In this article
This article defines the Threats tab under Filtering Policies in the DNSFilter app. These filtering categories preemptively target increasingly sophisticated cyber threats to safeguard your digital environment against hazardous sites that host TOR traffic, ransomware, and malware.
Blocking access to these deceptive websites is a critical measure in any cybersecurity strategy. It's not just about preventing potential financial or data losses; it's also about protecting your organization's reputation, maintaining customer trust, and ensuring regulatory compliance.
Check out other Filtering Policy options to see all the ways to configure your policy to meet your threat protection needs:
- Filter by category to block large lists of undesirable domains at once
- Enforce privacy safeguards on search engines and block ads, trackers, and third-party data collection to enhance user privacy and reduce distractions online
- Block common application's full domain list in a single click with AppAware, making it easy to block access to apps like Discord or GitLab
- Dive into Labs to test experimental features and block threats like parked sites or uncategorized domains
- Schedule Filtering Policies for specific times of day or week
Threat category definitions
Note that some threats are also blocked by filtering categories like Hacking & Cracking or P2P & Illegal. Blocking the content in both Categories and Threats is recommended.
Blocked threats are indicated in blue and a icon, just like blocked categories.
| Threat | Definition |
| Botnet | Command and Control botnet hosts. Prevents receiving commands for already infected machines. Helps identify infected machines. |
| Cryptomining | Sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources. |
| Malicious Domain Protection | Machine learning driven malicious domain detection. This will detect items like Domain Generation Algorithms (DGA), botnet, malware, and other deceptive sites based on our machine learning risk scoring. |
| Malware | Malicious software including drop servers and compromised websites that can be accessed via any application, protocol or port. Includes drive by downloads and adware. |
| New Domains | Domains which have been registered in the last 30 days, which have a high probability of serving malicious resources. |
| Newly Observed Domains | Domains observed in DNS traffic for the first time within the last 30 days, which have a higher likelihood of potentially malicious or unwanted activity. |
| Phishing | Fraudulent websites that aim to trick users into handing over personal or financial information. |
| Proxy & Filter Avoidance | Sites that provide information or a means to circumvent DNS based content filtering, including VPN and anonymous surfing services. |
| Suspicious & Deceptive | Risky websites suspected of association with scams, risky software and/or unwanted activity. This category includes, but is not limited to: Host Abuse, URL Shorteners, Suspicious Trackers, Suspected Typosquatting, Potentially Unwanted Applications, Disreputable Businesses, and Fast Scam Stores. |
| Translation Sites | Sites that perform translation from one language to another, usually performed by a computer. May also be used as a means to circumvent content filters. |
| Very New Domains | Domains which have been registered in the last 24 hours, which have a high probability of serving malicious resources. |
Comments
0 comments
Please sign in to leave a comment.