New Security Offering – Sophos DNS Protection for Endpoints
Sophos has a significant enhancement to their service portfolio of cyber security. Last year, Sophos introduced DNS Protection for networks, which has since grown rapidly and is now approaching its 600 billionth query. Following this success, many of you requested a solution tailored for roaming endpoints, along with deeper visibility into DNS activity and support for DNS over HTTPS.
Today, we are excited to introduce the Early Access Program (EAP) for Sophos DNS Protection on Windows endpoints. This new offering provides advanced visibility into DNS queries, including detailed insights into which users and devices are initiating requests, as well as full support for DNS over HTTPS.
As a reminder, Sophos DNS Protection for Endpoints delivers an additional layer of transparent web security across all ports, protocols, and applications—helping ensure comprehensive protection wherever your users connect.
Sophos Central now offers the capability to deploy and activate DNS Protection on Windows endpoint devices. Following the deployment process, the DNS Protection agent operates by systematically intercepting all Domain Name System (DNS) queries generated by applications and programs on the protected Windows device. These DNS queries are securely transmitted to the closest Sophos DNS Protection resolver using the DNS over HTTPS (DoH) protocol, ensuring both data privacy and integrity during transit.
Once DNS traffic reaches the resolver, DNS Protection conducts a comprehensive analysis of each request to identify potential security threats and to verify compliance with the organization’s established access policies. Based on the assessment, the system either grants or denies access to the requested domains, thereby maintaining robust network security and enforcing policy adherence across all endpoints.
The DNS Protection policy framework within Sophos Central is designed to deliver extensive administrative control and flexibility. Key features include:
- Category-based rules that permit or restrict access to websites and services according to predefined content categories, enabling organizations to efficiently manage web usage and mitigate exposure to inappropriate or harmful content.
- Customizable domain allow lists and block lists, which provide administrators with the ability to specify particular domains that should always be accessible or explicitly prohibited, further refining the organization’s security posture.
- Options to enforce safe search functionalities on prominent search platforms such as Google, YouTube, and others, ensuring that users are shielded from inappropriate or unsafe search results while utilizing these services.
By leveraging these powerful policy controls, organizations can enhance their security infrastructure, promote compliance with usage guidelines, and safeguard users from a wide range of online threats.
All DNS queries from endpoint devices are logged with user and device names, helping identify issues and streamline security responses. It also improves data for XDR and MDR investigations.
Every DNS request from endpoint devices is recorded along with the associated user and device names, which aids in troubleshooting and speeds up security response efforts. This detailed logging also enhances the quality of information available for XDR and MDR investigations.
Sophos DNS Protection for Endpoints enhances online privacy and data integrity by supporting DNS over HTTPS (DoH). This advanced feature ensures that all DNS requests and responses are transmitted through a secure, encrypted tunnel using Transport Layer Security (TLS). As a result, sensitive information exchanged during DNS lookups is kept confidential, shielding it from the risks associated with network eavesdropping and malicious attacks. For example, threats like DNS cache poisoning—which exploit vulnerabilities in traditional, unencrypted DNS protocols—are effectively mitigated, helping to safeguard users from potential hijacking or manipulation of web traffic.
Currently, the capability to use DNS over HTTPS is available exclusively on Sophos DNS Protection for Endpoints. Users can take advantage of this technology to strengthen the security of their endpoint devices and ensure safer internet browsing experiences. Sophos has announced plans to extend this important security feature to Sophos Firewall soon, making it more widely accessible and further bolstering network protection across multiple environments. This upcoming integration demonstrates Sophos’s commitment to staying ahead of evolving cyber threats and providing comprehensive security solutions for both endpoints and network infrastructure.