We developed Sensei in a way that almost every network security restrictions are configurable by yourself easily.
Security page of the policy, you can define general rules of how threat analysis will work.
The engine processes your request, queries to
SVN Cloud and decides whether it will be allowed or blocked in real-time. It checks against 140+ Million Websites under 120+ categories in milliseconds.
Cloud Threat Intelligence data is queried real-time when any device on your network attempts to connect to anywhere on the internet. It allows us to respond to malware and wireless outbreaks in real-time.
Free Edition provides users only
Essential Security options.
Advanced Security options are available through Sensei Premium Subscriptions (Home, SOHO, Premium).
Advanced Security options provide
Advanced Threat Protection against the latest viruses, malware and phishing attacks by blocking websites that are known to host viruses, malware and launch phishing attacks. With Sunny Valley`s Advanced Threat Protection capabilities, you are provided with near-real-time commercial-grade threat protection and tracking.
Figure 1: Sensei: Essential Security Control Settings
By enabling this option you can block sites that are known to host malware.
By enabling this option you can block sites that are known to host malicious software being used by phishing campaigns.
By enabling this option you can block sites which distribute spam.
By enabling this option you can block sites which distribute hacking related content.
Parked domains are web pages typically with a single page with ads. They do not provide any value to the user. They are used by legitimate domain registrars to monetize the visits of users who land on the main page.
On the other hand, parked domains can also host suspicious and / or malicious content, especially when used by an Ad provider. Ad providers are known to be leveraged by cyber criminals to serve malvertisements.
What's more, landing pages of parked domains are known to serve malware on a large scale.
You can block potentially dangerous sites by enabling this option. We're not %100 sure that they are malicious but they have suspicious activities which resemble a malicious site.
The sites that our Web Categorization engine did not see before are categorized as Firstly Seen sites. We did not even know that they existed.
You can block all of the sites that we are yet to hear about by enabling this option.
When we see a Firstly Seen Site, it is immediately being queued for processing by our AI based classification system.
AI based classification system tries to classify it. If there is success, the web category is immediately updated and in one hour, this new information is propagated to the entire Cloud Web Categorization & Threat Intelligence System.
If the AI based classification cannot classify the web site, it is marked as "Unknown", and queued again for further processing.
Undecided sites are the sites that our Web Categorization Service heard of but have not come to a decision yet. They have been processed at least once by our AI based Web Categorization service, but has not been categorized yet.
Undecided Not Safe sites are the subset of these sites that we suspect of malicious activity.
Sensei Premium blocks suspicious domains including hacked, expired domains and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for malware, phishing, and online scams. In addition, Sense Premium also blocks any expired DynDNS sites.
Figure 2: Sensei: Advanced Security Control Settings
By enabling this option you can block phishing, malware, and virus campaigns which are known to come into existence very recently (within the last 0-2 weeks).
By enabling this option you can proxy sites which are used by attackers to have anonymity.
By enabling this option you can block the sites whose registrations have expired. Cybercriminals are known to re-register sites which are no longer being used.
Since malicious sites have been known to use dynamic DNS services, blocking these sites keep you safe from any possible attacks that might be launched from them.
By enabling this option you can block newly registered domains which are an effective tool for threat actors. From a security perspective, there are very few reasons someone would need to visit a domain that has just come online; likely, they were sent via a URL from a malicious campaign.
Like newly registered sites, sites which have undergone a long period silence and become recently up might be also be used by the attackers. Sites which has a good reputation history are especially used by the cyber criminals to evade reputation-based security mechanisms.
These settings are extremely useful to block some phishing attacks when you are not careful of the URLs you are clicking.
This option will be made available in the future to block Botnet Command and Control Centers.
This option will be made available in the future to block Botnet agents trying to contact back their C&C using DGA mechanism.
This option will be made available in the future to block DNS Tunnels, which is an effective way of evading network security filtering.