DNSFilter has launched an
OEM (original equipment manufacturer) program that allows technology providers to embed its DNS security and privacy tools inside third-party products. The program is aimed at managed security service providers, cybersecurity vendors, device manufacturers, internet service providers, and consumer application developers who want to add DNS protection without building the underlying infrastructure themselves.
Partners can integrate DNSFilter’s Protective DNS service for domain filtering and threat blocking, its Guardian Firewall and VPN services for device-level traffic encryption and privacy, or a combination of both. DNSFilter is offering three commercial models: resell and bundle, embedded headless integration, and white-label or co-branded services.
A new path for existing MSP and MSSP partners
For MSSPs already selling and managing DNSFilter directly, the OEM model creates another way to package the same technology as part of their own platform or service.
Dan Cucchi, vice president of MSP and channel sales at DNSFilter, told MSSP Alert, “Our MSP and MSSP partners are central to how DNSFilter goes to market. DNSFilter addresses the full range of security and operational challenges MSPs face every day, whether they are defending against phishing, managing hybrid workforces, or accelerating incident response. By combining machine learning with well-managed threat feeds, we give our MSP/MSSP partners the most comprehensive threat protection available to safeguard their clients' environments, and that is not changing.”
He said the OEM program is designed to sit alongside the company’s existing MSP partner program. Partners can continue reselling and managing DNSFilter while also embedding its DNS, VPN, or content-filtering capabilities under their own brand.
“The OEM program simply gives these partners another path. If an MSP wants to embed that same protection, our DNS, VPN, or content filtering directly into their own platform, under their own brand, they now have a formal, supported way to do it. The two programs are complementary rather than competing. A partner can keep reselling and managing DNSFilter and also embed it, and in practice, that only deepens the relationship. We see embedding as the natural next step for our most committed partners, a way to make protection they already trust a native part of what they build.”
MSSPs can continue offering DNSFilter as a managed security product, build it directly into a broader platform, or use both models across different customer segments.
No platform lock-in
The program also gives partners flexibility over where DNSFilter sits within their existing security architecture. DNSFilter said its DNS-layer protection can run alongside identity tools, endpoint products, network platforms, and other security services without requiring customers to move into a broader DNSFilter environment.
Karl Hutter, corporate and business development executive at DNSFilter, said the integration model is intended to let partners add DNS security without changing the rest of their stack.
“No platform lock-in means a partner integrates our DNS-layer protection alongside whatever they already run, their existing security stack, identity tools, endpoint products, or network platform, without forcing their customers into a broader DNSFilter environment. We make the security decision at the DNS layer and then get out of the way. Good domains resolve as usual, with no endpoint agent required and no traffic rerouted through a proxy. Partners who also want device-level privacy can embed Guardian, our firewall and VPN. The principle is that our engine adapts to the partner's architecture, not the other way around.”
The program formalizes an OEM strategy DNSFilter is already using with several partners. Its Guardian Firewall and VPN technology currently supports privacy and threat blocking for Amazon’s eero home and small business networks. Across its existing OEM deployments, DNSFilter said its technology supports more than 65 million users each day.
Partners control the customer experience
The embedded model also gives partners control over how the service appears to customers, including branding, policy, reporting, and the overall user experience.
Hutter said, “Control is really the whole point of the embedded model. Partners own the experience, their brand on the front end, their policies, their reporting, and their customer relationship. The DNSFilter engine runs underneath, invisible by design, so the partner decides exactly how protection shows up for their users. That is what turns this from a behind-the-scenes integration into a true product layer a partner can stand behind.”
DNSFilter supports that model through application programming interfaces, headless resolver connections, and a software development kit. The SDK supports iOS, macOS, tvOS, Android, Fire OS, and Windows and is already deployed across more than 2 million devices, according to the company.
“That distinction you mention is exactly the right test, and it is the one we designed around. A true product layer means the partner controls what their customers actually experience, so partners own their policy configuration, their branding, the reporting they surface, and the customer relationship, while the DNSFilter engine runs underneath, invisible by design. The integration is built to support that, with API or headless resolver connections, a dedicated SDK across all major platforms, and a sandbox where a developer can block a real threat in minutes. We also built three commercial models, resell, embed, and white-label co-brand, so partners decide exactly how visible or invisible we are in their stack.”
DNSFilter is also opening a developer sandbox so engineering teams can test policy controls and threat blocking before moving into a full commercial deployment. That gives potential partners a clearer view of how the technology will fit into their product and how much development work the integration will require.
The OEM program gives DNSFilter another way to reach customers through products they already use. It also gives MSSPs, ISPs, and security vendors a way to build DNS filtering, encrypted connectivity, and threat protection into their own branded services and decide how those services are packaged, managed, and priced.