In this article
This article defines the Threats tab under Filtering Policies in the DNSFilter app. These filtering categories preemptively target increasingly sophisticated cyber threats to safeguard your digital environment against hazardous sites that host TOR traffic, ransomware, and malware.
Blocking access to these deceptive websites is a critical measure in any cybersecurity strategy. It's not just about preventing potential financial or data losses; it's also about protecting your organization's reputation, maintaining customer trust, and ensuring regulatory compliance.
Check out other Filtering Policy options to see all the ways to configure your policy to meet your threat protection needs:
- Filter by category to block large lists of undesirable domains at once
- Enforce SafeSearch on search engines to filter out explicit content like adult content and graphic violence
- Block common application's full domain list in a single click with AppAware, making it easy to block access to apps like Discord or GitLab
- Dive into advanced settings to block threats like trackers, parked sites, or malicious domains
- Schedule Filtering Policies for specific times of day or week
New Threats Categories
In October, 2024 DNSFilter introduced two new Threat categories—Newly Observed Domains and Suspicious & Deceptive—as well as renamed the Phishing category to better differentiate types of threats and provide users more policy flexibility.
Here's some details to help you use these new categories effectively:
- If you're already blocking New Domains and still notice suspicious-looking or confirmed-phishing domains allowed on your network, enable Newly Observed Domains to provide broader coverage for new and unknown domains
-
Phishing now only includes domains for which we have a high confidence were used to host Phishing attacks. For suspicious or scammy websites, they will now be categorized in the Suspicious & Deceptive category
- Suspicious & Deceptive includes innocent-looking websites which may have been compromised either actively or recently, so may give the appearance of containing false positives
- Users aiming to block phishing attacks but are sensitive to end-user reported false positives may want to only block the Phishing category
- If the goal is to block as much as possible, enable both Phishing and Suspicious & Deceptive
Threat category definitions
Note that some threats are also blocked by filtering categories like Hacking & Cracking or P2P & Illegal. Blocking the content in both Categories and Threats is recommended.
Blocked threats are indicated in Red and a 🚫 icon, just like blocked categories.
Threat | Definition |
Botnet | Command and Control botnet hosts. Prevents receiving commands for already infected machines. Helps identify infected machines. |
Cryptomining | Sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources. |
Malware | Malicious software including drop servers and compromised websites that can be accessed via any application, protocol or port. Includes drive by downloads and adware. |
New Domains | Domains which have been registered in the last 30 days, which have a high probability of serving malicious resources. |
Newly Observed Domains | Domains observed in DNS traffic for the first time within the last 30 days, which have a higher likelihood of potentially malicious or unwanted activity. |
Phishing | Fraudulent websites that aim to trick users into handing over personal or financial information. |
Proxy & Filter Avoidance | Sites that provide information or a means to circumvent DNS based content filtering, including VPN and anonymous surfing services. |
Suspicious & Deceptive | Risky websites suspected of association with scams, risky software and/or unwanted activity. This category includes, but is not limited to: Host Abuse, URL Shorteners, Suspicious Trackers, Suspected Typosquatting, Potentially Unwanted Applications, Disreputable Businesses, and Fast Scam Stores. |
Translation Sites | Sites that perform translation from one language to another, usually performed by a computer. May also be used as a means to circumvent content filters. |
Very New Domains | Domains which have been registered in the last 24 hours, which have a high probability of serving malicious resources. |
Comments
0 comments
Please sign in to leave a comment.