How Does the Securd Greywall Work?

How Does the Securd Greywall Work?

Greywalls reduce risk by limiting unwitting end-users from temporarily interacting with domains, hostnames, and URLs with zero histories, reputation, or generated by an algorithm. Securd Greywall uses observation data and reputation intelligence to determine immediate access to domains and host names. The Greywall is designed and tuned to mitigate real-time cyber-attacks where end-users and endpoints attempt to connect to phishing sites, ransomware downloads, malware commands, and control when threat intelligence, indicators of compromise and heuristics cannot be used to detect a threat.

How Does the Securd Greywall Work?

Here are a few things that Securd Greywall is designed to do.

  1. Through learning your DNS traffic, Greywall knows what domains are trustworthy enough to be resolved. 
  2. The Greywall is aware of untrusted domains and when they can eventually be accessed.


The security administrator determines the temporary block time in the Greywall.


A temporary block can be as short or as long as set in a security policy. In most cases, the temporary block is established for a range of 1 hour to 90 days. This temporary block provides security tools, providers, and the information security community to discover, assess, and distribute protection or intelligence to mitigate a cyber threat.

Why is Greywall better than Zero Reputation and New Observed domain lists?

Advanced threat actors understand they must manufacture and plan attacks very carefully to avoid detection. Sometimes, they will "groom" a domain to make it appear trustworthy. With millions of domains being updated and cycled monthly, global block lists malicious domains slip through the cracks.

With Securd, each company Greywall is isolated. New domain observation and greywall analytics are contained to each tenant. Thousands of endpoints may have resolved a domain in the past 90 days. However, what matters is when the domain first interacts with your endpoints. Administrators get to set the rules on when this new domain can be resolved.

To learn more, read this example of how the Securd Greywall protects a user from a phishing attack.
    • Related Articles

    • An Example of How the Greywall Blocks a Phishing Threat

      The Securd Greywall reduces risk by limiting unwitting end-users from temporarily interacting with domains, hostnames, and URLs with zero histories, reputation, or generated by an algorithm. Here is an example how it prevents a user from unwittingly ...
    • Threat Hunting with Securd

      A cloud-based DNS firewall, such as Securd, can be an effective tool for threat hunting by security analysts. Here is a step-by-step guide on how a security analyst can use Securd for threat hunting: Set up Securd: The first step in using Securd for ...
    • Securd Dashboard Overview

      Note: Each company (tenant) has a unique dashboard. Learn more about companies. The Securd dashboard provides administrators with a high-level time-based summary into key security metrics and information about a company's underlying activity. Threat ...
    • Enabling DNSSEC in Securd

      DNSSEC (Domain Name System Security Extensions) is a security protocol that provides authentication for DNS data. It is used to protect the internet's global Domain Name System (DNS) infrastructure from various types of attacks, such as spoofing and ...
    • Securd URL Proxy

      Securd URL Proxy analyzes web traffic for high risk URLs. It examines the domain and full URL of request to determine if it is a threat. The targeted proxy performs HTTPS security analysis of good sites that are exploited to deliver cyber attacks. ...