We don’t often take to the blog to talk about some of the more advanced OpenDNS Enterprise security features, like our malware and botnet protection, but we know a lot of organizations rely on them to keep their networks secure. Today, I’d like to talk a little more about how our malware and botnet protection works, and why we’ve started seeing so many organizations move to OpenDNS Enterprise primarily for that added layer of internet security.

As with all of the advanced functionality OpenDNS has built atop our superfast recursive DNS service for businesses and schools – like the Web content filtering, phishing protection, and stats available in OpenDNS Enterprise –  our malware and botnet protection innovates on traditional offerings, and it works on any device connected to the network (including, say, an iPad that an employee brought from home).

OpenDNS blocks malware and botnet attacks before they can infect a network. We aren’t terminating an existing malicious connection, or cleaning up a breach that’s already occurred; as soon as OpenDNS sees an attempted connection to a malicious domain or IP address, we block it. A side benefit is that if an infected device is brought on to a protected network, OpenDNS can make sure that the infection doesn’t spread to other connected devices on the network if they do so via external command and control.

OpenDNS Dashboard Malware Notice

If you’re wondering why this matters: when Vanderbilt University switched to OpenDNS Enterprise in 2010, they blocked 1.5 million malware attacks in the first four months following the deployment. That’s 1.5 million potential data leaks thwarted, and 1.5 million device cleanups avoided.

It’s certainly something to think about, as the threat of malware and botnet attacks continues to escalate.  If you don’t have any malware or botnet protection for your organization, or you’re thinking about adding another layer of protection to your network, consider trying out OpenDNS Enterprise as your first line of defense.

It’s a story we’ve heard time and again. Public school budgets are smaller than ever, and the funds devoted to improving technology (and security) get cut in half, and then cut in half again. Network administrators at schools are forced to piece together legacy hardware and out-of-date software with some clever work-arounds in order to keep kids protected from malware, phishing and unsafe content.

Unfortunately, this often results in security loopholes and inconsistent filtering policies for kids (who are usually tech smart enough to figure out how to get around them) and a whole heck of a lot of work for network administrators.

OpenDNS is changing all that. With OpenDNS, schools can can turn filtering and malware protection into cost-savings initiatives instead of cost centers, and they can ensure that protection is universal across an unlimited number of locations. And this isn’t just speculation on our part – we shared a new milestone this morning that proves it’s reality. We announced that 90 percent of public K-12 schools in Maine are using OpenDNS. For us, it’s a huge honor and privilege to be given the responsibility of protecting nearly every kid in Maine. But for the state of Maine, it’s a lot more.

We tip our hat to Maine for being on the cutting-edge of technological innovation, lifting the burden of appliance management and limiting the dangers of security loopholes. And we send a very big congratulations to the team at Networkmaine, the organization that operates and maintains all network infrastructure for Maine’s K-12 schools and libraries, who identified that using OpenDNS would not only allow the state of Maine to significantly improve the security it uses to protect kids, but that universal deployment would put them at the forefront of keeping kids safe online.

Last year we announced that 1 in 3 public K-12 schools in the U.S. were using OpenDNS, and although we celebrated the milestone, we went to work right away to make OpenDNS the choice of all schools. We added the academic fraud category for content filtering and created the K-12 forums in our community section. And we’re not done yet. If you have ideas for how to make OpenDNS better for schools, tell us what you need. David and our engineers are closely monitoring the IdeaBank, where you can share suggestions for product improvements, and we’re always listening at Success@OpenDNS.com.

Today we announced that Shea Homes, the largest privately-held homebuilder in the U.S. has deployed and is experiencing great success with OpenDNS Enterprise. J.F. Shea Co., its parent company, is also using OpenDNS Enterprise. For us, its hugely exciting that the company America trusts to build our homes and engineering marvels has trusted OpenDNS Enterprise with the task of protecting its networks and employees from malware and unsafe content.

It’s no easy task to be one of the nation’s largest and most respected homebuilders and civil contractors. Aside from a strong commitment to excellence and customer satisfaction, and building global landmarks like the Golden Gate Bridge and Hoover Dam, it also means a constant and significant amount of corporate growth. For Shea Homes and parent company J.F. Shea Co, keeping up with that rapid growth meant purchasing, deploying and managing new malware protection and content filtering appliances for its various networks every time a new office was added, or more bandwidth was needed. The company and its subsidiary were stuck in an ugly cycle of appliance management, a story that’s all too familiar for many rapidly growing organizations. But escaping the cycle was not only easy, it resulted in significant savings of both time and resources.

The J.F. Shea Co. and its divisions were early adopters of cloud-based services like OpenDNS Enterprise because the move let the companies free up significant IT budget and time, and downsize datacenters across their distributed locations. This was especially significant during the economic downturn that left the building industry particularly hard hit. Notably, J.F. Shea Co.’s cloud-based evolution was rooted in the transition to OpenDNS Enterprise. Shea Homes soon followed by adopting OpenDNS Enterprise for all of its North Carolina locations. The organizations not only leverage OpenDNS Enterprise for its unique ability to block malware and botnets at the DNS level, but also for the added protection the organizations receive by filtering malicious sites that are frequently the sources of such malware.

Using OpenDNS Enterprise afforded J.F. Shea Co. a savings of more than $25,000 and gave Shea Homes the ability to downsize its datacenters and let its IT team focus more closely on proactive maintenance. We’re excited to say that OpenDNS Enterprise does this each day for companies large and small. And we love spreading those stories, helping other SysAdmins around the world learn how OpenDNS Enterprise can do the same for them. If you have questions about OpenDNS Enterprise, or want to learn how it can help your business stay safe from malware or inappropriate content, join our webinar next Wednesday, Oct. 26.

If you’re using OpenDNS at work and want to share your success story, email Success@OpenDNS.com.

I talk to our customers often, and lately I’ve been hearing that they are seeing more and more diversity in the types of devices connecting to their network. More importantly, these devices are not being provisioned by the IT folks, but are being brought in by the employees. iPads, iPhones, Droids, Tablets and others are connecting into the enterprise network. Unlike a decade ago where IT could easily say no to an unmanaged device, it’s harder today when everyone wants to use one, including your CEO.

As the IT guy or gal, it’s your job to both protect the network and make it accessible, two roles often at odds. I’ve discovered that many of you are using OpenDNS to provide malware and botnet protection, along with all our other services, to help protect these devices. Since our service lives in the network, it doesn’t require any on-device client software and we don’t care if you’re running iOS 4.3 or 5.0 — or Android Froyo or Gingerbread. Our protection is device agnostic.

It turns out though, we aren’t the only ones seeing this trend. Analyst firm IDC published a study this week on this exact topic, the consumerization of IT. They note that employees are increasingly using laptops, smartphones and tablets to get work done.

In addition, increasingly those employees are working in coffee shops, on airplanes, even while traveling in cars (as passengers, of course). Traditional security appliances and services weren’t designed for this. It’s an IT problem for companies, which means it becomes a problem for network admins, everywhere.

I am interested in these kinds of studies because I know that OpenDNS is a solution.

For those new to our service, OpenDNS provides a simple malware blocking service that’s more powerful than anything else available. By simply pointing to our IPs and configuring your settings in our web-based dashboard, you can immediately protect your network.

Back to the study. Some impactful, but not altogether surprising, stats:

• 83% of IT people called “Security Concerns” the greatest barrier to actually enabling employees to use mobile devices for work. (Even though they’re clearly already using them.)
• 40% of devices used to access business applications are personally owned in 2011, up from 30% in 2010.
• Only 50% of employees reported their desktop PC as the most critical business device in 2010. But even less, only 35% expect it to be in 2012.
• 74% of IT people consider employee-provided tablets as a security threat.
• 80% of IT people described security as an “Urgent” concern.

Lastly, Stacey Higginbotham over at GigaOm, published a neat infographic of the major stats from this study. If you are the IT hero in your office, it makes for some sobering reading, and if you aren’t, you might want to point your IT staff over to take a look.

What do you think?

Today we’re launching OpenDNS for Managed Service Providers. OpenDNS for Managed Service Providers allows MSPs of any size a co-branded version of our popular OpenDNS Enterprise service to their customers.

This service was created out of demand from two different audiences — first, we have had a large number of MSPs express interest in reselling our OpenDNS Enterprise service to their customers. Second, we have a number of businesses looking to purchase OpenDNS Enterprise but who aren’t looking to buy a large subscription (which is what our corporate sales team focuses on). As a result, we now have a fully-integrated program for MSPs and a solution for our customers looking for a smaller or more tailored offering while still getting all of the OpenDNS Enterprise features.

We hear all the time that existing appliance-based solutions are prohibitively expensive and require site visits to install and often to manage. This isn’t ideal for the MSPs or for the clients. We believe OpenDNS is now serving a critical need of IT solutions providers around the world with the advent of OpenDNS for Managed Service Providers.

As a cloud-based service with a significantly lower Total Cost of Ownership (TCO) than alternative security services, OpenDNS Enterprise helps MSPs lower overhead costs and time spent on-site at client locations, while giving their customers something they’ve been looking for — comprehensive Web content filtering, faster Internet, and phishing and Malware protection. OpenDNS Enterprise’s unique malware and botnet protection technology is unlike anything else available, providing a significant differentiator IT solutions providers can pass on to their clients.

Finally, I want to provide a big thank you to the dozens of MSPs who have been testing this with us over the last 3-4 months as we made refinements to both the dashboard interfaces and the program itself. We’re confident we have created a program that works well for all MSPs and are excited to make sure the program is a huge success.

More information about the OpenDNS for Managed Service Providers program is available here. Interested MSPs can apply to join the program today!

Today marks the one-year anniversary of the launch of OpenDNS Enterprise. It was exactly one year ago today we made the service available, not knowing how it would be received, but confident in the vision behind it. It has been a tremendous success.

In one year, nearly 1,000 enterprises have switched to OpenDNS Enterprise, and in many cases, away from costly appliance-based security solutions from folks like Blue Coat and Websense. Our customers include several Fortune 100 organizations, global iconic brands you love, and hundreds more that are globally distributed.

For those who do not know — OpenDNS Enterprise provides a cost-effective and efficient way to manage Internet access and security across multiple physical locations, easily deployed and managed over the Web. With the availability of OpenDNS Enterprise, it is no longer necessary to purchase and maintain stodgy and costly filtering appliances at each of your sites.

While we were excited about what we built, the proof of our success is in the numbers:
The renewal rate among OpenDNS Enterprise customers for the next subscription year is an unprecedented 98 percent. Further, many OpenDNS Enterprise customers are subscribing to the service with multiple-year contracts (and saving money by doing so).

We have made great strides with OpenDNS Enterprise but we have barely scratched the surface of what we intend to deliver to customers. I’ve been reviewing our roadmap for 2011 and can confidently say that I have never been more excited about the opportunity we have at OpenDNS to deliver a fantastic service to our customers.

I feel privileged to work at OpenDNS and I feel honored that so many great companies have chosen to do business with us. I also wanted to thank our 20,000,000+ users who provide us so much wonderful feedback. In fact, almost every OpenDNS Enterprise customer had used OpenDNS at home before bringing it to work!

It’s been almost a year since I took back over as CEO of the company I founded in 2005 and in this last year I have assembled a world-class management team who are helping to scale and grow our business on all fronts — enterprise, consumer and more. We’re also hiring great people, so please consider applying if you can help us take our vision of a safe and secure Internet to the next level.

PS: This post is about Enterprise, but I wanted to mention that we have great stuff coming out for our OpenDNS Basic service in 2011. More on that later…

Today we’ve announced the immediate availability of Block Page Bypass, an innovative feature that allows the granting of special permissions to bypass OpenDNS filtering without the use of any software or any appliance. The announcement is significant because it makes OpenDNS Web content filtering a fitting service for a much wider group of companies and organizations.

Since our Web content filtering began growing in popularity years ago, we’ve heard from potential customers that one of the only hurdles to adoption is the lack of a Block Page Bypass feature. The cost savings and ease-of-use of our service make a very compelling switch-from-Websense or Blue Coat-argument, but for some potential customers, the inability to assign different people the permission to bypass specific categories or websites made our solution unusable in their organization. For those customers, we’re proud to have a solution available today that will liberate them from the high cost and frustrating experience of managing on-premise filtering appliances.

In building this feature we looked at how the appliance vendors perform this function today and realized right away that their approach is highly inefficient. In order to allow you to bypass one site, they often have to proxy all traffic through their appliance. Anyone who has run a network or managed a filtering box knows this slows down the network significantly and introduces a single point of failure. The approach we’ve developed is no less intelligent than what you’ve come to expect from OpenDNS. We proxy only the sites being bypassed, so in effect we give you more granular filtering without decreasing overall performance. The idea that better security should not impact performance is a theme we talk about a lot internally and is something we think about with everything we do.

Right out of the gate this feature is available to all OpenDNS Enterprise customers, but later this year will be available in Deluxe as an add-on.

Read more about Block Page Bypass here and here.

SmartCache is one of OpenDNS’s many significant innovations. We invented SmartCache — the technology that automatically locates and tries the last known good IP address for Web sites that are having authoritative DNS outages and are completely unreachable on the Internet as a result. SmartCache works to make those Web sites load for OpenDNS users who have SmartCache enabled, while they’re unreachable for everyone else. It’s this kind of innovation that we’re known for, and probably one of the reasons you choose our service.

When we introduced OpenDNS Deluxe and OpenDNS Enterprise last week, we put SmartCache in the “only available to subscribers” bucket of features. Any Basic (or free) users who had SmartCache enabled would keep there ability to manage the feature, but going forward it would only appear available to new paying subscribers. Many of you wrote in to express your concern about our decision: You made the case that SmartCache is core to our DNS service, and something that makes switching from your ISP’s DNS to OpenDNS very compelling.

So, starting about 10 minutes ago, users of all versions of OpenDNS get SmartCache for free. And I hope you turn it on, as it’s quite awesome.

Finally, it’s the only feature that was removed from the Basic, free service. We can now accurately say that nothing was removed from the Basic service when we launched our paid services and we won’t be ignoring the free service going forward either; we know a lot of you try the free version first and so you can bet that we will make sure it continues to be a world-class service.