Is it possible (and advisable) for enterprises to use the data from the Google Transparency Report to blacklist...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Enterprises certainly could use the data from Google's Transparency Report for Safe Browsing to block potentially malicious websites.
Google's security team built Safe Browsing to combat malware on the Internet. This data identifies unsafe websites and notifies users and webmasters so they can better protect their enterprises from malware. In the report, Google provides details about the threats it detects to improve security of the Internet and provides the community with information to help decide if the Safe Browsing initiative should be used by their enterprises.
Google even breaks the report out by autonomous systems (AS) or routing domains to help identify potential malware sources.
While I would not recommend blocking an entire AS, I would suggest taking a more focused blocking approach. This is the same as blocking all domains from a specific country because of potential malware; in most cases, it's overkill and runs the risk of disrupting important business operations. Google uses the Safe Browsing list in searches and in the Chrome Web browser to help protect users; the blacklist URL details are only accessible via Google tools.
Identifying if an individual website is blacklisted in an automated high-frequency system -- basically in a network device blocking blacklisted websites -- would not be a reasonable task. Checking if a URL is blacklisted can more easily be done by doing a Google search or by using one of the free tools recommended by malware expert Lenny Zeltser.
If an enterprise individually blacklists URLs based on results from one of the tools or from Google data, it is important to periodically check the blacklisted URLs to see if they are still blacklisted. This will minimize the chances of a legitimate website getting blacklisted when it starts using a domain, IP address or even AS.
Dig Deeper on Web Authentication and Access Control
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.