The Domain Name System (DNS) is essentially the directory of all the device names of a network, including this huge network we call the Internet. Every host that is serving up content can be contacted via some sort of IP address.
It’s why we had phone books back in the 70s and 80s. It was extremely difficult to remember the phone number of that guy who did a really good job fixing your leaking toilet, but you sure could remember his business name. Let your fingers do the walking (website DNS) and find the number (IP Address).
DNS is important because humans cannot process a series of 12 random numbers and store that information in a way that would be useful to them. DNS is why you can go to Google.com instead of 220.127.116.11.
For internet-based sites, their DNS name is a public IP Address that needs to be registered on the Internet DNS providers. There are literally millions of DNS servers attaching names to numbers all over the place. Many of these serve websites on the internet, but there are also countless DNS servers storing device/site names on internal company networks.
But it’s so much more than that.
DNS protection is the world’s first and best line of defense against the pathogenic nature of a coordinated malware or DDOS attack. If the various threat feeds around the world can identify and block the request at the DNS level, none of the other stuff can happen. There’s no payload download, there’s no transaction of data that starts the dominos to falling on an endpoint, and there’s no spread of the payload to other machines on the network.
DNS protection also means that you have a layer beyond just your endpoints to protect you from threats. Many solutions allow the user to download and process the content, but only give the user access once that downloaded content is scanned for threats. A strong, well connected threat protection network providing DNS level protection in the cloud uses no machine or human resources, and uses the best line of defense currently available. The response/reroute to a block page in this case is nearly instant and nearly no data is transacted between networks.
In short, protection at the DNS level is an IT Administrator’s best chance at not being up for 72 hours straight cleaning up an absolute mess on their network.
It is important to note that DNS protection is not the only form of defense needed in order to fully protect your devices, data, and people. DNS is a single layer of network protection in what should be a multi-layered strategy. Protecting your network at the DNS level does not mean you can forego adequate device-level protection. In many cases, there are cost considerations and you may have to choose one layer over the other, or choose a smaller threat intelligence network than what you would like to be using. These are the difficult security choices that IT professionals worldwide face every day.