Use browser protection to block recently registered domains
Is there the possibility, or will there be the possibilty, to add a setting to browser protection that blocks domains registered within ____ number of days or weeks? This would help to block sites being spun up for the purpose of delivering malware/ransomware. Hopefully.
Hi, I am checking with the product team and will get back to you about this.0
Our product team believes that this may be a good idea. The question is how we populate this info into our databases. We have ‘unknown’ category, for instance. And it can be already configured to be blocked now - would that be ok for you ?1
Unfortunately the unknown doesn't pan out. I turned it on for about 5 minutes and some sites people have used for ages stopped being accessible. This feature enhancement isn't super urgent, but is a request from above so thought I would submit in case it is feasible.0
We have some analysts investigating the possibility to create a new category around "possible emerging threats" which would consider the age of domain registration as one attribute. Others would be around how common it is, and if it is hosted somewhere with a history of risky sites (either spreading malware or hosting phishing sites).
It will likely take some time to be properly implemented, and in a corporate environment it might also require a company to whitelist their own internal domains (assuming they are rare from a global point of view) so that they don't get flagged.0