Understanding DNS Graph Defense™
Graph Defense™ is proprietary ranking & domain trustworthiness system developed by Securd. The intent of the system is to score established, long-lasting and tightly linked Internet infrastructure, domains and assets that are highly correlated less end-user and endpoint risk.
Because domain lifespan, behavioral history, reputation are variables that impact our scoring, the feature will reduce threat actors capacity to create new and algorithm based domains from being leveraged against your endpoints.
Before You Enable Graph Defense
Any asset in an active ALLOW OR BLOCK list will take priority over this feature.
TRAINING YOUR GREYWALL
- We highly recommended that you train your Greywall until new hosts plateau before enabling Graph Defense.
- Use the Dashboard for a company to become familiar with the number of new hosts discovered per day.
- Once your new host discovery plateau for 3 days, you should be able to proceed enabling this feature to GREEN & YELLOW Mode.
Graph Defense Settings
Graph Defense is an additional layer of defense. It does not ignore security categories.
GREEN
The Green setting is to limit the Greywall delay. Any newly observed domain ranking inside this range will avoid a Greywall event.
YELLOW
The Yellow setting is where the Greywall delay starts. The Greywall delay in your policy will determine the time of delay a new host name or domain can be accessed.
RED
The Red setting is where all sites lower than this ranking will be immediately blocked.
Note: RED is a HIGHLY restrictive feature and this will block traffic from all domains ranking outside of RED. You will have make sure all the traffic that you want accepted is either inside the GREEN OR YELLOW ranking. Otherwise, you will have to ALLOW LIST the host names or domains to be accepted.
Updated 10 months ago