Articles in this section

See more

Security

Matt
  • Updated
Follow 
Announcement
Our new documentation site is alive!
You can view our latest documents here.

Sensei is developed in a way to give all the controls at your hands. To achieve this, we thrived our best to make almost everything configurable. On the Security screen, you can set your general policy of how threat analysis will work and set the rest on the App Control and Web Control modules.

The engine processes the request, queries to "SVN Cloud" in real-time and decides whether it will be blocked or allowed. We check against 140+ Million Websites, under 120+ categories in milliseconds.

The Cloud Threat Intelligence data is queried real-time when any connection attempt is made through your network. It allows us to respond to malware and wireless outbreaks in real time and very fast.

sensei-security.png

Sensei: Security Control Settings

 

Essential Security options are available in Free Edition whereas Advanced Security options which are available through Sensei Premium Subscriptions (Home, SOHO, Premium) provide Advanced Threat Protection against the latest malware, viruses and phishing attacks by blocking websites that are known to host malware and viruses and launch phishing attacks. With Sunny Valley’s Advanced Threat Protection feed, users are provided with near-real-time commercial-grade threat tracking and protection. 

 

Essential Security

1. Block Malware Activity

Block sites that are known to host malware.

2. Block Phishing Servers

Block sites that are known to host malicious software being used by phishing campaigns.

3. Block Spam Sites

Block sites which distribute spam.

4. Block Hacking Sites

Block sites which distribute hacking related content.

 

5. Block Parked Domains

Parked domains are web pages typically with a single page with ads. They do not provide any value to the user. They are used by legitimate domain registrars to monetize the visits of users who land on the main page.

On the other hand, parked domains can also host suspicious and / or malicious content, especially when used by an Ad provider. Ad providers are known to be leveraged by cyber criminals to serve malvertisements.

What's more, landing pages of parked domains are known to serve malware on a large scale.

6. Block Potentially Dangerous Sites

Block sites that are potentially dangerous. Those are the sites that we're not %100 sure that they are malicious but they are displaying suspicious activity which resembles a malicious site.

7. Block Firstly Seen Sites

Firstly Seen sites are the sites our Web Categorization engine did not hear before. We did not even know that they existed.

You can block all sites that we are yet to hear aboutby clicking this option.

When we see a Firstly Seen Site, it is immediately being queued for processing by our AI based classification system.

AI based classification system tries to classify it. If there is success, the web category is immediately updated and in one hour, this new information is propagated to the entire Cloud Web Categorization & Threat Intelligence System. 

If the AI based classification cannot classify the web site, it is marked as "Unknown", and queued again for further processing.

 

8. Block Undecided and Safe / Not Safe Sites

Undecided sites are the sites that our Web Categorization Service heard of but have not come to a decision yet. They have been processed at least once by our AI based Web Categorization service, but has not been categorized yet.

Undecided Not Safe sites are the subset of these sites that we suspect of a malicious activity.

 

Advanced Security

Sensei Premium blocks suspicious domains including expired domains, hacked and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for phishing, malware, and online scams. In addition, Sense Premium also blocks any expired DynDNS sites.

 

1. Block Recent Malware/Phishing/Virus Outbreaks

Block Malware, Phishing and Virus campaigns which are known to come into existence very recently (within the last 0-2 weeks). 

2. Block Proxy

Proxy sites which are used by attackers to have anonymity

3. Block Dead Sites

Sites whose registrations have expired. Cyber criminals are known to re-register sites which are no longer being used. 

4. Block Dynamic DNS Sites

Malicious sites have been known to use dynamic DNS services. Blocking these sites keep you safe from any possible attacks that might be launched from them. 

5. Block Newly Registered Sites

Newly registered domains are an effective tool for threat actors. From a security perspective, there are very few reasons someone would need to visit a domain that has just come online; likely, they were sent via a URL from a malicious campaign.

6. Block Newly Recovered Sites

Like newly registered sites, sites which have undergone a long period silence and become recently up might be also be used by the attackers. Sites which has a good reputation history are especially used by the cyber criminals to evade reputation-based security mechanisms.

These settings are extremely useful to block some phishing attacks when you are not careful of the URLs you are clicking.

Blocking Botnet Activity

(Will be made available in the future)

Blocking DNS/ICMP tunnels

(Will be made available in the future)

 

 

 

 

 

 

Related articles

Powered by Zendesk