DNS Filtering, Malicious Traffic Filtering, & Phishing Protection
September 17, 2020
Cyber Security | Phishing | WFH Cybersecurity
DNS Filtering, Malicious Traffic Filtering, and Phishing Protection are terms that are sometimes used interchangeably. That's confusing for small business owners that want to cut through the terminology and simply know what action they should take to stay safe. Here, we'll explore the subtle differences between these terms -- in plain language that anyone can understand.
Remember the last time you were driving, walking, or biking to a store but didn't have the address handy? You needed a way to know how to get there. At a minimum, you needed the address -- but more likely you also needed some form of turn-by-turn directions. And, when Google Maps gets it right, you end up exactly where you wanted to go -- with star-ratings and reviews even, to know what the experience might be like.
The internet equivalent of this whole sequence, starts with DNS. Under the hood, that's how you go from knowing that you want to visit "amazon.com" to actually be browsing that website. DNS sets that whole sequence into motion, magically finding the website's address (IP address).
But what if DNS was smart enough to help you stay away from a dangerous website that you were (almost!) fooled into visiting? That's called DNS Filtering. And it prevents you from visiting dangerous websites.
Malicious Traffic Filtering
Usually when you hear the term Malicious Traffic Filtering, it contains some aspect of DNS Filtering. Not always; the term has been used and interpreted in different ways by different vendors. However, we think that good Malicious Traffic Filtering includes DNS Filtering and more.
The "and more" part should include some monitoring related to the content of the network traffic flowing to or from your computer. For example, if an attacker tries to send some malicious request to your computer on a port that was only expecting VoIP communications, that's an example of something that good malicious traffic filtering should be able to identify and halt.
The term Phishing Protection has probably the broadest meaning of all of the terms discussed in this article. Excellent phishing protection can and should include:
Passive email content filtering (filtering that happens automatically without you having to take any action)
Active email content evaluation (a way for you to get a second opinion -- preferably automated -- about an email that you find suspicious)
DNS Filtering (and possibly some broader elements of Malicious Content Filtering)
Phishing Simulations (preferably delivered in conjuction with some online/modern phishing training)
If there is one point you remember about phishing protection, make it the fact that phishing protection is not limited to technological barriers -- it needs to extend into the human factors of helping team members identify suspicious behavior and avoid it -- when the technological protections let something suspicious through.
Wrapping Up: DNS Filtering, Malicious Traffic Filtering, Phishing Protection
If you'd like a hand setting up the types of protections described in this article, the Havoc Shield platform is designed for point-and-click rollout of these types of protections and more. And it's designed for non-experts: we believe in democratizing access to corporate-grade cybersecurity program elements. Drop us a line, we'll be glad to help.