Security Categories You Should Be Blocking (But Probably Aren't)

Listen to this article instead
5:35


At DNSFilter, we offer a machine learning-powered DNS security platform that enables users to block as much as a third of all security threats in as few as three clicks. But for some of these categories, between 75 and 98 percent of our customers are turning those protections off. In this article, we will explore some of the potential reasons why and offer some guidance as to why they should reconsider that choice. 

Recent analysis of our customer data reveals that five out of our eight threat categories are utilized at 50% or less in their DNSFilter deployments, with three of those categories being allowed on 90% or more of customer deployments. It’s hard to pinpoint why this would be the case, each client has an individual set of needs and different levels of security outside of DNSFilter. Maybe our customers are protecting against these threats in other ways, but if not, I am here to tell you why you should consider updating your policies to adopt blocking of these categories. 

The top threat categories being “allowed” currently are:

VERY NEW DOMAINS / NEW DOMAINS

I’ll combine the threat categories in the top spot and in fourth place here, just to consolidate the definitions.

Very new domains are domains which have been registered in the last 24 hours. New Domains are domains which have been registered in the last month—both of which have a high probability of serving malicious resources.

Adoption of this category is highly recommended because the vast majority of damage done with malicious websites is done within the first few days of existence. Botnets, fast-flux domains, typosquatters, and domain hijackers all depend upon the first few days after domain registration before they are picked up by threat intelligence services to do most of their damage. The Very New Domains category mitigates this threat by letting a user know that the site is operating in that high-risk window.

But according to our data, over 97% of policies created on our network do not include blocking this particularly malicious category (Very New Domains). By far, it is the least implemented category. Part of that is because it’s also our newest threat category. At No. 4 on our list of least-blocked-threat-categories, more are taking advantage of “Very New Domains,” with over 26% of policies including New Domains (blocking domains under 30 days old).

We cover New Domains in our Annual Security Report, get it now.‍

CRYPTOMINING

Cryptomining sites include sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources. The worst case scenario here is that threat actors steal CPU cycles and consume mass amounts of power. 

If a cryptominer is installed on several endpoints, then the cost incurred by additional power consumption could be significant. And if there is any kind of a time-sensitive operation being performed on any of the endpoints, whether rendering animation, running calculations or analysis, storing logfiles, or even serving up a web-page, then it can cause severe lag. Additionally, cryptominers are rarely an unwanted application with a singular purpose. They often include additional functionality that allow them to act as intrusive malware or operate command and control functions.

Over 92% of DNSFilter network policies don’t block the cryptomining category. With the rise of cryptocurrency, this is a huge missed opportunity for organizations to add more protections to their network.

We delve into the world of cryptocurrency scams in our 2023 Annual Security Report.

TRANSLATION SITES

Translation sites perform translation from one language to another, usually performed by a computer. This may seem like a benign category, however these sites may also be used as a means to circumvent content filters. Translation sites might be something you legitimately need to do your work. If this is the case, proper education about the risks of circumventing content filters is imperative to maintain security on your network.

Over 91% of policies at DNSFilter do not include translation sites.

PROXY & FILTER AVOIDANCE

These are sites that provide information or a means to circumvent DNS based content filtering, including VPN and anonymous surfing services. This is probably obvious, but worth noting, that if the people on your network are going to sites that circumvent DNSFilter or other security measures, those security measures are not going to be as effective.

We’re happy to see that this category is a bit more enabled than the others, with only 55% of policies lacking Proxy & Filter Avoidance.

These and all of our threat filtering categories are available by going to Policies > Filtering > Threats and ensuring the threat category is selected. 

Build your ideal threat policy in DNSFilter now.

Adding these additional threat categories to your instance as a DNSFilter user is paramount in protecting yourself from new and emerging threats. While Very New Domains is the least enabled category out of all of our threat categories, it’s arguably the most important. After all, 20% of all newly registered domains are malicious.

If you’re not yet a DNSFilter customer, take it for a spin and get a two-week free trial today.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition

What a weekend at the Long Beach street circuit! The energy was electric, the excitement palpable, and DNSFilter was at the heart of the action, ensuring our guests had an unforgettable experience with Juncos Hollinger Racing and Romain Grosjean, the #77 driver for Juncos Hollinger.

Securing Public Wireless Networks Securing Public Wireless Networks

In the current era of digital transformation, securing public wireless networks has emerged as a fundamental challenge for IT professionals worldwide. The evolution of technology and the increasing reliance on digital platforms for both business and personal use have made public Wi-Fi networks indispensable. However, greater access creates greater vulnerabilities, making these networks prime targets for cybercriminals. The imperative to secure pu...

How to Secure Public Wi-Fi Networks How to Secure Public Wi-Fi Networks

In the quest to safeguard public Wi-Fi networks from the myriad of cyber threats, certain proactive steps stand out as fundamental. These measures form the backbone of a comprehensive security strategy, ensuring that the network remains robust against unauthorized access, data breaches, and various forms of cyberattacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.