Home / Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Today's new age of ubiquitous connectivity has created an insatiable and growing demand among employees and consumers to be online with familiar systems and tools at all times. Employees are no longer satisfied with the limited choices in devices and tools provided to them by their corporate IT organizations. They want to use what they want, when they want. They believe that choosing their own devices and tools provides them with the highest level of comfort and efficiency. This desire to use personal devices in work environments, referred to as "bring your own device (BYOD)," coupled with the growing cyber-attack surface, poses significant challenges to IT organizations. These challenges are leading such organizations to ask themselves — Are we ready to support BYOD?

From a recent survey by Gartner, Inc.Of the many challenges that the trend of BYOD poses, including integration, cost, ROI, etc., the foremost challenge is security. Workers have a tendency to use their personal devices in unsecured environments where they may inadvertently click on phishing links or download files with malware embedded within, eventually bringing these infected devices back into their workplace and potentially infecting an organization's network. In fact, a recent survey conducted by Gartner showed that "a quarter of business users admitted to having had a security issue with their private device in 2013, but only 27 percent of those respondents felt obliged to report this to their employer." The same survey suggested that "around half of respondents regularly use their devices for social as well as productivity tasks," increasing the risk of malware and viruses on these devices. Regardless of the activity conducted on the personal device: email, social network, gaming, etc., one thing is clear — the threat landscape changes drastically when allowing BYOD on a company network.

Of the many options to manage BYOD on the network, IT organizations tend to choose one of the following two approaches: they either enact a policy prohibiting the use of BYODs, or install local clients on each device to track and monitor BYOD behavior. Each of these approaches comes with its own pros and cons.

By adopting a policy prohibiting BYOD on the network, organizations can ensure that their networks are protected from the threats these devices may bring. However, the prohibition of BYOD may have an effect on user productivity and overall employee satisfaction as employees will need to learn and adjust to organization-provided devices. In addition, organization-provided devices will result in increases in OpEx to the organization due to device and ongoing maintenance costs.

On the other hand, allowing BYOD but installing device-specific clients can protect an organization from employees' access to online threats and unwanted content. However, client installation can also burden the IT organization with management overhead, software licensing costs and poor device performance.

These two choices are at the extreme ends of the spectrum. When protecting your network from the threats of malware and preventing access to unwanted content, many organizations more than likely will adopt an approach that falls somewhere in between. One such approach is to implement the Verisign DNS Firewall.

Verisign DNS Firewall utilizes real-time in-depth country and regional threat feeds from its iDefense Security Intelligence Services. This DNS Firewall solution integrates proprietary predictive analytics as well as third-party feeds that filter out specific categories to complement the feeds from iDefense. The combination provides organizations with expanded coverage in an ever-evolving threat landscape. (Learn More)Protecting your network from malware threats arising from BYOD access to known, malicious sites can be as easy as changing your local DNS (recursive DNS) settings for your organization to point to Verisign. Through Verisign DNS Firewall, IT organizations can take advantage of an easy-to-configure cloud-based service that provides global threat protection. This is accomplished by blocking access to unwanted content, including known, malicious Internet sites, at the DNS level and by providing real-time alerts to security teams about potential threats like botnets and phishing attacks on their networks.

Verisign DNS Firewall uses real-time, in-depth country and regional threat feeds from Verisign's iDefense® Security Intelligence Services to block access to malware and command and control sites. Verisign DNS Firewall also integrates third-party feeds that complement the Verisign's iDefense® Security Intelligence Services feeds to provide added malware threat coverage as well as out-of-the-box content filters. In addition businesses can create their own whitelists and blacklists.

Once implemented, Verisign DNS Firewall helps protect devices within an organization's network by managing traffic navigation and providing particular alerts regarding attempted access to unwanted content, including known, malicious sites — all without the need to install individual clients on each device. This agentless installation can reduce the overall burden on security staff by removing maintenance costs and allowing resources to conduct proactive threat management.

Consider the following use case:

  • An employee uses their BYOD on the organization's network that is protected by Verisign DNS Firewall. Access to unwanted content is blocked, protecting both the device and network.
  • The employee goes home for the evening, migrating from the organization's network to another network and accesses a malware-infested site. The BYOD unknowingly becomes infected with malware and becomes part of a botnet.
  • The next morning, the employee's BYOD returns to the organization's network. Attempts by the botnet to access its command-and-control point are now blocked; the organization's security team is alerted of the potential threat and provided with the data needed to surgically remediate the issue.

The Verisign DNS Firewall doesn't solve all of the issues associated with BYOD on your network; however, it can reduce exposure to online threats by blocking BYODs' access to known, malicious sites while on your network. Verisign DNS Firewall does all of this while providing you with alerts and the other intelligence necessary to effectively manage the growing security risk through the use of BYODs.

For more information about Verisign DNS Firewall visit download this on-demand webinar or visit www.Verisign.com/dnsfirewall.


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: Cybersecurity, DNS, Malware, Networks


Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll