Businesses turn to DNS service to filter the Web

OpenDNS plans to offer a new service for the enterprise by year's end

For National Veterinary Associates, the decision to block the Web was sealed with a virus.

It was about three years ago. One of the company's 120 pet hospital offices got hit with a Web-born virus.

Already concerned that employees may be spending too much time on social networking sites, management decided that it was time to rein in Web surfing with some strict controls over where users could go on the Internet.

"From that point, we just threw in the towel and said no more," said Aaron Brown, a technology project specialist with the company.

Brown's story isn't unique. The Web has become a dangerous place of late. According to security vendor Webroot, Web attacks are up 500 percent over the past two years, and 85 percent of malicious software is now distributed via the Web.

That's made Web blocking more important to business customers, but sometimes products that do this are too expensive or complex.

Three-year-old OpenDNS is best known as a free ad-based filtering service that is popular with schools, small businesses and home users.

But last year, the company hired a new CEO, VMware's former security chief Nand Mulchandani.

Under his leadership, it has begun selling its services to larger companies like National Veterinary Associates, a company in Westlake Village, California, that employs about 2,200 people.

On Monday, the company started talking about a new product, OpenDNS Enterprise, which it says it will ship by year's end to be sold on either a per-user or per-site basis.

OpenDNS is also working on an ad-free consumer service that will cost less than US$20 per year.

Like the free service it's based on, OpenDNS Enterprise does not have all of the features that enterprise users can get from a larger company such as Websense.

But because it uses the DNS (Domain Name System) system to do the filtering, it's extremely lightweight -- administrators turn it on by making some basic settings changes in the PC or router -- and it's less expensive than many products out there.

That's made it a good choice for administrators who have to remotely manage systems in a lot of locations.

It may also give it some traction with small- and medium-sized businesses, which have not been particularly well-served by many Web filtering vendors, according to Paul Roberts, an analyst with the 451 Group.

As they look to renew licensees this year, "secure Web gateway vendors, whether it's Websense or Blue Coat, are encountering push-back," Roberts said. "Part of it is the economy and part of it is that there are other options."

Cosmetics retailer Lush started rolling out the free version of OpenDNS in all of its 150 North American retail stores about six months ago, in an effort to keep sales staff focused on customers.

"A lot of people were browsing to places like Facebook and watching videos and stuff when they were actually supposed to be working," said Dale Hobbs, senior systems administrator with Lush in Vancouver, British Columbia.

Management wanted to rein in Web use, but most of the Web filtering products they considered required some kind of software or hardware installation. That would take time and money, Hobbs said.

"For us to go in and install new appliances in every single shop was not financially feasible," he said.

Instead, IT staffers remotely logged into Windows systems, changed their settings so that they would use Open DNS servers, and then logged out. Typically it took just a few minutes, Hobbs said.

"It was very easy for us to remote in to every one of our computers and just configure them for OpenDNS."

OpenDNS CTO David Ulevitch wouldn't say exactly what new features you'll get with OpenDNS Enterprise, but he said that it will come with a 24x7 support upgrade option and give users more control over how they filter sites.

The free version of OpenDNS caps the number of Web sites that can be "whitelisted" at 25, and it doesn't let users globally blacklist all unknown sites. Lush is now taking a look at OpenDNS Enterprise, which will let the company block all but a select group of pre-approved sites and whitelist many more, Hobbs said.

National Veterinary Associates has already purchased OpenDNS Enterprise, one of about 25 customers to do so as part of the company's early access program. Brown says that the enterprise version's improved reporting features and better level of filtering control make it worth the money.

But will other enterprises sign on as well? Ulevitch hopes so.

He says that the company's experience providing a consumer service will help it pick up new business in the long run. "Consumers are super-finicky and fickle. If you can make them happy, then it will be easy to make an enterprise happy."

"When AT&T 's service goes down, there's an FTC investigation," he added. "When the phones of the office go down, people just get a coffee or play ping pong."

Join the CSO newsletter!

Error: Please check your email address.

Tags OpenDNSinternet filteringDNS

More about AT&TAT&TBlue Coat SystemsFacebookFTCVMware AustraliaWebrootWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts