Unwitting users frequently download malicious payloads viruses, and other nasty stuff, often initiated from a DNS connection. Organizations adhering to “least privilege” strategies can apply policies to reduce their attack surface through DNS. Security policies set by DNS Edge at the client level can reduce access to critical assets, blocking access to all but select accepted client IPs or zones. DNS Edge also locks down single-use connected devices like security cameras and point-of-sale machines by restricting them only to the domains and assets they truly require. In both cases, DNS Edge protects the network by preventing unauthorized users or devices from accessing sensitive data.