Is it possible (and advisable) for enterprises to use the data from the Google Transparency Report to blacklist...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Enterprises certainly could use the data from Google's Transparency Report for Safe Browsing to block potentially malicious websites.
Google's security team built Safe Browsing to combat malware on the Internet. This data identifies unsafe websites and notifies users and webmasters so they can better protect their enterprises from malware. In the report, Google provides details about the threats it detects to improve security of the Internet and provides the community with information to help decide if the Safe Browsing initiative should be used by their enterprises.
Google even breaks the report out by autonomous systems (AS) or routing domains to help identify potential malware sources.
While I would not recommend blocking an entire AS, I would suggest taking a more focused blocking approach. This is the same as blocking all domains from a specific country because of potential malware; in most cases, it's overkill and runs the risk of disrupting important business operations. Google uses the Safe Browsing list in searches and in the Chrome Web browser to help protect users; the blacklist URL details are only accessible via Google tools.
Identifying if an individual website is blacklisted in an automated high-frequency system -- basically in a network device blocking blacklisted websites -- would not be a reasonable task. Checking if a URL is blacklisted can more easily be done by doing a Google search or by using one of the free tools recommended by malware expert Lenny Zeltser.
If an enterprise individually blacklists URLs based on results from one of the tools or from Google data, it is important to periodically check the blacklisted URLs to see if they are still blacklisted. This will minimize the chances of a legitimate website getting blacklisted when it starts using a domain, IP address or even AS.
Dig Deeper on Web authentication and access control
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.