Students’ attempts to access restricted content using unsafe proxy services expose them and their schools to cyber risks

WASHINGTON, D.C. – Nov. 25, 2025 – New research from DNSFilter finds that school networks are becoming high-volume targets for proxy-borne threats, credential theft, malicious extensions and phishing ecosystems. Data from the company’s networks reveals the growing risks posed by misused web proxies and filter-avoidance tools in schools.

Due to cell phone bans in multiple states, students are more likely to use their school-issued devices for activities they’d normally attempt on their personal phones. As students increasingly try to bypass school security controls – often to access social media, gaming sites or blocked content – they’re unwittingly exposing themselves and school networks to risks like account compromise, malware, credential theft, blackmail scams, and broader system vulnerabilities.

Analysis of traffic on DNSFilter’s network found:

• Traffic to proxy and filter avoidance categories spiked 83% on November 9, 2025, compared to the previous 12-month average. Proxy and filter-avoidance is defined as using methods and tools to bypass blocked or censored content on networks.
• Overall, malicious gaming-related domains increased 462% on Sept. 22, 2025 compared to the previous 12-month average.
• In relation to attempts to bypass security controls, the education industry ranked third highest in proxy/filter-avoidance requests in October 2025.
• A 295% spike on Nov.8, 2025 in domains containing the term “roblox,” a popular online game that’s come under scrutiny for enabling adults to converse with children through the platform.

These findings underscore how schools are facing rapidly escalating cybersecurity risks, largely driven by students’ attempts to access restricted content using unsafe proxy services. These attempts are not harmless workarounds; they are now a major threat vector.

Traditional content filtering alone is no longer sufficient. Students are increasingly aware of circumvention methods, and attackers exploit this behavior to gain access to accounts and potentially entire school IT systems. Children and teens are uniquely vulnerable, making them prime targets for social engineering, scams, identity theft or harassment.

Awareness of the risks helps schools strengthen cybersecurity policies, improve filtering and reduce successful student circumvention attempts. Using the threat insights, schools can proactively block proxy/avoidance domains, detect suspicious patterns (e.g., unsafe gaming extensions), and protect student data and campus systems. Concrete data empowers IT teams to anticipate threat spikes, allocate resources and justify budgets for improved filtering and monitoring tools. Read more in our blog here.

Gregg Jones, intelligence analyst, DNSFilter, said: “Proxy misuse is emerging as a serious and growing attack vector inside school environments, and the industry must treat it like the frontline threat it has become. Cybersecurity strategies in K–12 and higher education must expand to focus on DNS filtering, proactive detection of proxy use, better student education, and more compassionate in-class device policies that reduce the incentive to circumvent controls.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

Media Contact

Shannon Van Every

Force4 Technology Communications

WASHINGTON, D.C. — Nov. 4, 2025  — DNSFilter, a global leader in protective DNS and content filtering, announced today a strategic partnership with Midis Group to provide enhanced cybersecurity solutions to customers across Eastern Europe, the Middle East and Africa. This partnership will empower organizations in these regions to safeguard their networks against evolving online threats through a cutting-edge, cloud-based platform known for its real-time threat detection and intuitive management.

DNSFilter’s unique approach leverages artificial intelligence to identify and block malicious domains, reducing cybersecurity risks. By integrating DNSFilter’s robust solution with Midis Groups’ expansive network of value-added distribution, service providers and in-territory experts, customers will now benefit from more reliable, proactive protection against threats such as phishing, malware and ransomware.

Midis Group is a trusted go-to-market partner for leading global technology vendors, including  Apple, Hewlett Packard Enterprise (HPE), IBM, Google, Cloud Software Group (Citrix), Broadcom and Dell Technologies. These partners leverage the company’s deep local expertise in technology and business to accelerate their regional growth.

The partnership aims to provide organizations of all sizes with advanced DNS-layer security, enhancing their ability to prevent and respond to potential attacks. Through DNSFilter’s innovative technology, customers in these regions can better integrate a seamless, protective experience that doesn’t compromise speed or performance. As cybersecurity becomes more complex, DNS-layer security is crucial for organizations aiming to prevent cyberattacks before they infiltrate the network.

Ernest Sales, President Local Office, Midis Group, said: “Partnering with DNSFilter enhances our security portfolio and enables us to better meet our customers’ needs for faster and more accurate threat protection. Together, Midis Group and DNSFilter are committed to ensuring a safer digital experience and helping organizations strengthen their defenses against cybercrime.”

Ken Carnesi, CEO and co-founder, DNSFilter, said: “Our partnership with Midis Group and the opening of our new Dubai office mark a significant milestone in DNSFilter’s commitment to the EMEA region. The Middle East and broader EMEA is a key market for secure DNS protection, and establishing a permanent presence here allows us to better serve our partners and customers. This partnership reflects our long-term investment in the region and our goal to build deep, lasting relationships with local enterprises and service providers.”

About Midis Group
With more than 6700 professionals, some 100 of the world’s leading technology vendors, and a solid 50-year track record of performance and reliability, the Midis Group is a multinational organization comprised of over 175 companies across Europe, Middle East and Africa. The group is known for its advanced offering of managed IT services and consultancy, system integration, cloud and data center capabilities and infrastructure, software, and hardware solutions, as well as technology distribution and retail. The Midis Group was named in 2006 as one of the World Economic Forum’s initial 100 Global Growth Companies. For more information, visit www.midisgroup.com.

About DNSFilter
DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

WASHINGTON, D.C. – Oct. 23, 2025 – Amid the near four-year high unemployment rate, new research from DNSFilter finds that scams related to hiring are proliferating. New data from the company’s networks shows an alarming trend in domain activity related to domains that include terms like “careers,” “hiring,” “jobs,” and “talent,” which have seen a significant uptick since the start of 2025.

These new insights from DNSFilter underscore the need for job seekers, who average 180 job applications to land a single offer, to remain vigilant when navigating job boards and receiving messages from so-called recruiters.

Over the last 6 months:

• 8,724 domains containing the word “jobs” have been found to be malicious.
• 1, 161 domains containing the word “careers” have been found to be malicious.
• 88% of malicious domains containing hiring-related keywords were newly registered or newly observed.
• 86% of all domains using the word “jobs” and that were determined to be malicious were either newly registered or newly observed.

Researchers also discovered that a number of suspicious domain practices are being used to lure victims into clicking malicious links, including:

• Excessive hyphens or long-winded URLs designed to resemble legitimate job portals.
• Fake domains mimicking trusted hiring platforms or containing urgent-sounding phrases.
• Odd top-level domains (TLDs) and country code TLDs (ccTLDs) not commonly used for business (e.g., .top, .tk, .ml, .xyz, .af).

Attackers are increasingly registering new domains in short bursts to evade detection, following them up with phishing campaigns containing those links to target job seekers, human resources teams and recruitment platforms.

Job seekers and organizations can help protect themselves from these types of hiring scams by remembering to:

• Be skeptical of unsolicited job offers or job boards with unfamiliar URLs.
• Check domain names carefully and avoid clicking on links with excessive hyphens or strange extensions.
• Organizations should monitor DNS traffic for spikes in unknown employment-related domains and update threat detection rules accordingly.

Gregg Jones, intelligence analyst lead, DNSFilter, said: “All aspects of our lives are vulnerable to bad actors given the right mix of emotions, timing, and environmental factors. Being vulnerable to a scam can take many forms, often in ways we least expect. Taking stock of things that seem too good to be true and implementing security best practices are key to reducing unexpected angles of exploitation.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

WASHINGTON, D.C. – Sept. 30 2025 – DNSFilter is celebrating its 10^th anniversary, just in time for Cybersecurity Awareness Month. Trusted by over 43,000 organizations, the company has seen significant growth and industry recognition, underscoring the strength of its vision and the successful execution of its protective DNS platform.

DNSFilter was founded after its CEO and co-founder, Ken Carnesi, became frustrated with existing protective DNS solutions. He set out to build one he could trust for himself and his MSP clients. From just three employees and an idea, DNSFilter has grown to a leader in the protective DNS space, expanding its headcount by 4800% and maintaining consistent growth.

Over the past decade, DNSFilter has continued to build on the vision of Carnesi and co-founder Brian Gillis: to create the most effective threat-blocking solution that’s also easy to use and comes with world-class support. In a testament to those efforts, DNSFilter’s recent milestones and successes include:

• Increased sales growth by roughly 800% over the past five years.
• Extended its ability to process larger volumes of queries to today’s rate of 180 billion queries processed daily, a 180x increase from just five years ago.
• CEO Ken Carnesi was named a Washingtonian Tech Titan for the second year in a row
• Recognized as Best Network Security Solution by the Tech Ascension Awards, which recognize the most groundbreaking technologies advancing cybersecurity.
• Acquired three companies, the most recent being Zorus, a provider of endpoint-based web filtering and user behavior analytics. DNSFilter previously acquired Guardian and Web Shrinker to further the company’s offerings.

DNSFilter protects every click, leveraging AI-driven content filtering and threat protection to stop threats quickly, even as bad actors develop more sophisticated threats at a faster rate. DNSFilter secures users everywhere they work and prevents threats before they reach end-users.

Ken Carnesi, CEO and co-founder, DNSFilter, said: “It’s been an amazing decade of providing the proactive first and last layer of protection to customers, preventing threats before connections are made. Our platform delivers a better, safer internet experience by protecting anyone, anywhere, across diverse environments, with the confidence of a trusted partner. I’m proud of all our team has achieved: Going from zero to over 35 million protected users. Here’s to the next 10 years of growth and innovation.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

Internet access is essential to the productivity of most organizations—but not everything on the Internet is work-appropriate or safe. From time-wasting sites to phishing domains, employees can unintentionally expose your company to productivity loss, legal risks, or cyber threats just by visiting the wrong webpage. And before you think it couldn’t happen to you or your team—even the most cybersecurity aware can be duped by emerging threats like fake CAPTCHAs or phony unsubscribe links.

That’s why blocking unwanted websites on your company network is a critical step in your cybersecurity strategy. But how can you do it without over-restricting employees or overloading your IT team?

Let’s explore the most effective and scalable ways to block unwanted websites—without the headaches.

Why Should You Block Websites on Your Company’s Network?

Blocking specific websites isn’t about micromanaging employees—it’s about managing risk. Here are just a few reasons to implement web filtering:

• Security: Perhaps the most obvious reason, and undoubtedly one of the most important. Security-focused web filtering prevents access to suspicious domains, phishing sites, and malware-laden URLs.
• Compliance: Web filtering helps to enforce Internet usage policies and meet regulatory requirements like HIPAA, CIPA, or ISO27001.
• Productivity: Reduce distractions by filtering content like social media, video streaming, and gaming during work hours.
• Bandwidth Control: Limit access to high-bandwidth sites that can slow down business-critical applications.

Steps to Block Unwanted Content on Your Network

1. Identify What You Want to Block

Not all “unwanted” sites are created equal. Whether you only want to block threats, or you want to have stricter restrictions on employee Internet access, it’s important to define which categories or URLs pose a risk to your organization. Commonly blocked content categories include:

• Adult Content
• Gambling
• Streaming Media
• Social Networking
• Malware
• Phishing
• New Domains
  

The above is not a comprehensive list of content and threat categories to block, but a great place to start thinking about the types of content you’d like to limit access to. Find a more complete list of content category options on the DNSFilter Help Center.

2. Choose the Right Website Blocking Method

There are multiple ways to block websites on a company network. Here are the most common approaches:

DNS Filtering (Recommended)

DNS filtering blocks access to unwanted websites at the DNS level—before the connection is even established.

Benefits:

• Lightweight and fast
• Works across all devices on your network
• On-device software is not required
• Cloud-based and easy to scale

Firewall Rules (Limited Use Case)

Traditional firewalls can block domains or IP addresses, but they often lack the context or categorization needed for nuanced filtering.

Browser Extensions or Proxy Servers

These can offer site blocking on specific devices but require extensive setup and maintenance. They’re also easier for savvy users to bypass.

3. Create Flexible Policies

Web content filtering isn’t one-size-fits-all. Different departments might have different needs. For example, your marketing team might need access to social media while the accounting department doesn’t.

With DNSFilter, you can create custom filtering policies to block employee access to content by:

• Group or department
• Device or user
• Time of day (e.g., block streaming during work hours only)
• Network location
  

Beyond just filtering by content or threat category, Allow and Block lists allow you to create granular policies down to the domain, subdomain, or TLD.

This customization allows you to strike the perfect balance between security and productivity.

4. Monitor and Adjust

Blocking sites isn’t a “set it and forget it” task. Threats evolve, and so do your employees’ needs.

Use your content filter’s analytics and reporting tools to monitor:

• Attempts to access blocked content
• Emerging threats or high-risk domains
• Bandwidth usage by category

With this insight, you can fine-tune your policies and stay one step ahead of risks.

See how easy it is to create content filtering policies in a few minutes using DNSFilter. Try the interactive product tour →

5. Communicate the Policy

It’s important that employees understand why certain sites are blocked. Transparency builds trust and helps prevent accidental policy violations. Additionally, it’s important to give your users a way to submit requests to access content that has been unnecessarily or incorrectly blocked.

Ensure that feedback is a two-way street between your Security team and the rest of the company’s users. Provide a clear Acceptable Use Policy and include messaging in customizable block pages to let users know when and why a site is restricted, and also how to submit their requests for a site to be unblocked or recategorized.

DNS Filtering is Key for Blocking Unwanted Websites

Blocking unwanted websites doesn’t have to mean locking down your network or frustrating your users. With intelligent, AI-powered DNS filtering, you can protect your business from threats, enforce policies, and ensure a more productive digital environment.

Ready to take control of your network? Try DNSFilter free for 14 days and see how easy it is to block the bad without breaking your business.

Protective DNS firm uncovers spikes in malicious traffic leading up to the start of every school year

WASHINGTON, D.C. – Aug. 26, 2025 – Malicious actors are making the most of the new school year with scams aimed at students, institutions, faculty and staff. Data from DNSFilter reveals spikes in specific threat types as students return to class.

Key statistics and insights from DNSFilter’s research find that educational institutions should be prepared to see the following:

Targeted Textbook Scams

• A textbook financing scam site snagged 3,000+ search queries in just 11 days last August. While that domain has since been taken down, similar fake textbook offers continue to crop up.
• Experts anticipate another surge in textbook scams with the new school year targeting college students.

 Impersonating School Sites

• One campaign used multiple domains to impersonate a school CDN (content delivery network). All domains were registered on the same day, likely to appear legitimate or as though it might be a domain registered by the school.
• Researchers observed increased scam traffic to school-related sites between August-September (start of school year) and December-January (winter break).

Cell Phone Bans May Increase Filter Bypass Attempts

• States across the US have implemented cell phone bans in schools. DNSFilter researchers expect that students will start to leverage school devices for activities usually reserved for personal devices, which would require bypassing school filtering to access gaming, social media, or online forums that might be blocked by schools.
• Filter avoidance traffic to DNSFilter resolvers has increased year over year in Texas (by 15%), New York (by 57%), and Florida (by 70%)—all states that have implemented bans.

At the start of a new school year, students and staff are given new logins and devices, creating a new security risk for schools to consider. Protective DNS helps education institutions filter out malicious domains before connections are made, stopping threats like phishing, malware and  and even filter bypass attempts at the source.

Ken Carnesi, CEO and co-founder, DNSFilter, said: “At a time that should be full of excitement, our data shows that schools and those they serve must be extra vigilant to avoid getting scammed by criminal opportunists. It’s our goal to make it as difficult as possible for scammers to succeed.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

Media Contact

Shannon Van Every

Force4 Technology Communications

Shannon@force4.co

WASHINGTON, D.C. – Aug. 14, 2025 – DNSFilter released new research today that showcases how bad actors are taking advantage of fake CAPTCHA pages to attempt to scam unsuspecting individuals.

One of DNSFilter’s managed service provider (MSP) customers discovered what first appeared to be an ordinary CAPTCHA prompt, but it turned out to be an attempt to deliver fileless malware known as Lumma Stealer. DNSFilter’s content filtering was able to stop it in its tracks, but researchers took a deeper look at the attempt to glean more detail.

Researchers discovered that:

• This particular fake CAPTCHA was interacted with 23 times on the DNSFilter network over a three-day period.

• 17% of people who encountered the fake CAPTCHA completed the steps on the screen to copy and paste it, resulting in an attempted malware payload delivery.

• The fake CAPTCHA was first observed on a Greek banking site. Two other domains were associated with the malicious CAPTCHA: a brand-new Cloudflare Pages site (Human-verify-7u.pages.dev) that loads with an error message after clicking “I’m not a robot,” and Recaptcha-manual.shop, which loads outside of the browser after following the prompted commands.

When users encountered the fake CAPTCHAs, this is the prompt that popped up.

As bad actors continue to evolve their tactics, users need to remember that if something seems fishy, they shouldn’t click it. However, not all threats are obvious. Organizations need to ensure they’re providing solid cyber hygiene training for employees regularly, but they also need to have a strong strategy in place for blocking suspicious domains and using content filtering to help avoid potential malware and phishing attempts.

Read more about how DNSFilter helped an MSP stop fake CAPTCHAs from luring their customers into inadvertent security scams in this case study.

Will Strafach, Senior Director, Security Intelligence & Solutions, DNSFilter, said: “It’s important for users to think and look carefully before they click on anything or take an action on an untrusted site, but human error is inevitable. That’s why modern enterprises need protective DNS. DNSFilter identifies emergent and newly malicious sites, providing cybersecurity teams with detailed visibility and tighter control of their network, no matter where their end users happen to be.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

WASHINGTON, D.C. – July 31, 2025 – DNSFilter announced today the release of its latest security report, which finds that bad actors are increasingly using domains associated with smaller island nations to attempt threat activity. Additionally, the report finds that new domains continue to be the most popular threat mode for bad actors for the second consecutive quarter. Download The DNS Record: Q3 Security Report 2025 here.

Analysis of threat traffic between April 1 and June 30, 2025 also found that malware and phishing continue to grow, with the former accounting for the second most trafficked threat category. The DNSFilter network processed billions more DNS queries in Q2 2025 compared to the previous quarter, with June recording the highest DNS traffic volume of the quarter. Each blocked malicious request represents a real attack prevented, real harm avoided and real people and organizations protected.

Key findings from the report include:

• Almost 4% of DNS traffic was blocked, marking the highest percentage of blocked traffic on record. Not all blocked traffic is malicious, but this indicates DNSFilter’s users are more regularly blocking domains, whether to avoid cyber threats or block sites associated with time-wasting or inappropriate content.
• New domains accounted for nearly 40% of requests categorized as malicious. While this was down slightly from the prior quarter, it indicates that bad actors continue to rely on new domains to capitalize on trends with catchy domain names to customize their threat campaigns. When domains are new, they’ve not yet had time to appear on block lists, which gives bad actors time for exploitation.
• Phishing and deception roared back. After a slight dip, phishing and deception (31.6%) marked an increased percentage of traffic on DNSFilter’s network compared to the prior quarter. That represented over 750 million queries, which could be attributed to an increase in sophisticated Phishing-as-a-Service techniques, such as Tycoon 2FA.
• Island nations’ domains gain traction with bad actors: Of the top five country code Top Level Domains (ccTLDs) likely to be malicious, four were domains associated with island nations. Domains associated with the Faroe Islands (.fo) were number one, with 27% of traffic deemed malicious. Also high on the list were Grenada, Mayotte and Wallis and Futuna. Threat actors adopt new TLDs for use in their campaigns and often choose TLDs and registries that are cheaper or even free in some cases, allowing them to quickly move on from domains and register new ones without cost concerns.

Ken Carnesi, CEO and co-founder, DNSFilter, said: “Bad actors are agile, and the volume and variation of threats we saw in Q2 underscore that defenders must move as quickly and flexibly as attackers. Blocking new domains, which continue to drive threat traffic, remains a key defensive approach that can mitigate risk from emerging domains that bad actors are trying to weaponize quickly. We’re seeing a structural shift in how modern attacks are launched and sustained and defenders must take notice.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

Shadow IT is quickly becoming one of the biggest blind spots in cybersecurity, especially for MSPs. As clients increasingly adopt cloud-based tools, browser extensions, and AI-powered applications, many of these services bypass traditional IT oversight. These unsanctioned tools may seem minor at first, but they can introduce serious vulnerabilities to your clients’ environments.

Think of a client’s network like an iceberg. Above the surface are the approved tools: sanctioned, monitored, and secured by you. But beneath the surface lies the bulk of the threat, made up of tools operating without visibility or approval. This is where Shadow IT hides.

With remote work, bring-your-own-device policies, and easy access to cloud software, Shadow IT is expanding rapidly. The danger? It is often invisible until something breaks.

But what exactly is Shadow IT, and why should MSPs care?

What is Meant by the Term “Shadow IT?”

Shadow IT refers to any software, hardware, or cloud-based tool that employees use without the knowledge or approval of their organization’s IT team. This includes everything from personal file-sharing accounts to AI meeting assistants or browser add-ons.

Real-world examples of Shadow IT are often introduced with good intentions. A marketing specialist might store files in a personal cloud drive for convenience. A project team could adopt a planning app to collaborate on tasks. A customer success rep may use an AI-powered notetaking tool to summarize client calls. These actions seem helpful on the surface, but they introduce tools that operate beyond IT’s protective reach.

Why does Shadow IT happen? Often, it’s because the employee needs something now and waiting on approval feels like a delay. Remote work also blurs the lines between personal and professional software. And with thousands of SaaS tools just a click away, users don’t always realize the risks of choosing the easy option.

Is Shadow IT a Threat to MSPs?

It is tempting to view Shadow IT as a user issue. But for MSPs, it’s a much larger concern. Every unapproved tool represents an area of the environment that you don’t control, yet are still expected to secure and support.

Imagine this: a client starts using a project management platform to track deliverables. Weeks later, they contact you because access is lost, and key data is missing. But you were never told about the platform in the first place. Now, you’re responsible for resolving a problem tied to a tool you didn’t provision, secure, or maintain.

This is the reality of Shadow IT. It introduces unknowns into environments where predictability is your greatest asset. Over time, unmanaged tools chip away at:

• Security posture: Tools that bypass review may contain vulnerabilities, transmit unencrypted data, or expose login credentials through insecure APIs.
• Compliance guarantees: Many industries depend on strict controls for storing and handling sensitive information. If an unauthorized tool is used for client or personal data, your client may inadvertently violate frameworks like HIPAA, GDPR, or SOC 2.
• Operational consistency: Supporting a growing number of tools you never approved creates inefficiency. It can lead to longer resolution times, more frequent miscommunications, and a higher volume of support tickets.

“If you don’t know what tools your client is using, how can you protect them?”

Shadow IT in cybersecurity isn’t just an internal threat, it reflects directly on the service quality, accountability, and expertise your clients expect from you.

The Real Risks of Shadow IT

Is Shadow IT always bad? Not necessarily. In fact, it often surfaces because users are trying to work around workflow blockers. They want to move faster, collaborate better, or fill a perceived gap in the toolset. But unmanaged Shadow IT presents real risk, regardless of intent.

Security Gaps

Unauthorized tools typically fall outside of patch cycles, endpoint detection, and access control policies. Many also collect telemetry or data in ways that aren’t transparent. Without knowing how a tool functions or stores information, you cannot reliably assess its threat potential.

Compliance Failures

A single file uploaded to a non-compliant cloud storage app can create a cascading issue. Regulated industries like finance, healthcare, and education are particularly vulnerable, as they must adhere to strict requirements around data handling, encryption, and auditability. If an audit uncovers usage of tools that haven’t been assessed for compliance, the client may face penalties, legal exposure, or reputational damage. Navigating cloud compliance challenges becomes even more difficult when unauthorized tools fall outside your oversight.

Operational Friction

When your support team is asked to troubleshoot an issue caused by an unfamiliar tool, resolution takes longer. Shadow IT means more time spent asking questions, diagnosing issues from scratch, and uncovering causes that could have been avoided with visibility from the start.

Financial Waste

Many clients don’t realize they are paying for multiple subscriptions that do the same thing. One department may use a sanctioned CRM while another relies on an unsanctioned one. These overlaps drain budgets and make billing, reporting, and renewals more complex than necessary.

Loss of Client Trust

When clients believe you are securing their environment, they expect total coverage. If a breach is traced back to a tool you didn’t even know was in use, you may still be held accountable. Even if the client introduced the risk, their confidence in your ability to prevent future issues can take a hit.

Shadow IT Management: How to Spot Hidden Tools

Managing Shadow IT begins with identifying it. And while many unauthorized tools stay off traditional inventory lists, they leave behind usage signals that you can detect.

Behavioral Analytics

Look for anomalies in system activity. These might include sudden increases in outbound file transfers, logins to unfamiliar platforms, or data syncing from unmanaged devices. These patterns often reveal when a new tool enters the environment without proper onboarding.

DNS Filtering

This is one of the most efficient ways to uncover Shadow IT. DNS filtering allows you to monitor domain-level traffic and detect connections to cloud services that users have not been authorized to access. This is especially helpful for browser-based tools that don’t require installations and would otherwise fly under the radar.

Regular Audits

Conduct structured software and traffic audits quarterly or monthly. Include browser extensions, encrypted outbound requests, cloud storage platforms, and mobile usage where applicable. Compare findings against your client’s list of approved tools to identify mismatches.

Pro tip: Shadow IT tools can range from simple time trackers to AI transcription bots and collaborative whiteboards. Even a seemingly helpful plugin can represent risk if it hasn’t been reviewed.

Effective Shadow IT management requires that discovery becomes a regular process, not just a response to a problem.

Shadow IT Management: Strategies to Regain Control

Once you have visibility, the next step is containment, education, and long-term prevention. The goal isn’t to punish users for trying to be efficient. It’s to provide them with a safer way to achieve their goals.

Educate Users and Clients

Shadow IT often stems from good intentions. Make clients aware of the risks and responsibilities associated with unapproved tools. Encourage their teams to reach out when a tool isn’t meeting their needs instead of finding their own workaround.

Enforce Acceptable Use Policies

Establish and maintain clear, accessible technology policies. These should outline what types of tools are permitted, how to request new solutions, and what the consequences are for bypassing protocols. Policies only work when they are communicated and reinforced regularly.

Create Tool Request Workflows

A fast, transparent process to evaluate and approve new tools reduces the likelihood of Shadow IT creeping in. Clients should know exactly how to ask for a tool and what evaluation steps it must pass before approval. This process should be lightweight and responsive.

Build a Culture of Visibility

Make software usage part of your regular QBRs. Discuss newly observed tools, identify trends across teams, and recommend consolidation where appropriate. Help your clients see visibility not as surveillance but as a path to efficiency and smarter decision-making.

Why DNS Filtering Supports These Strategies

DNS filtering acts as a checkpoint for outbound traffic, helping you identify new tools before they become entrenched in your client’s workflow. This makes it easier to catch Shadow IT early and have more productive conversations about tool usage.

7 Shadow IT Tools You Probably Overlooked

Some of the most overlooked Shadow IT tools are simple, browser-based, and widely adopted:

1. AI writing assistants: Can expose company input data through third-party APIs
2. Design platforms: Often used via personal logins, bypassing shared controls
3. Video recording apps: Store content in external accounts with unclear access settings
4. Task management tools: May become data silos if not integrated with approved platforms
5. Notetaking extensions: Capture sensitive call data and sync to unknown cloud services
6. Personal email platforms: Frequently used for sending attachments or internal content
7. Freemium chat tools: Create communication silos without audit trails or encryption controls

These tools are adopted because they are easy to use. But they also avoid the standard approval and visibility processes that MSPs rely on to protect client infrastructure. For more on how Shadow IT contributes to misconfigurations and cloud risk, see our breakdown of cybersecurity trends MSPs can’t afford to ignore.

From Risk to Relationship Builder

Shadow IT is not always malicious. It is often a signal that the current workflow, stack, or process isn’t delivering what users need. MSPs who approach it with empathy, structure, and visibility tools will win client trust and long-term retention.

When you help clients understand the risks and provide a better alternative, you’re not just solving a security problem. You’re building a stronger relationship. One where technology decisions are collaborative, strategic, and visible.

Visibility is not just a security measure. It is how you deliver the strategic value your clients expect.

Staying Ahead with Smarter Web Filtering

Across every industry and network environment, content filtering isn’t just a matter of productivity, it’s a front line of defense. From malware and phishing to compliance risks and productivity drains, the threats are real, and the stakes are high.

That’s why choosing the best content filtering software for your environment is such an important decision. The right tool helps protect your users without slowing them down, and it should work seamlessly across all your networks, from remote offices to school campuses to distributed client environments.

More organizations are turning to DNS-level filtering for its unique blend of speed, simplicity, and scalability. Unlike traditional firewall or endpoint-based solutions, DNS filtering blocks unwanted content before the connection even happens.

What is Content Filtering & Why DNS-Level is Superior

Content filtering is the practice of blocking access to dangerous, inappropriate, or non-compliant content on the internet. Whether you’re protecting students, employees, or guest Wi-Fi users, the goal is to reduce exposure to risk while maintaining a productive online environment.

Common targets for filtering include:

• Malware and ransomware
• Adult or explicit content
• Hate speech and extremist sites
• Proxy and VPN services
• Bandwidth hogs like video streaming and gaming platforms

There are several ways to implement content filtering:

• Client-based filtering: Installed locally on each device
• Gateway/firewall filtering: Operates at the network edge
• Server-based filtering: Centralized on internal infrastructure
• DNS-level filtering: Works at the DNS resolution layer before a connection is made

So why is DNS filtering becoming the preferred choice?

• It blocks threats before the connection is even established
• It’s lightweight and doesn’t slow down devices or networks
• It can be agentless, meaning no software install is needed
• It’s ideal for remote, hybrid, or distributed environments

What to Look for in the Best Content Filtering Software?

If you’re in the market for a content filtering solution, you probably have no shortage of options. But not all content filtering software is created equal and some may lack the intelligence, speed, or usability you actually need.

Here are the essential features and capabilities that define top-tier content filtering software today:

✔️ Real-Time Threat Detection

Modern threats evolve quickly. Your content filter should detect and block threats using AI and machine learning in real time—even if the domain hasn’t been classified before.

• DNSFilter’s approach to real-time threat detection is rooted in intelligent automation. Our AI is continuously trained to identify deceptive sites before they can cause harm, ensuring that threats are neutralized before they even reach your network.

Learn how AI is transforming modern cybersecurity in our deep dive on artificial intelligence in threat detection.

✔️ Broad and Customizable Category Controls

Effective filtering goes beyond just adult content. You should be able to block categories like social media, cryptocurrency mining, and phishing, and customize policies for your unique risk profile.

• DNSFilter has 50+ threat and content categories with customizable rules.

✔️ Granular Policy Management

Granularity matters. Can you apply different filtering policies to different user groups, departments, or IP ranges?

• DNSFilter gives organizations precise control over what to block and how, informed by evolving best practices and real-world examples shared in our live policy-building webinar.

✔️ Flexible Deployment Options

Whether you want to deploy at the network level, on individual devices, or through a hybrid model, your software should be flexible enough to match your setup.

• DNSFilter offers agentless network protection as well as device and user-level filtering.

✔️ Low Latency Performance

Content filtering shouldn’t slow down your users or affect DNS resolution speed.

• DNSFilter is powered by our global dual anycast network for fast, seamless resolution.

✔️ Auto-Updates and Intelligence Feeds

The threat landscape changes fast. Be sure to choose a platform that stays updated without manual intervention.

• DNSFilter leverages advanced AI and diverse threat intelligence sources to dynamically update its models, delivering real-time protection against constantly evolving threats.

✔️ Support for Multiple Languages

If you operate globally or in multilingual environments, your filtering engine should recognize and block malicious content in many languages.

• DNSFilter supports domain categorization in 20 major world languages, includes localized block pages for end users, and allows management of internationalized domain names (IDNs) using Punycode,  ensuring a consistent and effective filtering experience no matter the language.

✔️ Clear Reporting and Insightful Dashboards

Visibility into filtering activity, block rates, and user behavior is critical.

• DNSFilter offers real-time dashboards and exportable reports for compliance and visibility.

✔️ Industry Compliance Support

If you’re in a regulated industry (like education or healthcare), your filter should help you stay compliant.

• DNSFilter provides tailored solutions for healthcare, education, and MSPs to help them meet regulations such as CIPA compliance and HIPPA regulations.

✔️ White Label Options and Responsive Support

For MSPs or distributed teams, look for flexible branding and access to real-time support.

• DNSFilter goes beyond basic support with a comprehensive MSP Partner Program that includes co-branded marketing resources, multitenant management, custom pricing, and flexible deployment options. Combined with 24/7 technical support and white label functionality, it’s a purpose-built solution for MSPs that want to grow their service offerings without increasing overhead.

Explore these core DNSFilter features and more →

Matching Architecture to Your Needs

Choosing the right content filtering architecture is just as important as choosing the right features, it affects how easily your solution can scale, how much oversight it requires, and how well it fits into your existing infrastructure.

There are different ways to deliver content filtering, and your organization’s size, infrastructure, and technical maturity will help determine the best fit:

• Client-based: Installed locally on endpoints. Great for individual control and for remote organizations.
• Server-based: Centralized, but requires hardware and on-prem management.
• Gateway-based: Hardware-heavy; good for traditional networks.

Cost is About More than Licensing

Pricing is often the first point of comparison, but cost alone rarely tells the full story. When evaluating content filtering solutions, organizations should consider the total cost of ownership (TCO)—a broader picture that accounts for every factor impacting long-term value and efficiency.

TCO includes not only your subscription or licensing fees, but also:

• How long it takes to deploy across your organization
• The level of IT resources needed for ongoing management
• The cost of missed threats or delayed responses
• Hidden expenses tied to updates, training, or hardware maintenance

A solution that looks inexpensive upfront may end up costing more in staff hours or operational overhead. Conversely, software that streamlines setup, automates updates, and offers reliable support can generate savings far beyond the initial quote.

DNSFilter was designed with these efficiencies in mind, offering fast, hardware-free deployment, automatic intelligence updates, and intuitive dashboards that reduce time spent on administration.

Choose Software That Works for You

The best content filtering software doesn’t just block harmful content. It works the way your organization works.

Look for a solution that:

• Blocks threats in real time
  Case Study: Oetker Collection relies on DNSFilter to protect users
• Reduces manual admin overhead
  Case Study: Tech Team Solutions saves time with DNSFilter
• Lets you tailor policies to your environment

• Works at the speed of your network

• Is easy to roll out and manage from day one

DNSFilter was built to be the modern standard for web filtering. Whether you’re protecting ten users or ten thousand, it checks all the boxes.

Want a quick-reference checklist for your buying process? Download our free PDF: The DNS Content Filtering Software Buyer’s Checklist