Protecting users against malicious sites and enabling acceptable use policy (AUP) may be accomplished using some basic tools, however, modern organizations don’t have the resources or time to discover, track, and analyze millions of domains. Banyan Security’s Internet Threat Protection (ITP) has some advanced functionality that not only makes this easier but also enhances usability and takes advantage of existing safeguards built into software your users are already using.
Let’s quicky highlight a few.
SafeSearch Enforcement
SafeSearch is a filtering technology developed and used by search engines to block inappropriate or explicit content from search results. It is designed to be a tool that parents, teachers, and adults can use to protect children and others from seeing explicit content online. This technology works by automatically filtering out websites and images that contain certain keywords or phrases associated with adult content. This means that when someone searches for something using a SafeSearch-enabled search engine, they won’t see any inappropriate content in the results.
YouTube also has a “Restricted Mode”, which is an optional setting that you can use on YouTube. This feature can help screen out potentially mature content that you or others using your devices may prefer not to view.
Computers in libraries, universities, and other public institutions may have SafeSearch and Restricted Mode turned on by a network administrator.
Banyan’s app will make sure that only SafeSearch-enabled search engines are accessible.
Blocking by Threat Type
Blocking by categories such as gambling and pornography helps for acceptable use policy (AUP), however, most organizations are more concerned about protecting against threats. Banyan’s ITP allows blocking based on known threat domains. This service is continuously and dynamically updated as threats are discovered globally.
The following is a list of the types of threats we block:
- Botnet – Command and Control botnet hosts. Prevents receiving commands for already infected machines. Helps identify infected machines.
- Cryptomining – Sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources.
- Malware – Malicious software including drop servers and compromised websites that can be accessed via any application, protocol, or port. Includes drive by downloads and adware.
- New Domains – Domains which have been registered in the last 30 days, which have a high probability of serving malicious resources.
- Phishing & Deception – Fraudulent websites that aim to trick users into handing over personal or financial information.
- Proxy & Filter Avoidance – Sites that provide information or a means to circumvent DNS-based content filtering, including VPN and anonymous surfing services.
- Translation Sites – Sites that perform translation from one language to another, usually performed by a computer. May also be used as a means to circumvent content filters.
- Very New Domains – Domains which have been registered in the last 24 hours, which have a high probability of serving malicious resources.
Note that any time a blank policy is used to block domains in bulk, whitelisting some sites may be required. For example, a policy may say “block all translation sites” but allow the specific site https://translate.google.com.
Filter Schedules
Depending on the device type (corporate-owned or BYOD), your organization may want to create policies that are enabled only during working hours. This will allow for privacy on devices that are BYOD or for organizations that allow personal browsing during non-business hours.
More on Internet Threat Protection
To learn more about how to jumpstart your journey to a Security Service Edge (SSE), visit https://www.banyansecurity.io/.
