browse
We are thrilled to inform you about an important enhancement to the Newly Seen Domains (NSD) category, a key aspect of our Secure Access and Umbrella services, spearheaded by the Talos Threat Research team.
What are we doing?
In our ongoing efforts to bolster your security, we are implementing an updated system for NSD, transitioning to version 2 (NSDv2). This new iteration significantly expands the source data, as it now includes the full set of our Passive DNS which powers our Investigate product (800B queries/day), an improvement over the statistical sampling methodology of the current Newly Seen Domains.
With NSDv2, we have refined the dataset to more closely reflect customer feedback and usage, as well as data analysis of the occurrence to conviction by our Talos Threat Research Team. The new algorithm will focus on discovering new registered-level domains, and will reduce the “noise” of multiple subdomains sharing a common parent.
Why are we doing this?
We listened to customer feedback and analyzed data showing how NSD could delay the categorization of low-volume domains, causing unexpected results and disruption to domains if they experienced a sudden increase in popularity. Additionally, changes to high-volume domains could see unexpected shifts, e.g. when a content delivery network introduced changes in their naming scheme.
The Talos Threat Research team has developed NSDv2 in conjunction with Umbrella to resolve these issues, providing a more reliable and accurate system for identifying newly seen domains.
How will it benefit you?
The NSDv2 enhancement is designed with your security and operational efficiency in mind:
- Improved Threat Detection: NSDv2 boasts a minimum of 45% improvement in the rate of identifying domains that later turn out to be malicious.
- Decreased False Positives: With a more precise targeting system, you will experience fewer disruptions from incorrectly flagged domains that are in regular use.
- Optimized Performance: The streamlined data set not only allows for faster publishing but also enables our support team to swiftly address any issues, should they arise.
- Enforcement ‘Best practice’: This category will be more consistent and relevant and allow better alignment with industry and customer expectations.
- Enriched reporting data: The improved context and coverage with NSDv2 will enrich the data in reports.
- Improved prediction: This update will aid the Intelligent Proxy in determining risky domains that warrant deeper inspection.
- No customer interaction required: This is an update to our pipelines for a dynamic categorization, and does not require any migration or policy changes for our customers. This is a completely transparent improvement for admins and end-users.
The changes to this category will be deployed on August 13th, 2024. We are grateful for your continued trust in our services and are eager to provide you with these significant security improvements.