Protect Your Network from BYOD Malware Threats with the Verisign DNS Firewall

Today’s new age of ubiquitous connectivity has created an insatiable and growing demand among employees and consumers to be online with familiar systems and tools at all times. Employees are no longer satisfied with the limited choices in devices and tools provided to them by their corporate IT organizations. They want to use what they want,when they want. They believe that choosing their own devices and tools provides them with the highest level of comfort and efficiency. This desire to use personal devices in work environments, referred to as “bring your own device (BYOD),” coupled with the growing cyber-attack surface, poses significant challenges to IT organizations. These challenges are leading such organizations to ask themselves – Are we ready to support BYOD?

Of the many challenges that the trend of BYOD poses, including integration, cost, ROI, etc., the foremost challenge is security. Workers have a tendency to use their personal devices in unsecured environments where they may inadvertently click on phishing links or download files with malware embedded within, eventually bringing these infected devices back into their workplace and potentially infecting an organization’s network. In fact, a recent survey conducted by Gartner showed that “a quarter of business users admitted to having had a security issue with their private device in 2013, but only 27 percent of those respondents felt obliged to report this to their employer.” The same survey suggested that “around half of respondents regularly use their devices for social as well as productivity tasks,” increasing the risk of malware and viruses on these devices. Regardless of the activity conducted on the personal device: email, social network, gaming, etc., one thing is clear – the threat landscape changes drastically when allowing BYOD on a company network.

Of the many options to manage BYOD on the network, IT organizations tend to choose one of the following two approaches: they either enact a policy prohibiting the use of BYODs, or install local clients on each device to track and monitor BYOD behavior. Each of these approaches comes with its own pros and cons.


By adopting a policy prohibiting BYOD on the network, organizations can ensure that their networks are protected from the threats these devices may bring. However, the prohibition of BYOD may have an effect on user productivity and overall employee satisfaction as employees will need to learn and adjust to organization-provided devices. In addition, organization-provided devices will result in increases in OpEx to the organization due to device and ongoing maintenance costs.


On the other hand, allowing BYOD but installing device-specific clients can protect an organization from employees’ access to online threats and unwanted content. However, client installation can also burden the IT organization with management overhead, software licensing costs and poor device performance.

These two choices are at the extreme ends of the spectrum. When protecting your network from the threats of malware and preventing access to unwanted content, many organizations more than likely will adopt an approach that falls somewhere in between. One such approach is to implement the Verisign DNS Firewall.


Protecting your network from malware threats arising from BYOD access to known, malicious sites can be as easy as changing your local DNS (recursive DNS) settings for your organization to point to Verisign. Through Verisign DNS Firewall, IT organizations can take advantage of an easy-to-configure cloud-based service that provides global threat protection. This is accomplished by blocking access to unwanted content, including known, malicious Internet sites, at the DNS level and by providing real-time alerts to security teams about potential threats like botnets and phishing attacks on their networks.

Verisign DNS Firewall uses real-time, in-depth country and regional threat feeds from Verisign’s iDefense® Security Intelligence Services to block access to malware and command and control sites. Verisign DNS Firewall also integrates third-party feeds that complement the Verisign’s iDefense® Security Intelligence Services feeds to provide added malware threat coverage as well as out-of-the-box content filters. In addition businesses can create their own whitelists and blacklists.

Once implemented, Verisign DNS Firewall helps protect devices within an organization’s network by managing traffic navigation and providing particular alerts regarding attempted access to unwanted content, including known, malicious sites – all without the need to install individual clients on each device. This agentless installation can reduce the overall burden on security staff by removing maintenance costs and allowing resources to conduct proactive threat management.


  • An employee uses their BYOD on the organization’s network that is protected by Verisign DNS Firewall. Access to unwanted content is blocked, protecting both the device and network.
  • The employee goes home for the evening, migrating from the organization’s network to another network and accesses a malware-infested site. The BYOD unknowingly becomes infected with malware and becomes part of a botnet.
  • The next morning, the employee’s BYOD returns to the organization’s network. Attempts by the botnet to access its command-and-control point are now blocked; the organization’s security team is alerted of the potential threat and provided with the data needed to surgically remediate the issue.

The Verisign DNS Firewall doesn’t solve all of the issues associated with BYOD on your network; however, it can reduce exposure to online threats by blocking BYODs’ access to known, malicious sites while on your network. Verisign DNS Firewall does all of this while providing you with alerts and the other intelligence necessary to effectively manage the growing security risk through the use of BYODs.

For more information about Verisign DNS Firewall visit download this on-demand webinar or visit


Michael Kaczmarek

Vice President, Product and Marketing Michael Kaczmarek heads product management and marketing for Verisign’s Security Services product suite. He is responsible for developing the vision, strategies, and tactics for the successful launch and expansion of products into new and existing markets. Michael has been with Verisign for more than 16 years and has served in various capacities including director of... Read More →