Estimated Reading Time: 4 minutes
As a provider of the core URL classification, phishing and malicious threat detection technology used in many of the industry’s leading web filtering, antivirus, and cloud security solutions—we have spent the better part of a decade on this. We’ve developed a global, cloud-based architecture that leverages a hybrid human-supervised machine learning model as well as a crowd-sourced approach to gathering ActiveWeb URLs for analysis. This has positioned us to achieve exceedingly high coverage (typically over 99.9%) and accuracy (over 99%) for our categorization services and URL database.
In this blog, we will identify the five critical strategic elements for maximizing user protection from malicious threats. Let’s dive right in…
#1 Real-time monitoring and filtering for URLs in browsers, email, SMS/text/messaging, and other device connections
The first requirement is the ability to monitor and filter ALL web traffic in real-time with high coverage, accuracy, and extremely low latency. Connected devices are increasingly capable and ALL web traffic must be monitored and filtered regardless of its origin (browser, email, SMS/messaging app, or other apps and services). There are a variety of technical implementation possibilities to achieve this. In some instances, this may include a local database at various endpoints which handles the majority of web traffic and requests in addition to a cloud-based lookup function that can handle the rest. In any case, doing this in real-time is a critical requirement—protection cannot hinder performance, particularly on large and mission/business-critical networks.
#2 Real-time detection of new and uncategorized URLs (domain to full-path) AND the ability to block uncategorized URLs until they have been assessed
In addition to the wide coverage offered by real-time monitoring and filtering—next-generation (NG) network security solutions MUST have the ability to detect new and uncategorized URLs down to the full-path in real-time and block them until they have been thoroughly analyzed and classified. The only way to ensure protection for ALL web traffic is to adopt a no trust policy for uncategorized and unrecognized URLs.
#3 An API (or other mechanism) to communicate new/uncategorized URLs in real-time to your malicious website security vendor for processing and malicious detection
Achieving a high level of malicious protection will require a secure channel—likely a restful API or other mechanism—for communicating new URLs to your security vendor for processing and malicious detection in real-time. Every network is unique. With a secure channel to communicate URLs in real-time, and by implementing a closed feedback loop to identify, analyze, and classify that unique network traffic—your security vendor can continuously improve coverage for the URLs that your end users, devices, and services reach out to on the web.
#4 Crowd-sourced gathering of the ActiveWeb URLs
As mentioned in the introduction of this blog—implementing a URL gathering approach based on crowd-sourcing has enabled us to achieve highly effective industry-leading coverage. Through crowd-sourcing, each and every malicious or phishing detection across our network of end users contributes to a higher level of protection for all deployments, networks, and end users. Additionally, we have built relationships with law enforcement entities and organizations across a number of industries to aggregate feeds for prevent the distribution of terrorist-related content, sexual exploitation and abuse, identifying missing children—as well as other third-party industry feeds—to ensure our master dataset provides maximum coverage and protection.
Achieving accurate classification at scale is another story. For more on that, explore our blog on Categorizing 99.9% of the ActiveWeb with a Hybrid AI/ML Approach.
#5 (CRITICAL) The ability to get updates in real-time (in seconds—not minutes or hours) for any new URLs. That way you know if a URL is safe or dangerous, and whether it should be blocked or not.
The internet is enormous, with content and code continuously changing. The same is true for safe and malicious URLs alike. All of the preceding points in this blog should culminate in an infrastructure with the capability to receive real-time updates (in seconds) from your security vendor. Zero-day/hour/minute threats will become increasingly devastating—particularly in the 5G era and beyond. Ultra-low latency connections and a growing number of connected devices and IoT sensors will extend the typical network’s threat surface and allow malware to reproduce and compromise systems, users, and machines even more rapidly. Protecting all of your devices and users from next-generation threats will not only require real-time threat detection capabilities within your network, but the ability to receive updates from your cloud security vendor in seconds—NOT minutes or hours.
How to achieve maximum protection from compromised websites and malicious threats
Our goal with all of this is to help make the internet a safer place for all (except criminals, of course). The zveloAI cloud supports and protects a growing network of over 650 million end users, whose combined web traffic informs our systems to deliver unmatched insight and protection from malicious threats.
We are 100% OEM-focused and are proud to serve as the underlying core technology for many of the industry’s leading web filtering and antivirus providers. Contact us for more information, or to perform an evaluation of our award-winning zveloDB URL database or the zveloCAT real-time categorization engine—accessed via API.