these are fun. This is a fun topic that I, you know, talk about pretty much regularly, every day. And there’s a lot of bits and pieces here that you guys, like you said we could spend an hour talking about DOH versus DOT. And, you know, we could talk about the content filtering piece and I wrote a blog piece last year about- on the content filtering side about an appliance dealer in Europe. And you’ve got these smart fridges and someone had kind of gone in there and put Pornhub on the smart fridges. So people walked up and they didn’t have any built in protection on their store network to protect from content filtering. And so, that was obviously an issue and there’s a lot of good tidbits about that. But I think I would probably just add kind of what I mentioned before, sort of the growth of demand for- or at least the growth and understanding how DNS filtering is from a security standpoint. When you look at and I mentioned before, kind of the cyber pandemic. You know, there’s been a lot of sort of this perfect storm, the last couple of years of events and causes that have I think elevated the need for not just DNS filtering, but overall cybersecurity for- which DNS filtering is an important layer. We talk about any type of security is a layer in my house. I have layers of security, I have a camera, I have locks, I have a Rottweiler, I have a Glock 23, you know, you got all these different layers, right? And it’s important, in too many times in the past securing, you know, companies in general would kind of go through this checklist. I got a firewall, I’m secure, right? I’ve got antivirus, I’m secure, right? Kind of doing this bare minimum. And over the last couple of years, we’ve seen this, you know, 50 to 200%, depending on the sector increase in attacks, because of this perfect storm of events. So when you look at an enterprise in schools, you have entire sectors where you have, you know, companies where 10% of employees work remote to within a month, 90-95% of those employees are working remote, you have school districts overnight, that send kids home. And so all these IT departments are now scrambling, right, you’ve got the network people, you’ve got the application people, you’ve got the security people, and they’re really just overloaded, just trying to meet the bare minimum demand of the service that they have to deliver. And so a lot of times security kind of takes a backseat to sort of what has to get done. And so while that’s happening, you had the whole medical industry, we’ve got, you know, hospitals and ICUs, that are just  maxing out in, you know, occupancy, and they’re getting hammered by, you know, threat actors that are not just content to, you know, deliver, you know, harmless, they’ve got to completely shut these hospitals down. And you had actually documented cases where people have lost their life in a hospital, because the hospital teams couldn’t get x access to the X rays, they couldn’t pull up the medical records, or you had telemetry machines go completely down, right? So all of this and then because of that, you’ve had an increase in companies that have offered relief, you’ve had governments offering, you know, different types of relief for the pandemic, you’ve had banks institutions. And so there’s this huge communication and email. So which increases spam, and people forging identities and trying to get people to login and take advantage of that. And so this entire perfect storm has just created this increase in additional threats. And we’ve seen trends like, you know, Fast Flux, where these are infrastructures as a service where someone who’s not really that technical, could go out and get this entire button, that infrastructure provides some domains, and they can rent that. And then you know, you know, craft some email messages, and then go out and attack and try to, you know, try to extort people. And so, all of this has really just raised, I think, the awareness that DNS filtering is important. You know, you’ve seen it, you know, become part of Signum C level three. And so, it’s being kind of cemented at that, you know, at the DoD level, they’re understanding the contractors need to take this into account. And so, there’s some good that’s come out of it. And sometimes it’s easy to think that the bad guys are winning, because, you know, if you look at it from a growth standpoint, it kind of looks like they are. But for the companies that take it seriously, and they could go in and latch on to some of these techniques and some of these processes, they can come out ahead and be very effective in improving their security. 

Matt Tankersley  
Yeah, and I know, we’re gonna turn it over to Andrew here for some final thoughts on the issue. And let me say this, we’re talking about a lot of buzzwords, and we’re talking about things that you hear every day: ransomware and phishing and emails. And what wasn’t said in there that was clearly implied is that if you have control of DNS, you’re mitigating the consequences of all of these issues, that we’re talking about, all these bad guys and all these emails. I think what everybody’s trying to say, and we’ll continue to say till we finish this episode is that without DNS, 99% of that stuff doesn’t work. That’s why this was an important topic as many.

Lauren Lev 
Thanks, Tim and Matt. So Andrew, you are finishing us out on this roundtable. So what do you have to add to the conversation that these guys haven’t covered yet?

Andrew Griffin  
Yeah, I would just like to echo exactly what Matt said, right? Everything starts with DNS, instead of, you know, trying to figure out what is going to keep my ship afloat by keep repairing the inside, the inside of the inside, well, let’s figure out what keeps causing these holes, right, of why my ship is sinking. And that all starts with DNS. I mean, DNS is just where, you know, you go into the browser, just like Jim, Tim and Blair all mentioned. And, you know, that’s what happens to the websites. I mean, unfortunately, there are threat actors out there that manipulate this. And it’s, it’s just the way it is, and you know, having a firewall on your campus, and that being a single barrier of entry to compromise, just doesn’t cut it anymore. You know, you can’t just have a single barrier. What if something gets through the firewall? What if something goes around? What if something is brought onto your BYOD network and it finds a loophole right? Having these layered approaches- and I just can’t stress that enough, makes it that much more difficult for something that if it does get into your network they really have to get into it to kind of go and compromise. And I just can’t stress that enough, especially from a DNS standpoint. They take it even a step further, you know, these threat actors are getting really, really tricky with it, you know this, the HTTPS with specific URLs. I mean, just today, I was troubleshooting with someone, the domain was fine. The domain was totally healthy and clean. But there was something embedded in an Excel file that they downloaded that they didn’t even know they downloaded because they clicked this link. Right. And as soon as that content gets in there, compromise? You know, that’s just the way it is. And I think it’s really funny to me that you mentioned, you know, the smart refrigerators and stuff. Because the question that I love asking everyone, and this is such a trick question. And everyone always smirks at me. How do you know what you don’t know? And when I ask a network admin that or anyone that really, they’re like, oh, well, I don’t know. Well and it’s like, Okay, let me show you my product. And the answer is going to change from you not knowing to hey, I don’t know, but my security products do. Right? Because as human, I mean, I’m not sitting here looking at the logs, I’m not seeing all the DNS traffic all day. I shouldn’t know, right? I have better things to do, that’s gonna give, that’s gonna save me time, it’s gonna save me money, gonna save me effort. Right? It’s gonna save, you know, my way of getting, you know, the celebrity status on the newspaper, not from a compromise, but from something else. Right. So it’s, again, it’s just those layered approaches. And, you know, just making sure that it’s safe, because we all know, we have security training programs, to go ahead and train our employees, you know, don’t go to malware.com. But for example, if I fat finger, trying to go to Google, and it says Goofle, well, guess what? Go to Goofle. It’s malicious. Right? It’s simple mistakes like that. We know what not to do. But in the event where, you know, let’s not think about the obvious, those aren’t the ways that people are getting compromised, right? Or at least I hope not, please, if you are talking to me, right. But you know, it’s those outlandish ways. And that’s, you know, we really got to think outside the box. And thinking outside the box is starting with, you know, these security Cloud products that are really focusing on DNS, and then web proxy.

Jim Bowers  
So I think Andrew, you know, nailed it. The DNS pieces in everything we do. But also, if you look at these DNS proxies, it’s the next evolution to SASE, right? If you look at how organizations are moving their applications, and everything’s moving, that castle and moat is no longer viable. So if you look at Umbrella, how they’re extending out their services more into the SASE platform, but it really enables that next generation of how organizations need to tackle their security posture. And DNS proxies play a critical component within that aspect, right. And I think another piece, Andrew said, is, how do you know what you don’t know? I like to say, I can’t stop anything I can’t see. Right? And providing that analytics, and that telemetry, and that data that can be digested into a scene, or an NVR product provides such rich data to provide that dense defense in depth approach, right? I want visibility across everything in my infrastructure, everything my users are doing, because that’s going to enable me to detect malicious and nefarious behavior quicker. It’s not about protecting it, it’s about how quickly can I detect it? Right? And so I kind of wanted to layer on to that piece of Andrew’s comment.

Andrew Griffin  
I love that you said that too, right? Because a lot of times when we talk to, you know, these small to medium sized businesses. It’s like, Hey, I don’t need this product. And I’m like, Look, why do you think you don’t need this product? Because I don’t. I’m like, Look, I’ll give you a trial. It’s free. It takes three to five minutes to set up. Don’t enforce anything, it doesn’t have to block anything, put it in audit mode, and just see what comes into your network. Right? Just let it show it. So that way, when you have all the logs collected, and you can take a look, you can really see what was detected that you weren’t originally seeing to be like, Oh, snap, you know, like, Alright, maybe I should, you know, take a look at this. Right? So I love that you said that.

Lauren Lev 
Well, I feel like these guys, like hit it out of the park in round one, but Matt, do you have anything else to add? It’s gonna be a big act to follow. But if you have anything else to add now, now’s the time to do it before we move on to round two.

Matt Tankersley  
Sure, yeah. Well, Jim, your VIP status man. And that comes with your ability to inject yourself at any point that you want, man. So not that everybody here couldn’t do that if they wanted to. And I think it’s interesting to note, you know, we’ve been in the business of providing IT services for a long time, right? And we’ve been in the business of providing endpoint security for a long time. And if we think about that, in the traditional sense is okay, we were providing the anti virus protection, right, and that became malware protection. I think it’s important though, that today, we don’t even sell endpoint security without DNS protection. It’s such a critical point. And so, when you come to TechOnPurpose, whether we’re providing a Cisco solution or a Webroot solution, or a scout DNS, or an IronScales, or you know, SentinelOne, trust me, you’re not going to get a service from us without this level of protection? Well, listen, we’re going to turn it over now, I think to everybody and Lauren, we’ll follow your lead on where we’re gonna go. But let’s talk about what’s unique about your solution in the marketplace. And I think it’s important to say, because everybody here has a multi-tiered approach to security. This isn’t the silver bullet, as we said many times there is no single silver bullet. This one is crucial. But each of you has a security stack of services. And so talk to us about your solution for DNS protection and filtering, and how that works in harmony with the rest of your security stack to mitigate the risk that comes from these things and enhancing security for your users, devices and networks. And so Lauren, where would you like to start?

Lauren Lev  
Alright, Andrew- You did so good last round, let’s have you go first.

Andrew Griffin  
Yeah. So Cisco Umbrella, it is the full kind of proxy solution in the sense to where, at a simple DNS layer, it’s going to stop the connection before it’s made. And I can’t stress enough how important that is. It’s not that it’s allowing this connection to form and then it’s going to stop that malicious traffic from entering. It’s stopping before it’s even connected with little to no latency added at all. Right. And that is the definition of really having that security intact there. All of this is backed by Cisco Talos, which is the world’s largest non government Threat Intelligence Agency, and handles 4% of all internet traffic, which is right behind Google at 4.5%. And the reason why I point that out is because not only is it handling that traffic, it’s expecting it, it’s analyzing it. So looking at heretics behaviors, right, the baseline. So that’s really the intelligence feed behind everything that it does, automatically. Just yesterday, I’m looking at the statistics right here. It handled 550,041,431,885 DNS requests yesterday. And that’s 4% of the internet traffic from yesterday. So think about that, you know, just DNS requests in general. I mean, we say everything starts with DNS. It does. And with that amount of traffic. I mean, that’s just insane. I had to make sure that was 550 billion, right. I double checked that.

Jim Bowers  
And that was just at Matt’s house. 

Matt Tankersley  
Yeah. We got, we order a lot of corn around here, man. So-

Andrew Griffin  
Go to all those corn sights. So you know, it all just starts there. And the integration that we have with Meraki, right? You can integrate specific SSID or VLANs, especially in the sense where you have a BYOD or guest network to really have its own policy applied to that identity to have a really strict enforcement. It integrates hand in hand with secure endpoints, which is our hybrid AV. Because yes, Umbrella is going to go ahead and stop those connections before they’re made. But from an antivirus standpoint, let’s say you don’t have antivirus, you scan your device, you know, maybe using just a Windows Firewall defender or something like that. Everything’s clean, it’s fine. Maybe this file is dormant. And in seven days or ten days, it’s going to go ahead and try to activate. What is it going to do? It’s going to try to call out to something, Umbrella is going to stop that. Now having Umbrella stop the connection from an external standpoint, and then having secure endpoint the high REVE, or really any antivirus on an endpoint protection covers you hand in hand because it’s going to go ahead and quarantine and sandbox to let you know, this is what it was trying to do, but it never actually did it. So again, having these layered approaches, right, just can’t stress it enough. And then from a full proxy standpoint, alright, we’re coming out with Secure Internet Gateway, which is SIG, or SWG, which is the Secure Web Gateway. This is the full web proxy solution to not only filter DNS at Port 53, but HTTPS and HTTPS traffic 80 and 443, down to the URL level down to the file level, right? And why is this a big deal because, you know, if you’re going to a site where it’s Google, you’re not going to block google.com, you’re going to block that specific URL, or that specific file, like I mentioned the embedded Excel file right on that site, to go ahead and make sure that your users can get to what they need to get safely. Right. And that’s just, such an importance because you want to provide that security, but you don’t want it to have an impact on business. Right. So that’s just such an important part. And, you know, along with the analytics, I mean, you know, if you deploy SIG, you get a cloud delivered firewall, which is another firewall in the cloud, I’m not sending you a physical device that you have to worry about. That covers you from a layer three, layer four, layer seven standpoint. I mean, the granularity divisibility, you know, we have DLP that just reached out, right? I mean, DLP is keeping that sensitive data sensitive, right? And you have all this in one dashboard, you don’t need another product, right? For DLP, the example that I love to give is I have a rule set up with the keywords internal only. And if Umbrella detects that any document with the keywords of internal only is being uploaded to a public application, because those, any document with those words should never be uploaded to a public application. It’ll block that, it’ll stop that, it’s going to log it, it’s going to alert you, you’re going to know. So hand in hand from every aspect, it is going to help you keep your business protected, give you that visibility, and really just kind of have you sit back and be like, I can breathe.

Matt Tankersley  
There you go. Hey, guys. I think it’s important, Jim and well stated by the way, Andrew right? If you think about who our audience is, it’s this audience hopefully that’s trying to understand the simplified version of each of the many factors of what we call the TOPcyber21 best security practices, right? And we talked about a lot of terms. And we talked a lot about a lot of acronyms. But I had a thought while you guys were chatting, right? I doubt that Lauren, we can test you, we can test this on you, I doubt that the average user of any device understands how many DNS lookups occur when you access a single website.

Jim Bowers  
 Oh, yeah. 

Matt Tankersley 
And yeah, see? See, right? Even your own website, like if you go to our website right now, TechOnPurpose.net, you would be blown away to know how many DNS leaks are happening there intentionally that you don’t know about? And hopefully not unintentionally, because there’s some malicious component that’s compromised our site, right. But there’s Google API lookups. And there’s Google metrics lookups. And there’s, you know, CRM, lookups, and statistics that let us know you’re on, you know, on our website, so our sales team can be aware of you there so we can serve you well, right? So I’m curious if anybody knows the answer along the way, we’ll look it up afterward. But I wonder what the average number of lookups is when you visit a single website, because it’s a bunch. So the point of that was to help people understand that this isn’t just a single thing, hey, I’m going to espn.com. And well, we know that’s legitimate. I shouldn’t have to worry about that. And that’s all I ever go to. Now, there’s a lot more going on there.

Blair Swartz  
Yeah, Matt I think that’s a really good point. I’ve actually tested it for Yahoo Finance, just to see, and it came up with about 40 DNS requests to go to Yahoo Finance.

Matt Tankersley  
No surprise, no surprise, probably- Yeah, go ahead. I’m sorry, Jim. 

Jim Bowers  
Spot on. I’ve used Little Snitch. I’m a Mac guy, not a big windows fan. And Little Snitch shows the same thing. There’s an amount of connections that you don’t realize are going on the back end, 40- 50- 60 communicating between sites, right? It’s eye opening, to say the least. Right? 

Matt Tankersley  
Yeah. So we’re talking about DNS here, guys. And I see light bulbs going off in Lauren’s head, and we’re gonna pass the ball here. But, you know, you go to a single website, this is why DNS is important. It’s not just looking up espn.com. It’s those 40 to 50 that Jim just mentioned.

Andrew Griffin  
Yeah, if I can, if I can add a comment too. You know, that’s, that’s for usually a one-to-one, right, IP to domain mapping. So, you know, we’re humans, we can’t remember the IP address of a domain, which is why we type the domain. But a lot of domains, you know, especially globally, depending on where you are geolocation, they may resolve to different IPs. Now, what happens when one IP is malicious? Well, you simply block that IP, and you allow the rest because you don’t want to, again, have that impact to the domain of not being reachable just because one IP is not safe, but the other three are, you know.

Lauren Lev  
You guys are gonna be hard to follow, but I’m gonna have Tim go next. What is unique about Scout DNS’s solution? And how does it work with other aspects of your security stack to help the end users?

Tim Adams  
That’s a good question. I think we’ve talked a lot, and you mentioned a lot of buzzwords, and there’s a lot of, you know, technical pieces to how DNS works. But from when we found it, a big focus for us was really about making DNS filtering, you know, accessible and easier for IT administrators. And so, you know, from our interface to everything that goes on in the backend and how we present it, we really designed our solution to make it simple to deploy policies, whether it’s a single site or 1000 sites. We make it easy to find logs, you talk about, you know, all the data that that a single request has, we make it really easy to present and to say, hey, a lot of people have looked at their network by top level domain, what is all of my traffic today by top level domain? What is all of my traffic by DNS record type? I might have a lot of a, you know, triple A records. But why are all these, what are all these text records coming up in my network today? And so, what are they going to, and what’s the purpose of that? And we were one of the first companies to implement DNS packet capture. So message capture. So for every single query that goes through our network, we capture the full R data, and present it back to our logs. So you can look it up and say, Hey, you can follow the full chain from all the way through seeding all the way to the final A records, or IP addresses and actually see the results. And we capture that for every single request. And make that easy in our system to drill down to, you know, when you manage things by DNS at the DNS layer, sometimes you break applications. So you need an easy way to say, Hey, show me what’s been blocked in the last hour or two- clicks. I can add that to either a policy allow list or global allow lists for all of my sites. So again, a lot of our focus is on just things that make that easy. We talk a lot about websites. But one of the things that we didn’t mention was IoT devices or headless devices. And so DNS security is very important for that because I can’t install antivirus on a camera or on a lock or a sensor. But I can monitor the DNS requests that they’re making. And I can see if maybe they’ve been compromised, or they’re calling out to a different server. So I can restrict the top level domains that they’re allowed to access or the domains that they’re allowed to access and block anything that’s unusual, that are, that’s new to them. And so, there’s a lot of advantage to DNS layer security and our goal is to make that simple and easier for IT administrators to manage.

Lauren Lev 
Jim, I saw you light up but-

Jim Bowers  
Oh, yeah. Yeah.

Lauren Lev  
Yeah, we will have you go last since you’re the VIP cast member, but we’ll give Blair a chance to add his two cents and then go over to you. 

Matt Tankersley  
Yeah, I think we might have lost your video there for a second, Jim. So we’ll come back to you and definitely like that you brought up IoT. So I got a feeling Jim’s gonna bring that up again here at the end. So-

Blair Swartz  
I don’t want to I don’t want to steal your thunder here. But I’m going to tell you a little bit about what we’re doing at Webroot and how DNS ties into our various other solutions. And so, DNS protection was really designed to be a key component of a layered solution. We talked about layered security a lot, right? And that’s going to include device protection, user protection, and network protection. So it’s really streamlined protection at its finest. What I like to call a big differentiator of our product is, is really our advanced real time web classification data, that’s going to keep protection current with the changing internet, right. And it’s going to do that by utilizing industry leading machine learning and AI algorithms. So the fact that this product literally deploys in minutes, it’s really as easy as selecting a user and a policy flag. And that’s going to activate and bring them under auth network and roaming control via our DNS protection service. And that makes this solution extremely user friendly. But what it’s also going to do is it’s going to stop tracking information from being exploited by malicious actors. It’s going to provide connection visibility, and your content filtering piece for those employees that are working out of office while giving you the security controls as the MSP and and maintaining your DNS connection. So really, what’s under the hood of all of this, and that’s our bright cloud threat intelligence platform, right? It’s what sits behind all this technology. And simply it’s, it’s our cloud based machine learning platform. And what it does as it processes all of the threat data that is sent from our millions of endpoints and OEM sensors that are deployed by our technology partners. So for instance, companies like f5 networks, Citrix Aruba, Palo Alto Networks, they all leverage our threat intelligence at Webroot to power their devices and services, and to really protect their own customers. So the last thing I like to mention is how our entire platform is built to clearly identify suspicious activity. And that’s all related to unknown processes, right. And that’s all based on the behavior that that file is demonstrating, regardless of any attack technique. So lastly, our advanced evasion shield options will provide detection against APTs, any file list techniques, and we’ll keep evolving just as these bad actors do. So that, in a nutshell, is what we’re doing at Webroot, Lauren, and I really appreciate you inviting me to speak on DNS a little bit. This was great.

Lauren Lev  
Thank you guys. So Jim, you’re probably chomping at the bit. Any closing remarks we have today?

Jim Bowers 
I’m so glad Tim mentioned IoT devices. Because that is one of the number one up and coming attack vectors. One of the largest breaches I worked on was a thermometer at a casino that was hacked. Right. And they worked across your network. I have an IP connected crock pot. I don’t know why. I guess it’s maybe because I want to be able to check my roast when I’m out. But all of these IoT devices were in home environments. They are very insecure. And I think Tim nailed it, they’re behind on endpoint agents, EDR agents, there’s no real standard around IoT devices or different customized length versions. But having that DNS protection and provide you that layer of protection on those IoT devices, is they’re booming all over the place from every vertical in every sector. And the endpoint protections are behind, so this layer is critical, especially in the medical field, all the IoT devices they use, right? Being able to protect those knowing that you can’t install a CrowdStrike or a silencer anything to that extent, is very critical. I think it’s part of your security posture. And absolutely if you have multiple IoT devices for employees working from home, where we’re plugging into environments where there’s Alexa’s and Google homes and you’re Alexa’s connecting to your next door neighbors Alexa, because it’s a sidewalk. That protection is a critical piece, and I think Andrew touched on it. I think the Meraki can incorporate some of the Umbrella functionality within the Meraki device. So that’s a critical component because of those IoT devices that may be sitting on that infrastructure, they’re not relying on a roaming client to leverage the DNS proxy functionality. 

Matt Tankersley  
Yeah, well, listen, if we haven’t made this clear, DNS is huge. Your network doesn’t work, your mobile device doesn’t work, your laptop doesn’t work. Nothing works without DNS. And all of the malware and things that are out there use DNS to reach the bad things that they’re trying to push to you. And so this level of security is important. So what is it going to do for you, it’s going to basically put a component on each of your devices that checks that threat intelligence through machine learning and artificial intelligence through our many providers that are here today. To keep users safe, from intentional harm from unintentional harm, it’s going to be transparent that I think everybody here is doing a great job of that where that wasn’t the case, you know, three or four years ago. So now, you know, it was like we were doing a great job of protecting you while you’re in the building? Well, as everybody said, well, right, everybody’s out of the building now. And so, now we’ve got that security attached in such a way that it’s going with your device. And we’re able to extend that same intelligence, whether I’m at home on the BYON bring your own network, that we talked about in one of our prior episodes or not. And so I think the moral of the story is DNS protection, guys, it’s not an option. If you’re doing business with TechOnPurpose, and we’re providing cybersecurity services, it will be included in what you’re getting. And what a great segue to what’s coming next week in Blair, you did a fantastic job of sort of setting the stage for that. But we’re continuing to drill down in the security stack the top cyber 21 best security practices. Next week, we’re talking zero trust. So it’s inevitable, right? What do you do when layer eight fails, and DNS protection fails? And you know, even people that know those environments that can be malicious and work around those inside your environment? How do we stop that stuff in its tracks at that level? Tune in next week for zero trust. Lauren, I think, unless anybody has some final words, and those are welcome, we can let you show us out.

Lauren Lev  
Yeah, well, I have to say, Andrew, if you keep it up, I think you’re gonna give me a run for my money for this job. So settle down over there.

Andrew Griffin  
No, worries. I did have one thing that I would just love to add to is, I think it’s ironically funny, you know, we’re talking about the IoT devices, I was working with a customer. And they added their network to be protected by Umbrella. And as soon as they did that, oh, my gosh, the flood of logs from crypto mining just start coming in. When, you know, when they’re looking at the logs, you can see the source IP. And, you know, I’m on the phone, and I’m like, hey, you know, let’s, let’s track this down. Let’s take a look at what’s going on. He looks at it. He says a couple words, you know, he’s like, you know, he takes the phone back, and he’s like, hey, hey, Jim, go unplug the TV and the refrigerator for me. And he goes, and he does that. And then 10 minutes later, these logs stop coming in. So you know, you can’t put antivirus necessarily on this refrigerator and this TV, you know, because they’re smart TVs and smart fridges they’re not built for that. But they were making these call outs to these crypto mining sites, non stop, and they would have had no idea because they just didn’t have the visibility into that. And I just thought like, I’m even sitting here like, oh, my gosh, you know, smart refrigerators, smart TV, you know, here’s where, you know, these malicious actors are really thinking outside the box. So you know, whether it’s that or, you know, it may have been Tim, the same refrigerator.

Tim Adams  
I was gonna ask, you know, if they unplug the refrigerator, where are they getting their corn from? You know?

Andrew Griffin  
Exactly, You got to balance it. Right? So-

Matt Tankersley  
And it’s probably hot corn at that point, because it’s not keeping it cool.

Lauren Lev 
I don’t know if I want to be here next week. All right. Anybody have anything else to add? Before we send us off?

Matt Tankersley  
You guys are all rock stars. Thanks for being with us. 

Lauren Lev 
Perfect.That is another one in the books. I feel like today was such a good episode, and in large part that is due to the cast right here. So again, thank you guys so much for joining us. And a special thank you to all of our listeners, we appreciate you tuning in. If you would like to start a free trial from any of these solution partners, send us an email at . And sign up for a free cybersecurity assessment by visiting whosinyour.cloud today. Once again, if I’m here next week, you’ll see me. I am Lauren Lev, Marketing Manager for TechOnPurpose and remember, you can catch every episode of our “Who’s In Your Cloud?” vlog series by following TechOnPurpose on LinkedIn, Facebook, YouTube, and Spotify, or sign up for our blog to have episodes delivered to your inbox weekly. And that is at techonpurpose.net/blog. Once again, thank you for joining us. And don’t forget, like Matt said earlier, next Tuesday we have episode eight on zero trust. Learn why you should never trust and always verify. We will see you guys next week. Bye!

Ready for your free cybersecurity survey? Discover potential vulnerabilities for your business and get a copy of our #TOPcyber21 Best Security Practices to help get you started on the road to #secure, reliable, trusted technology! Subscribe to our blog to get episodes of “Who’s In Your Cloud?” delivered direct to your inbox weekly.
Claim Your Free Cybersecurity Sruvey