How MSP Mainstay Technologies Made DNS Protection Non-Negotiable

About Mainstay Technologies

Founded in 2004 and headquartered in Manchester, New Hampshire, Mainstay Technologies is an award-winning MSP and MSSP serving approximately 215 clients and over 10,000 endpoints across northern New England. The company delivers fully managed IT and information security services to small and mid-sized organizations across healthcare, manufacturing, legal, finance, and defense contracting verticals.

Mainstay is a CMMC Accreditation Body Registered Practitioner Organization (RPO), providing compliance assessments and long-term cybersecurity program management for Department of Defense contractors. The company operates a full Security Operations Center (SOC) and Network Operations Center (NOC), and has been recognized repeatedly by Business NH Magazine and the New Hampshire Business Review—including seven consecutive “Best Places to Work” recognitions, Business of the Year, and Best of Business awards for both Managed IT Services and Cyber Defense Strategies.

With a team of over 100 professionals, a 98% employee retention rate, and a mission built around the phrase “we give more than we get,” Mainstay represents the kind of high-maturity MSP partner that demands enterprise-grade security tools without enterprise-grade complexity.

The Challenge: Outgrowing Cisco Umbrella

For years, Mainstay relied on Cisco Umbrella (originally deployed as OpenDNS) as their primary DNS security layer. As their client base grew and security requirements intensified—particularly around CMMC compliance for defense contractors and HIPAA obligations for healthcare clients—the team began hitting friction points that compounded over time.

Support responsiveness became a bottleneck

Rick Dupuis, Senior Technology Solutions Manager, oversees Mainstay’s SOC, NOC, procurement, and vendor partnerships. He described the breaking point bluntly: The team needed a vendor who treated them as a partner rather than an account number. Troubleshooting complex policy and routing issues was regularly delayed by slow vendor response times, creating downstream delays for Mainstay’s own client SLAs.

The platform felt stagnant

As Mainstay’s operations moved toward greater automation and proactive threat hunting, Umbrella’s interface and feature set hadn’t kept pace. The team needed a management portal designed for multi-tenant MSP workflows, not one bolted onto an enterprise product.

The vendor relationship wasn’t reciprocal

Mainstay places enormous weight on long-term vendor partnerships. They don’t swap tools lightly. But when a vendor’s roadmap no longer aligns with an MSP’s operational trajectory, staying loyal becomes a liability.

After a rigorous evaluation that included WebTitan and other alternatives, Mainstay migrated their entire fleet to DNSFilter.

From Recommended to Required

The strongest signal of DNSFilter’s impact on Mainstay’s security posture is this: Rick’s team moved DNSFilter from a “recommended” tool in their stack to a mandatory, core requirement for every client. Every new client is now onboarded with a pre-configured DNSFilter policy as part of Mainstay’s Cybersecurity Hierarchy of Needs. This is a framework that places DNS protection alongside Microsoft Defender as a non-negotiable first line of defense.

This isn’t a soft preference. It’s a policy decision that reflects how deeply Mainstay trusts the platform to deliver consistent security outcomes across diverse environments, ranging from a 15-person law firm to a 200-person manufacturer navigating CMMC certification.

Operational Simplicity at Scale

For an MSP managing 10,000 endpoints, deployment friction is a direct cost. Rick highlighted the ease of use of the DNSFilter portal as a meaningful differentiator, particularly in the context of rapid client onboarding. The ability to propagate policies across all client organizations from a single management interface means Mainstay’s SOC team can maintain consistent baselines without per-client manual configuration.

Impact

Security Visibility

DNSFilter gives Mainstay’s SOC immediate insight into traffic patterns that would otherwise go undetected by traditional signature-based tools, including shadow IT usage and botnet beaconing attempts. This visibility is especially valuable for clients in regulated industries where demonstrating control over outbound traffic is a compliance requirement, not a nice-to-have.

Compliance Support

For Mainstay’s CMMC clients, the ability to restrict specific top-level domains and implement geofencing at the DNS layer directly supports data residency and access control requirements. Rather than layering on additional point solutions, Mainstay can address these controls through the same platform they use for threat protection, reducing both cost and configuration sprawl.

Peer Advocacy

Rick actively recommends DNSFilter to peers in his MSP network, particularly within the Northeast/New England region. In an industry where tool recommendations often carry more weight than vendor marketing, this organic advocacy reflects genuine confidence in the platform’s reliability and the quality of the partnership.

Looking Ahead: AI and the Next Security Frontier

Mainstay isn’t just an MSP that deploys security tools, they’re actively shaping how their clients adopt emerging technology. The company has invested in AI tooling across their organization, providing ChatGPT Enterprise and Microsoft Copilot licenses to their entire team. Their AI practice lead, Chris Taupin, runs co-pilot readiness assessments and long-term training engagements for clients exploring AI adoption.

Rick identified AI as the primary challenge facing MSPs over the next five years. Not just because of the technology itself, but because of the expanded security surface it introduces. As AI agents generate DNS queries, access resources, and create network traffic, the line between human and machine behavior becomes a new blind spot for security teams.

Mainstay’s team is currently testing DNSFilter’s beta programs including CyberSight and DNS PreCheck, which provide deeper telemetry into domain reputation and encrypted traffic analysis. As DNSFilter’s platform evolves to address AI agent visibility and policy enforcement, Mainstay is positioned as both an early adopter and a validation partner for these capabilities.

At a Glance

Previous Solution	Cisco Umbrella (OpenDNS)
Reason for Switch	Support latency, platform stagnation, lack of MSP-focused partnership
Evaluation Alternatives	WebTitan, others
Endpoints Protected	~10,000
Client Organizations	~215
Compliance Use Cases	CMMC, HIPAA
Peer Advocacy	Active recommendations within Northeast MSP network
Employee Retention	98%

Mainstay Technologies is headquartered in Manchester, NH and serves organizations across New Hampshire, Massachusetts, and Greater Boston. Learn more at mstech.com.

PRESS

DNSFilter Sets New Benchmark for CSAM Protection with 2025 Year-End Blocking Results

Major year-over-year increase in CSAM detection and prevention highlights expanded safety innovation in the wake of explicit GenAI content

Case Study

Oetker Collection Relies on DNSFilter to Stop Threats in Real Time

The Oetker Collection needed to rollout new content filtering software as the work-from-home shift became a reality. DNSFilter was able to help scale quickly.

Blog

Cisco Umbrella RC End-of-Life: What You Need to Know

The impending Cisco Umbrella Roaming Client End-of-Life has many Umbrella users concerned about their next steps. If that's you, you might be in a position where you find yourself re-evaluating which protective DNS solution is right for your organization.

DNS Filtration that just works

I haven't found anything I don't like about DNSFilter. I've never had issues with it or needed to troubleshoot it. It just works and it listens to me. Customer support is extremely responsive, gives quick and concise answers with little to no time wasted.

Does what the product claims; good value for the price

We use the product for handling business URL filtering. The DNS look ups are fast and the management of allow/deny lists is pretty easy. Reporting is useful. There are some cool features for granular management at an individual machine level. The price is quite reasonable for what it does. It's pretty much set and forget.

Its raining malware but I wont reach for my Umbrella, but DNS Filter instead

The ease of use and overall ability to block applications, limit search engines, block a number of threat types and add good sites to a whitelist or block a known bad site in a blacklist. Reporting is also the BEST I have seen as it is so easy to find good and bad blocks...allowing you to easily and daily to monitor and update lists as needed.

DNSFilter - A Fast, Easy, And Reliable DNS Filtering Solution

Setup and deployment were super easy. Support has been excellent. Overall, the product is a nice addition to our security stack, blocking threats at the DNS level.

DNSFilter Is A No Brainer. It Cost Less Than Its Competitors And Easy To Setup.

DNSFilter is easy to setup and configure. I was up and running in a day. It works on all OS platforms and doesn't interfere with our end users doing their jobs.

Compliance Level DNS Filtering

Provides client level installation for DNS filtering when outside of the building. Complements EndPoint and Firewall web filtering by processing all DNS requests through an active filter to help stop malware distribution. We can distribute the product uniquely using RMM to each customer and management and controls are customer unique.

Great platform, even greater customer support

It is incredibly easy to get started. The interface is very user-friendly. If you have any issues, the customer support chat is handy. You get connected to an actual human, not just a chatbot.

Fast to deploy, protect an entire network in a minute

Good web filtering for all our locations, we also deployed the roaming client to cover our users when they are outside the company network. It is also our first level of defense if there is a threat as the domain might be blocked before our EPP / EDR detect something.

Easy-to-use DNS security solution

I love how DNSFilter is constantly being updated with new features and security updates. This gives me peace of mind knowing that my business is always protected from the latest online threats.

Finally, a DNS filter that actually works!

DNSFilter has proven to be one of the easiest solutions to implement. The intuitive interface makes on-going administration a breeze. We're happy to know our internet security stack is protected and the accurate categorization of traffic has not interfered with approved business functions.

How MSP Mainstay Technologies Made DNS Protection Non-Negotiable — And Why They Chose DNSFilter

About Mainstay Technologies

The Challenge: Outgrowing Cisco Umbrella