Cisco IronPort: Block Newly Registered Domains

WillySecurity · ‎02-12-2021

Hello,

I'm wondering if there is a method to block newly registered websites/domains within IronPort to prevent phishing emails to our users?

I saw a post a few years ago suggesting this idea but was moved into a UTM managed by security vendors. I was hoping that this feature is included now.

Thanks for your help!

balaji.bandi · ‎02-13-2021

is this domain belong to you, or Public domain, based on category, Talos will decide what reputation. ( are you getting Talos or any security vendor updates). it's hard in the security world to define which domain fake and genuine, so WSA relay based on Talos decision.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

WillySecurity · ‎02-15-2021

Hi Balaji,

Thanks for the reply.

I'm more-so basing this off of the age of the domain using a WhoIs lookup. I'm looking to block newly registered domains before they have a chance to interact with users via phishing emails. Domains usually spun up in the past month or so.

I wasn't sure if this was a feature built into IronPort or if it's a plugin that needs to be purchased.

Thanks.

balaji.bandi · ‎02-15-2021

As per I know newly build domain name Talos automatically does the Web reputation based on the content of the site.

this is the service that needs to be purchased from Cisco features.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help