Internet Service Providers (ISPs) and their customers may be missing out on access to Spamhaus’s commercial grade block list feeds for email….and not realise. Here’s how ISPs can ensure their email stays protected with Spamhaus’s domain name server block lists (DNSBLs).
If you are using Google’s Public DNS, or similar public recursive server, and Spamahus’s free domain name server block lists (DNSBLs) your emails may not be protected. Discover how to ensure you keep free access to Spamhaus’s email threat intelligence whilst using public DNS.
Protection against fraud and phishing is now boosted with Zero Reputation Domains (ZRD) threat intelligence from Deteque, a division of Spamhaus.
We have added a ZRD zone to Deteque’s DNS Firewall Threat Feeds, which can be used as a check in an organization’s DNS management to block malicious and low reputation domains. With the new ZRD data feed, network security managers can block access to newly-registered domains which are often associated with fraud or phishing attempts.
Cyber criminals immediately use newly registered domains for websites, hoping that users will fall victim before a domain has been analyzed for its reputation, as opposed to legitimate organizations who will rarely activate a domain and start using it as soon as it has been registered.
The ZRD zone automatically adds newly-registered and previously dormant domains to a blocklist for 24 hours. Once the domain is older than 24 hours it will be removed from this zone, or if the domain is deemed malicious by other tests it will be added into another zone.
Existing RPZ subscribers can reach out to their Spamhaus partner to enquire about adding ZRD to their subscription.
The threat from cyber criminals is relentless, so any protection strategy needs to ensure that a security team’s workload is manageable and focused. With the right threat intelligence strategy in place, there are ways to gain extra time and target the most serious threats.
Through national news, businesses of all sizes are repeatedly urged to protect themselves against cyber crime. Recent UK Government statistics (The Cyber Security Breaches Survey 2017) found that nearly half of all UK businesses suffered a cyber breach or attack in the past twelve months.
Is threat intelligence still required, now we have machine learning?
With malware increasingly sophisticated and harder to detect, I’m often asked about the viability of threat intelligence. Is it a thing of the past, particularly given the advances of artificial intelligence and machine learning? I believe it still has to be an essential part of your cyber security strategy, as the first line of defense.
Threat data for Response Policy Zones (RPZ)
Deteque developed threat data for Response Policy Zones (RPZ). This enables selective blocking of DNS resolution to malicious sites, mitigating your security risks in real time. Like threat gateways, secure DNS services are designed to track and block malicious domains, zones and associated IP addresses, allowing you to filter threats that our research team has observed and analyzed. Because we do this first line of threat identification for you, there’s less ‘noise’ on your network. Your team and resources can then be concentrated on using AI and other analytics. With RPZ in place, your other analysis tools will work more effectively and your user and network protection is improved.
At Deteque, a division of Spamhaus, we help organisations protect their network operations and intellectual property. Our prevention-first approach gives you protection from increasingly malicious and complex cyber threats. Our approach is based on the Spamhaus track record of deploying data feed technologies that work with your network, with up to 97% of threats filtered from your email (source: https://www.virusbulletin.com/testing/results/latest/vbspam-email-security).
We see the security challenges from the inside, working alongside our customers to identify and prevent cyber risks. Once you know what your ‘good’ infrastructure and reliable traffic looks like, you’ll find it easier to identify the constantly evolving ‘bad’ traffic. Whilst there’s sadly no such thing as 100% prevention, Deteque’s threat intelligence tools will help you target your valuable resources on analytics tools specific to your network.
The harsh reality of cyber crime
It’s not meant to be scare mongering, but I’d just like to share a few sobering statistics with you:
- The average breach is not spotted for 99 days, during which time the integrity of your data is seriously compromised (Gartner)
- By 2020, businesses will need to cyber-defend 50 times more data than they do today, with cyber attacks forecast to cost businesses an estimated $6 trillion (Cybersecurity Ventures)
- Cyber security budgets should now account for 25%-30% of total IT spend (IDC)
It’s important to note that threat intelligence technology is not the silver bullet, however it does complement machine learning. Using threat intelligence gives a boost to machine learning algorithms, filtering out a high volume of ‘dross’ in advance. You can then really concentrate your time and resources on a smaller, more sophisticated sub-set of malware.
By Matthew Stith, Product Manager