(crosspost from /r/netsec)
From my perspective, the main value that DNS-layer security adds is that it could reduce the load on your web proxies and firewalls - since traffic flows to unwanted domains would, in effect, never be generated. With that being said, I'm not sure I that I see any other value that could be offered. It would seem to me that an SWG service combined with an NGFW would be able to enforce policy much better since they actually inspect content inline.
What do you think?
No comments:
Post a Comment