SURBL Fresh Provides Accurate Threat Intelligence on New Domains
SURBL ‘Fresh’ complements SURBL’s already highly effective and accurate lists of ‘bad domains’ by identifying newly registered domains.
Cyber criminals cycle through new domains to evade filters. The vast majority of newly registered domains are used for malicious activity. With SURBL ‘Fresh’, add an extra layer of protection against malware, ransomware and spamming by blocking traffic associated with recently registered domains whose reputations have yet to be established .
SURBL Fresh is designed for use in a wide variety of security system applications, including:
- Email Filtering
- Web Filtering
- DNS Firewall
- SIEM Platforms
Overview
SURBL Fresh
Information about the DNS insertion time of new domains for most of the top-level domains (TLD) on the internet is contained onage.surbl.org. For each domain, age.surbl.org has the UNIX epoch time of when SURBL first saw the domain in the global TLD zone files. TLD zone files are used for source material on age.surbl.org.
SURBL Fresh feed provides critical, accurate, information on the time new domains are placed into service.
- Security policy can be easily applied to prevent resolution of malicious new domains, based on your defined policies. (Example policy: block, quarantine, walled garden)
- Designed for use in variety of security systems, like email filtering or DNS firewall
- It’s highly unlikely that domains less then (one) (day) old, would be used in a viable company / application.
age.surbl.org contains information about the DNS insertion time of new domains for most of the TLDs on the Internet. For each domain, age.surbl.org has the UNIX epoch time that SURBL first saw the domain in the global TLD zone files.
Key Features and Benefits
- Continuously Updated: New domains are added to the Fresh feed every minute. Customers are protected from these domains before the cyber criminal even have a chance to use them.
- Trusted Partnerships: Data-sharing relationships with domain registrars and ICANN community allow SURBL to list domains before they can be used maliciously.
- Current Data: Within 72 hours, if and when the domain is determined to be malicious, it will be removed from Fresh and placed into other domain threat intelligence feeds, like SURBL Multi.
- Easily Apply Security Policies: Organizations can define their policy for new domains using the Fresh data. Depending on organizations risk tolerance, they can choose to block, quarantine, walled garden, etc
- Quick Deployment: Works with existing infrastructure and email filtering / security platforms.
- Flexible Delivery Options: Organizations can choose which option works best for their workflow: Via Rsync, CSV file drops, or private query service.
SURBL FRESH
Uses of Fresh Data
Data feed of newly registered domains can be useful for the following applications:
- Email Filtering: Inbound & Outbound
- DNS Firewall
- Security Alerts
- Web Filtering
- URL Shorteners
- Identifying bot infections
- SIEM
- Phishing Protection
- Identify infected hosts and users
- Social Media Filtering
- DNS RPZ
- Malware Detection
- Vetting new account sign ups
Start your free trial.
Design the best set of data feeds to meet your needs!
Experience improved cybersecurity and stop phishing emails, ransomware, malware, and other cyber threats. Sign up for your free consultation and receive an in-depth technical deep dive and a 30-day free trial.
