The new feature, which according to Webroot is an industry first in DNS filtering products, is designed to prevent would-be attackers from viewing or tampering with DNS requests by encrypting them via the HTTPS protocol.
“OpenText is thrilled to deliver the first commercial DNS filtering service that combines privacy benefits with filtering controls,” said OpenText CEO and CTO Mark J. Barrenechea in a media statement. “By leveraging DNS-over-HTTPS (DoH), OpenText is raising the bar on cyber resilience strategies, allowing customers to protect their users, devices and networks from a new generation of threats.”
HTTPS traffic is safe from manipulation or snooping by malicious third parties, but leaves DNS requests open to unauthorized viewing.
“The problem with DNS is it exposes what you’re doing,” explains product manager and DNS expert Jonathan Barnett in a recent Webroot blog post. “If I can log a user’s DNS requests, I can see when they work, when they don’t, how often they use Facebook, the Sonos Speakers and Google Nests on their network, all of that. From a privacy perspective, it shows what on the internet is associating with me and my network.”
In addition, hackers can surreptitiously redirect unprotected DNS queries to their own servers, Barnett notes. DNS vulnerabilities are especially prevalent on the often poorly configured consumer-grade routers millions of work-from-home employees are using to connect with corporate resources at present due to the coronavirus pandemic, he adds.
Created by the Internet Engineering Task Force, DoH aims to use the same standard that cloaks HTTPS messages to keep DNS traffic private as well.
“Protection at the DNS layer is absolutely critical for organizations to prevent threats before they enter the network,” said Hal Lonas, senior vice president and CTO for SMB and consumer at OpenText, in prepared remarks. “But that security shouldn’t come at the expense of privacy. That’s why we created a service that allows both, that is still affordable and easy-to-operate, making it ideal for MSPs and SMBs who need this flexibility most.”
Adoption of DoH is growing across the IT industry. The feature has been enabled by default for U.S. users of Mozilla’s Firefox browser since February, and Google rolled out a public DoH service last year.
Webroot was acquired by data protection vendor Carbonite early in 2019. Carbonite, in turn, was purchased by OpenText for $1.42 billion last November in a bid to add SMB revenue and MSP partners to the vendor’s enterprise-heavy business.
According to Lonas in a recent conversation with ChannelPro, Webroot and Carbonite are currently working to combine their respective solutions into a “cyber resilience” portfolio with tightly integrated security and data protection capabilities.