Answer

Using the Google Transparency Report to enhance website blacklisting

Is it possible (and advisable) for enterprises to use the data from the Google Transparency Report to blacklist malicious websites?

    Requires Free Membership to View

Ask the Expert!

SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

Enterprises certainly could use the data from Google's Transparency Report for Safe Browsing to block potentially malicious websites.

Google's security team built Safe Browsing to combat malware on the Internet. This data identifies unsafe websites and notifies users and webmasters so they can better protect their enterprises from malware. In the report, Google provides details about the threats it detects to improve security of the Internet and provides the community with information to help decide if the Safe Browsing initiative should be used by their enterprises.

Google even breaks the report out by autonomous systems (AS) or routing domains to help identify potential malware sources.

While I would not recommend blocking an entire AS, I would suggest taking a more focused blocking approach. This is the same as blocking all domains from a specific country because of potential malware; in most cases, it's overkill and runs the risk of disrupting important business operations. Google uses the Safe Browsing list in searches and in the Chrome Web browser to help protect users; the blacklist URL details are only accessible via Google tools.

Identifying if an individual website is blacklisted in an automated high-frequency system -- basically in a network device blocking blacklisted websites -- would not be a reasonable task. Checking if a URL is blacklisted can more easily be done by doing a Google search or by using one of the free tools recommended by malware expert Lenny Zeltser.

If an enterprise individually blacklists URLs based on results from one of the tools or from Google data, it is important to periodically check the blacklisted URLs to see if they are still blacklisted. This will minimize the chances of a legitimate website getting blacklisted when it starts using a domain, IP address or even AS.

This was first published in December 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: