OpenDNS blocking C2 traffic - anyone have experience with this?

(Roger Wren) #1

We understand that OpenDNS will block C2 traffic and are wondering how effective this has been in helping prevent Ransomware attacks? Does anyone have any experience with Open DNS and can comment on its effectiveness?

(Dan) #2

I’ve used OpenDNS Umbrella for a little over a year with two separate companies. I look at it as another layer of protection that otherwise you would have nothing (DNS security). The reporting makes it easy to see who is doing what. It also is helpful in that we can block all DNS traffic except that which goes through OpenDNS to force all DNS traffic to be monitored. The content filtering works well enough.

One negative is it is not as flexible in the reports as I would want. Specifically we allow our spam firewall unlimited access to sites OpenDNS would normally prevent, so that it functions properly in checking email links, etc. However there is no way to remove it from reports, causing it to always appear in Malware/Botnet reports.

The roaming client is nice and makes it easy to filter, monitor, and protect off network laptops.

I have never had an ransomeware incident or virus incident with a company using OpenDNS, so can’t comment on how it handle it.

One last thing. They don’t advertise it anymore, but you can use it as a basic Ad-blocker as well. Just load up the DNS block list with known advertisers and most disappear off your network. One less inroad for malicious content is how I look at it.

(Roger Wren) #3

Thanks, Dan, for that very helpful reply!