Skip to main content

Protective DNS (pDNS): Your First and Fastest Line of Defense

The Challenge and Our Solution

Every connection your business makes to the internet starts with a simple request. Unfortunately, attackers exploit this fundamental process to lead your employees to malicious websites, launch phishing attacks, and deliver ransomware. Most businesses have no visibility into this activity, leaving a wide-open gateway for threats to enter their network before their firewalls or antivirus can even react. This foundational blind spot is one of the most common and dangerous security risks today.

Total Assure's Protective DNS (pDNS) service is the solution. We provide a powerful, cloud-based security layer that monitors and filters your internet traffic at the earliest possible moment. Our service automatically blocks connections to malicious and unwanted destinations before they can be established. The key benefits are immediate and impactful: gain instant protection against a huge volume of threats, enforce acceptable use policies across your entire network, and do it all without slowing down your internet.

How It Works: Simple, Fast, and Incredibly Effective

Our Protective DNS service is one of the most powerful yet elegantly simple security solutions you can deploy. It works by leveraging the very first step of every internet connection: the Domain Name System (DNS) request.

Our Process Overview:

Our methodology is a continuous, four-stage cycle:

Stage 1

DNS Request Interception

When a user types a URL into their browser, their computer sends a DNS query to find the corresponding IP address. By default, this request usually goes to an unfiltered server provided by an Internet Service Provider (ISP).

Stage 2

Request Rerouting

Our pDNS service works by simply rerouting this request. Instead of going to the ISP's DNS server, it's sent to our global network of secure, intelligent DNS resolvers.

Stage 3

Threat Analysis

Once the request hits our platform, it's instantly compared against a massive, continuously updated database of threats.

Stage 4

Blocking or Resolution

If the requested domain is known to host malware, ransomware, or a phishing site, we block the connection and prevent the user from ever reaching the dangerous destination. If the domain is safe, the request is resolved in milliseconds and the user connects as normal, experiencing no delay.

Technology and Timeline:

We utilize a globally distributed, anycast network that ensures your DNS requests are always answered by the closest, fastest server, no matter where your users are located. Our platform is powered by advanced machine learning and AI, which constantly analyzes new domains to identify emerging threats in real time. The core technology is pure cloud; there is no hardware to install and no software to maintain.

Our implementation timeline is measured in minutes, not weeks:

Initial Contact
We hold a brief kick-off call to understand your organization's structure (offices, remote users) and content filtering needs.
Configuration (Under 30 minutes)
We provide you with two IP addresses for our secure DNS servers. Your IT team simply updates the DNS forwarder settings in your network routers to point to our addresses. For remote users, we can deploy a lightweight roaming client to their laptops.
Immediate Protection
The moment the change is saved, your entire network is protected. Every device that uses your network to connect to the internet is instantly covered. The entire process, from start to finish, can be completed in less than an hour, making it one of the fastest security deployments possible.

Features & Benefits: Powerful Control with Ultimate Simplicity

Our Protective DNS service is packed with enterprise-grade features that provide immediate, tangible value to your organization's security and productivity.

Feature
Detailed Description
Business Impact & Benefit
Real-time Threat Blocking
Our platform uses AI-driven threat intelligence to block access to domains associated with malware, ransomware, phishing, botnets, and other malicious infrastructure in real time.
Dramatically Reduced Risk. You prevent the vast majority of threats from ever reaching your network perimeter, reducing the burden on your other security tools and lowering the chance of a successful breach.
Granular Content Filtering
We provide numerous categories of content (e.g., adult, gambling, social media) that you can choose to block, allowing you to create and enforce acceptable use policies for your network.
Increased Productivity & Compliance. You can ensure a safe and productive work environment by blocking time-wasting or inappropriate content, and maintain compliance with regulations like CIPA for schools.
Full Visibility & Reporting
Our intuitive dashboard provides a live view of all DNS traffic across your organization. You can see top requested domains, blocked threats, and trends by user or location.
Actionable Security Intelligence. You gain valuable insight into your network's activity, helping you identify risky user behavior, discover shadow IT applications, and demonstrate the value of your security program.
Protection for All Devices
The service protects every device that uses your network (laptops, servers, tablets, smartphones, and even IoT devices) without requiring software installation on each one.
Comprehensive Coverage. You secure your entire network ecosystem, including devices that can't run traditional security software, closing a common and often overlooked security gap.
Roaming Client for Off-Network Protection
A lightweight client extends the same protection and filtering policies to your remote and traveling employees, ensuring they are secure no matter where they connect from.
Secure Your Remote Workforce. You can enforce a consistent security policy for all users, closing the security gap created by a hybrid workforce and protecting them from threats on public Wi-Fi.

The return on investment (ROI) for Protective DNS is exceptionally high due to its low cost and massive impact. The ROI is measured in the prevention of costly security incidents like ransomware and data breaches, reduced malware cleanup time for your IT team, and increased employee productivity. By stopping threats at the earliest possible stage, you create significant operational efficiencies.

Frequently Asked Questions

Q1: How is this different from the DNS I'm already using from my ISP?

Your ISP's DNS service is designed only to resolve domain names; it offers no security. Our Protective DNS service is a security-first platform that inspects every request and blocks connections to malicious destinations, acting as a protective filter for your entire organization.

Q2: Will using this service slow down our internet connection?

No. In fact, many of our clients experience faster internet performance. Our global anycast network is often faster and more reliable than the DNS provided by local ISPs. The security filtering process adds no perceptible latency.

Q3: Can we set different filtering policies for different user groups?

Yes. You can create multiple policies and apply them based on user groups or network segments. For example, you can have a strict policy for your general staff but a more lenient one for your marketing team, giving you granular control.

Q4: What happens when a user tries to go to a blocked site?

Instead of connecting to the malicious site, the user is redirected to a safe, customizable block page that informs them why the site was blocked and provides information on who to contact within your organization if they believe it's an error.

Q5: Does this protect us from all threats?

Protective DNS is an incredibly powerful first line of defense that blocks a massive volume of threats. However, no single solution can stop 100% of attacks. It is a foundational component of a defense-in-depth strategy and should be layered with other security controls like EDR and advanced email security.

Why Choose Total Assure for Protective DNS?

While the concept of DNS filtering is straightforward, the effectiveness is in the intelligence. Our key differentiator is the quality and speed of our threat intelligence feed. We use an AI-driven approach that identifies and blocks newly created malicious domains in real time, protecting you from zero-day attacks faster than providers relying on static blocklists.

Related Services That Build on a Secure Foundation

Protective DNS is the perfect starting point for a layered security strategy and enhances the effectiveness of our other services.

Managed Detection & Response (MDR)

Our 24/7 SOC team monitors your environment, hunting for threats and responding to incidents before they can cause damage.

Managed Email Security (MES)

Protect your organization from phishing, malware, and other email-based threats with our comprehensive email security solution.

Endpoint Detection & Response (EDR)

Advanced endpoint protection that detects and responds to threats in real-time, keeping your devices secure.

We can bundle these services to provide a comprehensive and cost-effective security solution.

Activate Your First Line of Defense Today

Ready to block threats at the earliest possible moment and gain immediate visibility into your internet traffic?