COMPETITIVE COMPARISON AND EVALUATION

For more information please visit: www.opendns.com or call 877-811-2367

OpenDNS Enterprise vs. Web Proxies or Firewall Filters OpenDNS (step 1) delivers Internet-wide security and Web filtering leading competitive solutions, (step 2) which rely on lower performance, less effective Web proxy or firewall filter platforms.

Replacing these traditional heavyweight solutions can significantly reduce on-going maintenance and secure Internet connections faster from every device on any number of networks, anywhere (compare the first two rows below). Alternatively, adding OpenDNS will extend protection to unmanaged devices or network locations where existing solutions are cost prohibitive, as well as reduce much of the unwanted heavyweight traffic from configured devices and networks clogging your existing solutions (compare the last two rows below).

OpenDNS protects every device, which supports Bring Your Own Device (BYOD) programs, and secures every Internet connection, via a user interface not bloated with unused, complex bells and whistles. Like Web proxies and firewall filters, OpenDNS filters inappropriate sites for compliance, yet can easily scale from 1 to 1000s of network locations.

SAFE, FAST, SMART, RELIABLE RESPONSES

AUTHORITATIVE DNS SERVERS

SECURE, FEWER SLOW, INTERNET CONNECTIONS

TCP SERVERS AND SITES

ALL DEVICES, PLUS ANY EXISTING CHANGES

Web Proxy or Firewall Filter plus OpenDNS

NOT ALWAYS RELIABLE, CONSISTENT RESPONSES

1 OR MORE ISPs

AUTHORITATIVE DNS SERVERS

SOME SECURE, BUT SLOW, INTERNET CONNECTIONS

TCP SERVERS AND SITES

CLIENT SETTINGS/SOFTWARE OR NETWORK TOPOLOGY CHANGES

Web Proxy or Firewall Filter

SAFE, FAST, SMART, RELIABLE RESPONSES

AUTHORITATIVE DNS SERVERS

SECURE, FAST INTERNET CONNECTIONS

NO LATENCY NO BOTTLENECKS

TCP SERVERS AND SITES

ALL DEVICES, NO CLIENT OR NETWORK CHANGES

OpenDNS

STEP 1 HEAVYWEIGHT TRAFFIC STEP 2 LIGHTWEIGHT TRAFFIC

FILTER PROXY

PROXY FILTER

! BENEFIT SOLUTION " OpenDNS In-the-cloud Web Proxies On-premises Web Proxies On-premises Firewall Filters

Protect every on-net device without client or network changes # $

Easy to manage without any software or hardware to maintain # % $ Secure any Internet connection – any application, protocol or port # $

Filter inappropriate sites and grant overrides to select users #

Scale to 1000s of network locations cost-effectively # $

MANY REQUIRE NEW ON-PREMISES DEVICES TO REDIRECT TRAFFIC

Many security vendors focus on its solutions’ efficacy to block threats, but gloss over its usability or performance.

USABILITY

Vendors often assume administrators are investing their time in addition to their organization’s money to use the solution, so they do not focus on how easy it is to:

• provision and setup,

• enforce and report,

• manage and maintain.

It is not uncommon for Web proxies and firewall filters to take days to weeks before it is effectively enforcing devices and reporting activity. Add on training to learn how to manage all the complex bells and whistles, many which go unused, and on-going maintenance to address performance or efficacy issues, and the ownership cost increases. OpenDNS can enforce every device – on any network – and report activity within an hour of asking for an evaluation trial. Our simple Web-based management interface and issue-free operation, means you set and forget it.

PERFORMANCE

Also, vendors often offer cryptic or rather meaningless specifications regarding the product’s performance, which do not always accurately reflect its:

• reliability and resiliency,

• connection speed, and

• bandwidth throughput.

Often Web proxies and firewall filters are deployed within the network using a less redundant topology than if they never existed, which can result in new points of failure. They add new hops for Internet connections and/or processes applied to Internet traffic, which can increase latency and decrease throughput; leading to less happy users. OpenDNS simply replaces a mandatory, already in-use service provided by Internet Service Providers (ISP). Our Anycast and SmartCache technologies enable faster, more reliable Internet connections relative to most ISPs, by reducing hops and processes.

EFFICACY

Finally, while vendors may claim they have superior threat intelligence and prevention, consider more completely its:

• network coverage,

• threat coverage,

• accuracy and timeliness.

Web proxies, in particular, provide minimal network coverage depending on the setup of managed devices or networks. Often only traffic sent by configured browsers is protected; not Web-based outbound botnet traffic from infected devices’ malicious software. The Web may be the most used protocol, but it is one amongst hundreds that threats utilize and proxies are blind to. Firewalls often only filter by destination for Web traffic; some using a built-in Web proxy. Firewalls filtering other protocol or application traffic often do not distinguish between good or bad destinations for this traffic. OpenDNS ensures that malware, phishing, inappropriate sites and botnets never touch your network, regardless of application, protocol, port or device. OpenDNS maximizes the return on your security investments.

The evaluation matrix on the following page provides more detail on how OpenDNS’s in-the-cloud solution compares to Web proxies – delivered in-the-cloud or on-premises – or on-premises firewall filters. We believe that you will draw the same conclusions, that OpenDNS delivers a more usable, high performance and effective solution than competitors’ traditional solutions.

EFFICACY

USAB

ILITY

PERFORMANCE

LOW TCO, HIGH ROI,

HAPPY USERS

For more information please visit: www.opendns.com or call 877-811-2367

SOLUTION OPENDNS WEB PROXIES FIREWALL FILTERS

Delivery Platform

• In-the-cloud • In-the-cloud • On-premises • On-premises

USABILITY

Provision & Setup

• Lightweight DNS query redirection without network topology changes for 1 to 1000s of sites

• No appliances or client software

• No client setting changes

• Heavyweight TCP traffic redirection per site

• Requires network topology change, client software or setting changes

• Receive and deploy appliance per site

• Heavyweight TCP traffic redirection per site

• Requires network topology change, client software or changes

• Receive and deploy appliance per site

• Significant configuration to control network traffic flow is likely required to migrate from current firewall

Enforce & Report

• Network-level granularity via public IP

• Grant override permissions to users

• Full data retention for 2 years with no hidden fees

• User-level granularity via directory integration requires complex setup or network-level granularity

• Data retention often limited or else extra fees

• User-level granularity via directory integration requires complex setup

• Data retention limited by internal storage available

• Network-level granularity via internal IP

• User-level granularity requires complex setup

• Data retention limited by internal storage available

Manage & Maintain

• Simple set and forget

• No OS patches or appliance upgrades

• No security rule tuning

• No site exceptions to address SSL decryption or authentication issues

• Often security rules are complex, and require fine-tuning to reduce false positives/negatives

• SSL or auth. issues require frequent site exceptions

• OS patch conflicts or upgrade downtime

• Often security rules are complex and require fine-tuning

• SSL or auth. issues require site exceptions

• Complex and focused on network management, not policy or security, so it is often confusing

• If SSL or auth. is included, then issues will require site exceptions

PERFORMANCE

Reliability & Resiliency

• No outages since launch in 2006

• Uses Anycast IPs

• Many have had outages despite SLA

• Lack Anycast IPs

• Often reduced network redundancy in topology or else expensive

• Sometimes reduced network redundancy in topology

Connection Speed

• No new latency

• Often reduced response time via SmartCache

• Spikes in traffic will not cause slower speeds

• Adds new latency due to one or more intermediate hops

• Adds new latency due to another intermediate hop

• Spikes in traffic will cause noticeably slower speeds

• May add new latency depending on internal processes and the number of add-on features enabled

Bandwidth Throughput

• Virtually unlimited via lightweight queries & responses

• Likely unlimited, but heavyweight traffic redirection can be limited

• Limited by resources available on appliance or server; often a bottleneck

• Limited by resources available on appliance or server

EFFICACY

Network Coverage

• Any on-net device; managed or not

• Filters by destination over any application, any protocol and any port

• Depending on setup, only managed devices and configured browser applications

• Filters by destination over only HTTP/S and ports 80/443

• Depending on setup, only managed devices and configured browser applications

• Filters by destination over only HTTP/S and ports 80/443

• Any on-net device; managed or not

• Filters by destination over HTTP/S, 80/443

• May include protocol or application filters, but not by destination

Threat Coverage

• Industry-leading outbound botnet protection

• Inbound malware and phishing protection

• Web filtering categories for regulatory & AUP compliance

• Ineffective outbound protection due to inadequate network coverage

• Inbound protection use proprietary and/or 3rd-party systems

• On-par Web filtering

• Ineffective outbound protection due to inadequate network coverage

• Inbound protection use proprietary and/or 3rd-party systems

• On-par Web filtering

• Outbound protection usually not a focus

• Inbound protection is usually via 3rd-parties so efficacy is not controlled

• On-par Web filtering

Accuracy & Timeliness

• Proactive protection is updated 24x7 via engineers and partners

• Very few false positives

• Often need to fine-tune security rules to prevent inaccuracies

• Often need to fine-tune security rules to prevent inaccuracies

• Not usually a core focus of business or products, so accurate or timely protection may suffer

*Cisco acquired ScanSafe & IronPort