Is it possible (and advisable) for enterprises to use the data from the Google Transparency Report to blacklist malicious websites?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Enterprises certainly could use the data from Google's Transparency Report for Safe Browsing to block potentially malicious websites.
Google's security team built Safe Browsing to combat malware on the Internet. This data identifies unsafe websites and notifies users and webmasters so they can better protect their enterprises from malware. In the report, Google provides details about the threats it detects to improve security of the Internet and provides the community with information to help decide if the Safe Browsing initiative should be used by their enterprises.
Google even breaks the report out by autonomous systems (AS) or routing domains to help identify potential malware sources.
While I would not recommend blocking an entire AS, I would suggest taking a more focused blocking approach. This is the same as blocking all domains from a specific country because of potential malware; in most cases, it's overkill and runs the risk of disrupting important business operations. Google uses the Safe Browsing list in searches and in the Chrome Web browser to help protect users; the blacklist URL details are only accessible via Google tools.
Identifying if an individual website is blacklisted in an automated high-frequency system -- basically in a network device blocking blacklisted websites -- would not be a reasonable task. Checking if a URL is blacklisted can more easily be done by doing a Google search or by using one of the free tools recommended by malware expert Lenny Zeltser.
If an enterprise individually blacklists URLs based on results from one of the tools or from Google data, it is important to periodically check the blacklisted URLs to see if they are still blacklisted. This will minimize the chances of a legitimate website getting blacklisted when it starts using a domain, IP address or even AS.
This was first published in December 2013