At a young age, most of us were told, “don’t talk to strangers.” While the majority of people we encountered as kids were probably nice and friendly, avoiding all strangers kept us safe from those with bad intentions.
It’s a great policy for kids, but not so great for enterprise security. Assuming every new domain is dangerous and therefore can’t be accessed would make for a pretty terrible experience. On the flip side, assuming all these new domains are nice and friendly opens the door for bad actors. Organizations need the ability to easily view traffic to new domains and ultimately enforce policies if they are more risk averse.
- Monitor-only – Gain visibility into requests to newly seen domains across your organization and then research them using Investigate.
- Block – Proactively block access to these domains since there’s a higher chance that they may be malicious.
There are other services out there that offer similar information, so what’s different about the newly seen domains category in Cisco Umbrella?
- Our global network handles over 80 billion requests per day from a diverse set of enterprise and consumer users and we uncover over 3 million new domains every day. We see more and help you proactively block more.
- We’ve built-in logic to offer much more than just a feed of new domains. We use information on the trustworthiness of top-level domains, or parent domain reputation for subdomains, to determine if domains should be added to the list and how quickly the expiration happens. This reduces the potential false positive rate for this category.
- We update our system in minutes, not days. So, you can have visibility into and can proactively block these new domains in near real-time.