This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Machine_Head
Collaborator
Collaborator
‎2024-05-17 09:35 AM

Feature comparison - Newly Observed domain

Hi There,

#askingforacustomer

Wondering what would be the closest to this fortigate (⚰️) feature below

Any thoughts on how checkpoint achieves something similar?

I know of course uncategorized Category but it's not exactly the same.

 

DescriptionThis article explains how URLs in the 'Newly Observed Domain' classification are re-categorized.
ScopeFortiGate 5.6 or above.
Solution

A URL is detected as a 'Newly Observed Domain' if the domain name does not exist in the database and the URL is observed for the first time by the FDN server.

 

The URL will then remain in this category for 30 minutes during which it is scanned for malicious content.

 

If there is no malicious content found, the category for the URL changes to 'Not Rated'.

These 'Not Rated' domains will then be queued for review based on the visit counts.

 

The duration depends on how popular the 'Unrated' websites are and how long the 'Unrated' queue is.

However, after some time it is also possible to encounter the same domain as NOD again for these reasons:


1) The FDN cache expires and the URL gets removed from the cache; the NOD rating is returned. Or,


2) Because of the rare visits, it is possible to hit a different FDN server, and that server seeing it for the first time returns the NOD rating.

As for URL re-categorization made via the FortiGuard Web Filter Rating Submission, the response time may vary depending on the number of submissions in queue/priority.

0 Kudos
2 Replies
CaseyB
Advisor
‎2024-05-17 01:37 PM

I do not have a good answer for the current versions, hopefully someone else does, but it appears this feature or something similar will be available in R82. R82 New Features 

Improved Threat Prevention Capabilities

  • Added Advanced DNS capability to block DNS queries to newly created domains.
the_rock
Legend
Legend
‎2024-05-17 07:05 PM

Personally, I would double check with your Sales engineer to verify.

Best,

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top