DNS Firewalls Could Prevent Billions in Losses to Cybercrime

New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.

Dark Reading logo in a gray background | Dark Reading

DNS protection could prevent approximately one-third of the total losses due to cybercrime – which translates into billions of dollars potentially saved.

According to "The Economic Value of DNS Security," a new report published by the Global Cyber Alliance (GCA), DNS firewalls could annually prevent between $19 billion and $37 billion in losses in the US and between $150 billion and $200 billion in losses globally. GCA used data about cybercrime losses from the Council of Economic Advisors and the Center for Strategic and Internation Studies as the basis for its GCA's estimates of how much DNS protection, such as a DNS firewall, could save the economy.

"The benefit from using a DNS firewall or protective DNS so exceeds the cost that it's something everyone should look at," says Philip Reitinger, GCA president and CEO. In many cases, he says, the DNS protection service or DNS firewall will be available at no cost to purchase or license.

But could any cost, no matter how small, be offset by the difficulty in deploying or managing the protection? Not likely. "In most cases, it will be extremely easy to do. There's no new software here," Reitinger says. When it comes to protecting endpoints, it could be as simple as changing the address used for DNS resolution in the computer's network settings. And for some companies, the adoption will be only slightly more difficult.

The only real difficulty, Reitinger says, comes if the firewall begins generating false-positives, blocking traffic to destinations that serve a legitimate business purpose. Should that happen, firewall rules will need to be manually overridden. "If you see people trying to going out to various services, you get to write the rules that allow or block the destination in spite of the firewall," he says.

One legitimate point of concern is the data on DNS traffic that the protection provider might collect, Reitinger adds. Knowing about an organization's traffic patterns provides a great deal of information about the organization itself, he says. In this case, asking serious questions of the provider before signing a contract or changing a resolution server address can prevent privacy concerns in the future.

Related Content:

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights