Network Service Providers (NSPs) have traditionally used Deep Packet Inspection (DPI) or DNS filtering to protect end users from malware and harmful content.
DPI allows NSPs to inspect the headers and payloads of data packets on their network for malicious payloads. Once identified, these can be dropped or quarantined. DNS filtering and extraction of Fully Qualified Domain Names (FQDN) allows NSPs to single out FQDN(s) used for command and control and other DNS based attack vectors e.g. Phishing. Once identified traffic to these domains can be filtered.
In the age of GDPR and encryption, both of these methodologies have serious drawbacks.