Skip to main content

Security Rules

Overview#

We developed Sensei in a way that almost every network security restrictions are configurable by yourself easily.

On the Security page of the policy, you can define general rules of how threat analysis will work.

info

The engine processes your request, queries to SVN Cloud and decides whether it will be allowed or blocked in real-time. It checks against 140+ Million Websites under 120+ categories in milliseconds.

The Cloud Threat Intelligence data is queried real-time when any device on your network attempts to connect to anywhere on the internet. It allows us to respond to malware and wireless outbreaks in real-time.

Free Edition provides users only Essential Security options. Advanced Security options are available through Sensei Premium Subscriptions (Home, SOHO, Premium).

Advanced Security options provide Advanced Threat Protection against the latest viruses, malware and phishing attacks by blocking websites that are known to host viruses, malware and launch phishing attacks. With Sunny Valley`s Advanced Threat Protection capabilities, you are provided with near-real-time commercial-grade threat protection and tracking.

Essential Security#

Sensei: Essential Security Control Settings

Figure 1: Sensei: Essential Security Control Settings

1. Block Malware Activity#

By enabling this option you can block sites that are known to host malware.

2. Block Phishing Servers#

By enabling this option you can block sites that are known to host malicious software being used by phishing campaigns.

3. Block Spam Sites#

By enabling this option you can block sites which distribute spam.

4. Block Hacking Sites#

By enabling this option you can block sites which distribute hacking related content.

5. Block Parked Domains#

Parked domains are web pages typically with a single page with ads. They do not provide any value to the user. They are used by legitimate domain registrars to monetize the visits of users who land on the main page.

On the other hand, parked domains can also host suspicious and / or malicious content, especially when used by an Ad provider. Ad providers are known to be leveraged by cyber criminals to serve malvertisements.

What's more, landing pages of parked domains are known to serve malware on a large scale.

6. Block Potentially Dangerous Sites#

You can block potentially dangerous sites by enabling this option. We're not %100 sure that they are malicious but they have suspicious activities which resemble a malicious site.

7. Block Firstly Seen Sites#

The sites that our Web Categorization engine did not see before are categorized as Firstly Seen sites. We did not even know that they existed.

You can block all of the sites that we are yet to hear about by enabling this option.

info

When we see a Firstly Seen Site, it is immediately being queued for processing by our AI based classification system.

AI based classification system tries to classify it. If there is success, the web category is immediately updated and in one hour, this new information is propagated to the entire Cloud Web Categorization & Threat Intelligence System.

If the AI based classification cannot classify the web site, it is marked as "Unknown", and queued again for further processing.

8. Block Undecided and Safe / Not Safe Sites#

Undecided sites are the sites that our Web Categorization Service heard of but have not come to a decision yet. They have been processed at least once by our AI based Web Categorization service, but has not been categorized yet.

Undecided Not Safe sites are the subset of these sites that we suspect of malicious activity.

Advanced Security#

Sensei Premium blocks suspicious domains including hacked, expired domains and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for malware, phishing, and online scams. In addition, Sense Premium also blocks any expired DynDNS sites.

Sensei: Advanced Security Control Settings

Figure 2: Sensei: Advanced Security Control Settings

1. Block Recent Malware/Phishing/Virus Outbreaks#

By enabling this option you can block phishing, malware, and virus campaigns which are known to come into existence very recently (within the last 0-2 weeks).

2. Block Proxy#

By enabling this option you can proxy sites which are used by attackers to have anonymity.

3. Block Dead Sites#

By enabling this option you can block the sites whose registrations have expired. Cybercriminals are known to re-register sites which are no longer being used.

4. Block Dynamic DNS Sites#

Since malicious sites have been known to use dynamic DNS services, blocking these sites keep you safe from any possible attacks that might be launched from them.

5. Block Newly Registered Sites#

By enabling this option you can block newly registered domains which are an effective tool for threat actors. From a security perspective, there are very few reasons someone would need to visit a domain that has just come online; likely, they were sent via a URL from a malicious campaign.

6. Block Newly Recovered Sites#

Like newly registered sites, sites which have undergone a long period silence and become recently up might be also be used by the attackers. Sites which has a good reputation history are especially used by the cyber criminals to evade reputation-based security mechanisms.

These settings are extremely useful to block some phishing attacks when you are not careful of the URLs you are clicking.

7. Block Botnet C&C#

This option will be made available in the future to block Botnet Command and Control Centers.

8. Block Botnet DGA Domains#

This option will be made available in the future to block Botnet agents trying to contact back their C&C using DGA mechanism.

9. Block DNS Tunneling#

This option will be made available in the future to block DNS Tunnels, which is an effective way of evading network security filtering.