Security Categories You Should Be Blocking (But Probably Aren't)
by Rebecca Gazda on Jun 6, 2023 5:08:13 PM
At DNSFilter, we offer a machine learning-powered DNS security platform that enables users to block as much as a third of all security threats in as few as three clicks. But for some of these categories, between 75 and 98 percent of our customers are turning those protections off. In this article, we will explore some of the potential reasons why and offer some guidance as to why they should reconsider that choice.
Recent analysis of our customer data reveals that five out of our eight threat categories are utilized at 50% or less in their DNSFilter deployments, with three of those categories being allowed on 90% or more of customer deployments. It’s hard to pinpoint why this would be the case, each client has an individual set of needs and different levels of security outside of DNSFilter. Maybe our customers are protecting against these threats in other ways, but if not, I am here to tell you why you should consider updating your policies to adopt blocking of these categories.
The top threat categories being “allowed” currently are:
VERY NEW DOMAINS / NEW DOMAINS
I’ll combine the threat categories in the top spot and in fourth place here, just to consolidate the definitions.
Very new domains are domains which have been registered in the last 24 hours. New Domains are domains which have been registered in the last month—both of which have a high probability of serving malicious resources.
Adoption of this category is highly recommended because the vast majority of damage done with malicious websites is done within the first few days of existence. Botnets, fast-flux domains, typosquatters, and domain hijackers all depend upon the first few days after domain registration before they are picked up by threat intelligence services to do most of their damage. The Very New Domains category mitigates this threat by letting a user know that the site is operating in that high-risk window.
But according to our data, over 97% of policies created on our network do not include blocking this particularly malicious category (Very New Domains). By far, it is the least implemented category. Part of that is because it’s also our newest threat category. At No. 4 on our list of least-blocked-threat-categories, more are taking advantage of “Very New Domains,” with over 26% of policies including New Domains (blocking domains under 30 days old).
We cover New Domains in our Annual Security Report, get it now.
Cryptomining sites include sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources. The worst case scenario here is that threat actors steal CPU cycles and consume mass amounts of power.
If a cryptominer is installed on several endpoints, then the cost incurred by additional power consumption could be significant. And if there is any kind of a time-sensitive operation being performed on any of the endpoints, whether rendering animation, running calculations or analysis, storing logfiles, or even serving up a web-page, then it can cause severe lag. Additionally, cryptominers are rarely an unwanted application with a singular purpose. They often include additional functionality that allow them to act as intrusive malware or operate command and control functions.
Over 92% of DNSFilter network policies don’t block the cryptomining category. With the rise of cryptocurrency, this is a huge missed opportunity for organizations to add more protections to their network.
We delve into the world of cryptocurrency scams in our 2023 Annual Security Report.
Translation sites perform translation from one language to another, usually performed by a computer. This may seem like a benign category, however these sites may also be used as a means to circumvent content filters. Translation sites might be something you legitimately need to do your work. If this is the case, proper education about the risks of circumventing content filters is imperative to maintain security on your network.
Over 91% of policies at DNSFilter do not include translation sites.
PROXY & FILTER AVOIDANCE
These are sites that provide information or a means to circumvent DNS based content filtering, including VPN and anonymous surfing services. This is probably obvious, but worth noting, that if the people on your network are going to sites that circumvent DNSFilter or other security measures, those security measures are not going to be as effective.
We’re happy to see that this category is a bit more enabled than the others, with only 55% of policies lacking Proxy & Filter Avoidance.
These and all of our threat filtering categories are available by going to Policies > Filtering > Threats and ensuring the threat category is selected.
Build your ideal threat policy in DNSFilter now.
Adding these additional threat categories to your instance as a DNSFilter user is paramount in protecting yourself from new and emerging threats. While Very New Domains is the least enabled category out of all of our threat categories, it’s arguably the most important. After all, 20% of all newly registered domains are malicious.
If you’re not yet a DNSFilter customer, take it for a spin and get a two-week free trial today.
The shift from in-office to remote work happened (quite literally) overnight. Work from home was forced onto many during the onset of the COVID pandemic, and it was astonishing how quickly people and organizations alike adapted to this new work style.
Zero Trust Network Access (ZTNA) is a cybersecurity paradigm that is rapidly gaining popularity among IT professionals. At its core, ZTNA is about moving away from the traditional network-based security perimeter approach and instead focusing on the users, assets, and resources that make up a system.
When DNSFilter was founded in 2015, we had a vision to build a product that would keep people and businesses safe and secure while they were using the internet. As a part of that vision, we have also worked diligently to ensure our growing organization maintains a high level of information security.