Sophos DNS Protection
Secure, high-performance DNS protection using AI-powered threat intelligence across all ports, protocols, and apps

AI-Powered Threat Intelligence

Sophos DNS Protection leverages continuous real-time threat intelligence from Sophos X-Ops and SophosLabs AI to identify and block malicious domains before they can be accessed. New threat intelligence propagates to all DNS Protection servers immediately all protected devices benefit from newly discovered threats without requiring device updates or policy changes.

• Real-time AI threat intelligence from SophosLabs blocks newly discovered malicious domains immediately.
• Phishing domains blocked before users can be redirected to credential harvesting sites.
• All managed and unmanaged devices receive instant protection from emerging threats.
• No device updates or policy changes required to benefit from new intelligence.

Protect All Network Devices

Sophos DNS Protection on Sophos Firewall provides DNS security for all devices on the network including unmanaged endpoints, IoT devices, and guest devices that lack security agents. It configures in minutes through the firewall management interface and is included with the Xstream Protection licence at no additional cost.

• Included with Xstream Protection licence for Sophos Firewall.
• Protects managed and unmanaged devices behind the firewall without agent deployment.
• Blocks domains used in phishing attacks before users can access them.
• Configures in minutes through the Sophos Firewall management interface.
• DNS lookup data integrates into Sophos Data Lake for XDR and MDR threat hunting.

Protect Windows Endpoints On and Off Network

Sophos DNS Protection for Windows endpoints ensures remote and hybrid workers receive the same DNS security whether connected to the corporate network or working remotely. It installs standalone or alongside Sophos Endpoint, and is included with Sophos Workspace Protection at no extra charge.

• Included with Sophos Workspace Protection no additional licence required.
• Installs standalone or alongside Sophos Endpoint for layered protection.
• HTTPS encryption protects DNS traffic privacy and integrity on untrusted networks.
• Policy controls in Sophos Central for custom domain lists and category blocking.
• Protection enforced regardless of whether the device is on or off the corporate network.

Global Infrastructure for Low Latency

Sophos DNS Protection operates a global network of cloud DNS servers to ensure high performance and minimal latency regardless of user location. Distributed points-of-presence across all operational regions maintain low response times for geographically distributed workforces, with high availability architecture ensuring continuous protection.

• Distributed points-of-presence across all operational regions.
• Over 500 billion DNS requests processed since service launch in 2024.
• Low latency maintained for geographically distributed workforces.
• High availability architecture ensures continuous protection with no single point of failure.

Deployment on Sophos Firewall

Sophos DNS Protection on Sophos Firewall is included with the Xstream Protection licence and activates through the Sophos Firewall management interface. Once enabled, all DNS queries from devices on the network including unmanaged and IoT devices are resolved through Sophos DNS Protection servers where AI threat intelligence is applied at lookup time.

• Included with Xstream Protection no separate licence or subscription required.
• Enabled through the Sophos Firewall management interface in minutes.
• Covers all devices on the network without agent deployment.
• DNS lookup data feeds into Sophos Data Lake for XDR and MDR investigation.

Deployment on Windows Endpoints

Sophos DNS Protection for Windows endpoints deploys as part of Sophos Workspace Protection. It can be installed standalone or alongside Sophos Endpoint, and is managed through Sophos Central alongside the rest of the Sophos portfolio. Policy controls allow administrators to define custom domain blocklists and configure category-based filtering per user group or device.

• Included with Sophos Workspace Protection subscription.
• Deploys via standard software distribution tools (Intune, SCCM, GPO).
• Managed through Sophos Central alongside all other Sophos products.
• Custom domain lists support organisation-specific requirements.
• HTTPS encryption for all DNS traffic prevents spoofing, tampering, and cache poisoning.

Sophos Central Management

Both deployment options are managed through Sophos Central, providing a unified view of DNS protection activity, policy configuration, and domain blocking across the entire organisation. Administrators can configure policies, review blocked domain reports, and adjust category filters without leaving the Sophos Central console.

XDR and MDR Integration

DNS lookup data from Sophos DNS Protection is ingested into the Sophos Data Lake, making it available for threat hunting in Sophos XDR and for Sophos MDR analysts investigating suspicious activity. DNS-based indicators of compromise such as connections to known C2 infrastructure or newly registered domains can be correlated with endpoint and network telemetry in a single investigation view.

Sophos DNS Protection Specifications:

Documentation:

Download the Sophos Workspace Protection Solution Brochure (PDF).