The Economic Value of DNS Security

The Domain Name System (DNS) is a critical component of the Internet, yet it is rarely utilized as a primary security control. This research quantifies the loss avoidance attributable to “protective DNS” (PDNS), or DNS firewalls—a service that processes requests normally but prevents translation for malicious domains. By analyzing five years of breach data, the study reveals that this simple infrastructure change could have a massive impact on global cybersecurity resilience.

The findings indicate that DNS firewalls could have mitigated one-third of the confirmed data breaches analyzed. By interrupting the kill chain at multiple steps—from initial malware installation to command-and-control communication—PDNS acts as a versatile and cost-effective defense. The report rewards the reader by modeling these impacts onto global breach estimates, suggesting that if global losses reach $300 billion, PDNS could prevent $100 billion of those losses.

Ease of deployment is a major advantage highlighted in the paper. Because it replaces existing infrastructure rather than requiring individual host agents, PDNS is relatively inexpensive and simple to manage centrally. This makes it an essential consideration for most enterprises, 68% of which are not yet utilizing a DNS firewall.

Key Findings

• 1-in-3 Mitigation Rate: DNS firewalls are a relevant control against 33.1% of confirmed data breaches reported over the last five years.
• $10 Billion Loss Avoidance: Implementing a PDNS solution could have prevented approximately $10 billion in financial losses across the 3,668 studied breaches.
• Kill Chain Interruption: PDNS is effective against 91% of malware that leverages DNS for command-and-control (C2) communication.
• The Phishing Defense: Phishing is the leading threat action potentially mitigated by a DNS firewall, appearing in over 25% of the five-year breach sample.
• Cost-Benefit Advantage: While a poorly configured solution can lead to blocked domains, a well-designed free service (like Quad9) offers high efficacy for minimal investment.