Greywalls reduce risk by limiting unwitting end-users from temporarily interacting with domains, hostnames, and URLs with zero histories, reputation, or generated by an algorithm. Securd Greywall uses observation data and reputation intelligence to determine immediate access to domains and host names. The Greywall is designed and tuned to mitigate real-time cyber-attacks where end-users and endpoints attempt to connect to phishing sites, ransomware downloads, malware commands, and control when threat intelligence, indicators of compromise and heuristics cannot be used to detect a threat.
How Does the Securd Greywall Work?
Here are a few things that Securd Greywall is designed to do.
The security administrator determines the temporary block time in the Greywall.
A temporary block can be as short or as long as set in a security policy. In most cases, the temporary block is established for a range of 1 hour to 90 days. This temporary block provides security tools, providers, and the information security community to discover, assess, and distribute protection or intelligence to mitigate a cyber threat.
Why is Greywall better than Zero Reputation and New Observed domain lists?
Advanced threat actors understand they must manufacture and plan attacks very carefully to avoid detection. Sometimes, they will "groom" a domain to make it appear trustworthy. With millions of domains being updated and cycled monthly, global block lists malicious domains slip through the cracks.
With Securd, each company Greywall is isolated. New domain observation and greywall analytics are contained to each tenant. Thousands of endpoints may have resolved a domain in the past 90 days. However, what matters is when the domain first interacts with your endpoints. Administrators get to set the rules on when this new domain can be resolved.