To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Use browser protection to block recently registered domains

natenova
natenova W/ Member Posts: 2 Security Scout

Hello,

Is there the possibility, or will there be the possibilty, to add a setting to browser protection that blocks domains registered within ____ number of days or weeks? This would help to block sites being spun up for the purpose of delivering malware/ransomware. Hopefully.

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 491 Moderator

    Hi, I am checking with the product team and will get back to you about this.

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 491 Moderator

    Hi,

    Our product team believes that this may be a good idea. The question is how we populate this info into our databases. We have ‘unknown’ category, for instance. And it can be already configured to be blocked now - would that be ok for you ?

  • natenova
    natenova W/ Member Posts: 2 Security Scout

    Hello,

    Unfortunately the unknown doesn't pan out. I turned it on for about 5 minutes and some sites people have used for ages stopped being accessible. This feature enhancement isn't super urgent, but is a request from above so thought I would submit in case it is feasible.

  • MikaArasola
    MikaArasola W/ Partner, W/ Staff, W/ Product Leadership Posts: 67 W/ Staff

    We have some analysts investigating the possibility to create a new category around "possible emerging threats" which would consider the age of domain registration as one attribute. Others would be around how common it is, and if it is hosted somewhere with a history of risky sites (either spreading malware or hosting phishing sites).

    It will likely take some time to be properly implemented, and in a corporate environment it might also require a company to whitelist their own internal domains (assuming they are rare from a global point of view) so that they don't get flagged.

This discussion has been closed.