Is it possible (and advisable) for enterprises to use the data from the Google Transparency Report to blacklist...
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Enterprises certainly could use the data from Google's Transparency Report for Safe Browsing to block potentially malicious websites.
Google's security team built Safe Browsing to combat malware on the Internet. This data identifies unsafe websites and notifies users and webmasters so they can better protect their enterprises from malware. In the report, Google provides details about the threats it detects to improve security of the Internet and provides the community with information to help decide if the Safe Browsing initiative should be used by their enterprises.
Google even breaks the report out by autonomous systems (AS) or routing domains to help identify potential malware sources.
While I would not recommend blocking an entire AS, I would suggest taking a more focused blocking approach. This is the same as blocking all domains from a specific country because of potential malware; in most cases, it's overkill and runs the risk of disrupting important business operations. Google uses the Safe Browsing list in searches and in the Chrome Web browser to help protect users; the blacklist URL details are only accessible via Google tools.
Identifying if an individual website is blacklisted in an automated high-frequency system -- basically in a network device blocking blacklisted websites -- would not be a reasonable task. Checking if a URL is blacklisted can more easily be done by doing a Google search or by using one of the free tools recommended by malware expert Lenny Zeltser.
If an enterprise individually blacklists URLs based on results from one of the tools or from Google data, it is important to periodically check the blacklisted URLs to see if they are still blacklisted. This will minimize the chances of a legitimate website getting blacklisted when it starts using a domain, IP address or even AS.
Dig Deeper on Web authentication and access control
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.