Versions Compared

Version Old Version 15 New Version 16
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Default Allow: The default allow list will be added with "Allow - No Log" by default in the Default Global Policy. You can change the configuration to any Allow related actions such as "Allow - With Log" which enables only allow actions with no logging (Allow - No Log). The Default Allow custom list can be configured using any of the "allow" actions available as options under the ACTION column. 
  • Default Block: The default block list will be added with "Block - No Redirect" action by default in the Default Global Policy. You can change the configuration to any Block related actions like Block - No Redirect, Block - Default Redirect or Block - Custom Redirect. The Default Block custom list can be configured using any of the actions available as options under the ACTION column. 

You can add a custom list to multiple security policies or multiple custom lists to one security policy based on your business needs. When you assign multiple custom lists that contain the same domain name(s) but with different actions to the same security policy, BloxOne Threat Defense Cloud takes actions based on the following order:

...

  • Threat Insight – DNS Messenger: The default action for this policy is Log. This list helps minimize the risk of malicious activities that are brought upon your networks through the DNSMessenger malware, a Remote Access Trojan (RAT), that attackers use to conduct malicious Powershell commands on compromised devices. 
  • Threat Insight – Fast Flux: The default action for this policy is Log. This list helps minimize the risk of malicious activities that are brought upon your networks using the Fast Flux technique. Fast Flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind a network of compromised hosts acting as proxies. It can also be a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery.
  • Threat Insight – DGA: The default action for this policy is Log. This list helps minimize the risk of malicious activities that are brought upon your networks using the Domain Generation Algorithm (DGA). DGA is a scheme used by malwares for domain fluxing by generating variations of a given domain name. They can be used to create a large number of domain names used as rendezvous points with command and control servers, in an attempt to evade detection by signature filters, block lists, reputation systems, security gateways, intrusion prevention systems, and other security methods.

...