COMPETITIVE COMPARISON AND EVALUATION OpenDNS Enterprise vs. Web Proxies or Firewall Filters OpenDNS (step 1) delivers Internet-wide security and Web filtering leading competitive solutions, (step 2) which rely on lower performance, less effective Web proxy or firewall filter platforms. Replacing these traditional heavyweight solutions can significantly reduce on-going maintenance and secure Internet connections faster from every device on any number of networks, anywhere (compare the first two rows below). Alternatively, adding OpenDNS will extend protection to unmanaged devices or network locations where existing solutions are cost prohibitive, as well as reduce much of the unwanted heavyweight traffic from configured devices and networks clogging your existing solutions (compare the last two rows below). LIGHTWEIGHT TRAFFIC STEP 1 STEP 2 HEAVYWEIGHT TRAFFIC OpenDNS AUTHORITATIVE SAFE, FAST, SMART, ALL DEVICES, NO CLIENT SECURE, FAST TCP SERVERS DNS SERVERS RELIABLE RESPONSES OR NETWORK CHANGES INTERNET CONNECTIONS AND SITES NO LATENCY NO BOTTLENECKS Web Proxy or Firewall Filter AUTHORITATIVE NOT ALWAYS RELIABLE, CLIENT SETTINGS/SOFTWARE SOME SECURE, BUT SLOW, TCP SERVERS DNS SERVERS CONSISTENT RESPONSES OR NETWORK TOPOLOGY CHANGES INTERNET CONNECTIONS AND SITES 1 OR MORE ISPs PROXY FILTER Web Proxy or Firewall Filter plus OpenDNS AUTHORITATIVE SAFE, FAST, SMART, ALL DEVICES, PLUS SECURE, FEWER SLOW, TCP SERVERS DNS SERVERS RELIABLE RESPONSES ANY EXISTING CHANGES INTERNET CONNECTIONS AND SITES PROXY FILTER OpenDNS protects every device, which supports Bring Your Own Device (BYOD) programs, and secures every Internet connection, via a user interface not bloated with unused, complex bells and whistles. Like Web proxies and firewall filters, OpenDNS filters inappropriate sites for compliance, yet can easily scale from 1 to 1000s of network locations. ! BENEFIT SOLUTION " OpenDNS In-the-cloud Web Proxies On-premises Web Proxies On-premises Firewall Filters Protect every on-net device without client or network changes # $ Easy to manage without any $ MANY REQUIRE NEW software or hardware to maintain # % ON-PREMISES TRAFFIC TO REDIRECT DEVICES Secure any Internet connection – any application, protocol or port # $ Filter inappropriate sites and grant overrides to select users # Scale to 1000s of network locations cost-effectively # $For more information please visit: www.opendns.com or call 877-811-2367
Many security vendors focus on its solutions’ efficacy to block threats,but gloss over its usability or performance.USABILITY It is not uncommon for Web proxies and firewall filters to take daysVendors often assume administrators are to weeks before it is effectively enforcing devices and reportinginvesting their time in addition to their activity. Add on training to learn how to manage all the complexorganization’s money to use the solution, bells and whistles, many which go unused, and on-goingso they do not focus on how easy it is to: maintenance to address performance or efficacy issues, and the ownership cost increases. OpenDNS can enforce every device – on • provision and setup, any network – and report activity within an hour of asking for an • enforce and report, evaluation trial. Our simple Web-based management interface and issue-free operation, means you set and forget it. • manage and maintain.PERFORMANCE Often Web proxies and firewall filters are deployed within theAlso, vendors often offer cryptic or rather network using a less redundant topology than if they never existed,meaningless specifications regarding the which can result in new points of failure. They add new hops forproduct’s performance, which do not Internet connections and/or processes applied to Internet traffic,always accurately reflect its: which can increase latency and decrease throughput; leading to less happy users. OpenDNS simply replaces a mandatory, already in-use • reliability and resiliency, service provided by Internet Service Providers (ISP). Our Anycast and • connection speed, and SmartCache technologies enable faster, more reliable Internet connections relative to most ISPs, by reducing hops and processes. • bandwidth throughput.EFFICACY Web proxies, in particular, provide minimal network coverageFinally, while vendors may claim they have depending on the setup of managed devices or networks. Oftensuperior threat intelligence and only traffic sent by configured browsers is protected; not Web-prevention, consider more completely its: based outbound botnet traffic from infected devices’ malicious software. The Web may be the most used protocol, but it is one • network coverage, amongst hundreds that threats utilize and proxies are blind to. • threat coverage, Firewalls often only filter by destination for Web traffic; some using a built-in Web proxy. Firewalls filtering other protocol or application • accuracy and traffic often do not distinguish between good or bad destinations timeliness. for this traffic. OpenDNS ensures that malware, phishing, inappropriate sites and botnets never touch your network, regardless of application, protocol, port or device. OpenDNS maximizes the return on your security investments. PE TY RF ILI OR AB LOW TCO, MA The evaluation matrix on the following page provides US HIGH ROI, N more detail on how OpenDNS’s in-the-cloud solution CE HAPPY USERS compares to Web proxies – delivered in-the-cloud or on- premises – or on-premises firewall filters. We believe that you will draw the same conclusions, that OpenDNS EFFICACY delivers a more usable, high performance and effective solution than competitors’ traditional solutions.
SOLUTION OPENDNS WEB PROXIES FIREWALL FILTERS Delivery • In-the-cloud • In-the-cloud • On-premises • On-premises PlatformUSABILITY • Lightweight DNS query • Receive and deploy • Receive and deploy • Heavyweight TCP traffic redirection without appliance per site appliance per site redirection per site network topology changes • Heavyweight TCP traffic • Significant configuration Provision • Requires network for 1 to 1000s of sites redirection per site to control network traffic & Setup • No appliances or client topology change, client • Requires network flow is likely required to software or setting software topology change, client migrate from current changes • No client setting changes software or changes firewall • Network-level granularity • User-level granularity via • Network-level granularity • User-level granularity via via public IP directory integration via internal IP directory integration Enforce • Grant override requires complex setup or • User-level granularity requires complex setup & Report permissions to users network-level granularity requires complex setup • Data retention limited by • Full data retention for 2 • Data retention often • Data retention limited by internal storage available years with no hidden fees limited or else extra fees internal storage available • Simple set and forget • Often security rules are • OS patch conflicts or • Complex and focused on • No OS patches or complex, and require upgrade downtime network management, not appliance upgrades fine-tuning to reduce • Often security rules are policy or security, so it is Manage & • No security rule tuning false positives/negatives complex and require fine- often confusing Maintain • SSL or auth. issues tuning • If SSL or auth. is • No site exceptions to address SSL decryption require frequent site • SSL or auth. issues included, then issues will or authentication issues exceptions require site exceptions require site exceptionsPERFORMANCE • No outages since launch • Many have had outages • Often reduced network • Sometimes reduced Reliability & in 2006 despite SLA redundancy in topology or network redundancy in Resiliency • Uses Anycast IPs • Lack Anycast IPs else expensive topology • No new latency • Adds new latency due to • May add new latency • Often reduced response • Adds new latency due to another intermediate hop depending on internal Connection time via SmartCache one or more intermediate • Spikes in traffic will processes and the Speed • Spikes in traffic will not hops cause noticeably slower number of add-on cause slower speeds speeds features enabled • Virtually unlimited via • Likely unlimited, but • Limited by resources • Limited by resources Bandwidth lightweight queries & heavyweight traffic available on appliance or available on appliance or Throughput responses redirection can be limited server; often a bottleneck serverEFFICACY • Depending on setup, only • Depending on setup, only • Any on-net device; • Any on-net device; managed devices and managed devices and managed or not managed or not configured browser configured browser • Filters by destination over Network • Filters by destination over applications applications HTTP/S, 80/443 Coverage any application, any • Filters by destination over • Filters by destination over • May include protocol or protocol and any port only HTTP/S and ports only HTTP/S and ports application filters, but 80/443 80/443 not by destination • Industry-leading • Ineffective outbound • Ineffective outbound outbound botnet protection due to protection due to • Outbound protection protection inadequate network inadequate network usually not a focus Threat • Inbound malware and coverage coverage • Inbound protection is Coverage phishing protection • Inbound protection use • Inbound protection use usually via 3rd-parties so • Web filtering categories proprietary and/or 3rd- proprietary and/or 3rd- efficacy is not controlled for regulatory & AUP party systems party systems • On-par Web filtering compliance • On-par Web filtering • On-par Web filtering • Proactive protection is • Not usually a core focus Accuracy & • Often need to fine-tune • Often need to fine-tune updated 24x7 via of business or products, security rules to prevent security rules to prevent Timeliness engineers and partners so accurate or timely inaccuracies inaccuracies • Very few false positives protection may suffer *Cisco acquired ScanSafe & IronPort For more information please visit: www.opendns.com or call 877-811-2367