DNSFilter unveils CyberSight for deeper user insight
DNSFilter has launched CyberSight, a behavioural analytics and intelligence feature within its DNSFilter platform, as it expands beyond DNS-based blocking to provide broader visibility into user activity.
CyberSight tracks user interactions across devices, applications and web traffic. It adds detailed logging, including full URLs and user actions, rather than focusing only on whether a request was blocked.
Many organisations now rely on large numbers of software-as-a-service tools. DNSFilter cited an average of more than 100 SaaS applications in use, which can complicate oversight for security teams and managed service providers. In that environment, DNS filtering alone offers limited insight into what users do online when activity is not blocked.
CyberSight sits alongside DNSFilter's existing Protective DNS service and is positioned as a way to close visibility gaps for incident investigations and for identifying risky application use.
"DNS filtering has always been excellent at stopping threats, but security teams also need visibility into the activity that never gets blocked," said Ken Carnesi, Chief Executive Officer of DNSFilter. "CyberSight delivers that missing context, giving organisations the ability to understand user behaviour across the web, uncover shadow IT, and respond to incidents significantly faster. It's a powerful new layer of intelligence within the DNSFilter platform."
Product Placement
CyberSight is included in DNSFilter's Pro and Enterprise tiers. DNSFilter describes it as a user behaviour analytics tool that records what happened, when it happened and how long interactions lasted.
The feature logs clicks, applications and full URLs, and captures IP addresses entered directly into a browser address bar. DNSFilter said the system separates user actions from background system activity, which can otherwise create large volumes of noise in logs.
For security teams, CyberSight provides behavioural timelines and event records for reviewing suspicious activity. DNSFilter also said the added application visibility can uncover shadow IT, where staff use unapproved tools outside formal IT procurement and security controls.
CyberSight is also aimed at IT operations and cost management through application usage visibility. DNSFilter said it can highlight unused tools and overlapping licences to inform software spending decisions.
Customer View
Crescent Crown, a DNSFilter user, said CyberSight has changed how it reviews user activity during the workday and how it responds to issues.
"CyberSight provides us with a much-needed lens into user data and behavioral patterns throughout the workday," said Thomas Connolly, IT Manager at Crescent Crown. "By pairing these insights with DNSFilter's Protective DNS, we've created a layered defense that makes it easy to spot and mitigate risky behaviors. This combination has fundamentally shifted our security posture, allowing us to understand the context behind user actions and respond significantly faster."
Coverage And Roadmap
CyberSight is available for Windows devices. DNSFilter said macOS support is planned for the second half of 2026.
The launch reflects a broader shift in security products towards richer telemetry and behaviour-based monitoring across web and application use. In many organisations, web traffic remains a primary path for accessing SaaS services, leaving security teams to rely on a mix of tools for blocking, logging and investigation.
DNSFilter said it will demonstrate the product at the RSA Conference in San Francisco.