TBlue Shield Umbrella employs a proactive approach to filtering, going beyond traditional DNS filters that only block known malicious domains. Instead of just reacting to existing threats, Blue Shield Umbrella uses a « Zero Trust Policy » to initially block newly registered domains and then puts them through a series of checks to determine their safety.  

This process ensures that even domains previously deemed safe are regularly re-evaluated to maintain security. If a domain doesn’t pass these dynamic and ongoing checks, it remains blocked under the « Zero Trust Policy. »  

Here’s a breakdown of the phases involved in Blue Shield Umbrella’s dynamic filtering:

Phase 1: IP Learning

• The domain is enriched with basic data, including IP addresses, records, and authoritative nameservers.  
• If the Blue Shield IP-Learning system flags the domain as malicious based on this data, it remains blocked.  

Phase 2: Blacklist Learning

• A Recurrent Neural Network analyzes historical data from various malicious domains to predict the likelihood of the domain being malicious.  
• These predictions are combined with the data from Phase 1 in Phase 3.  

Phase 3: Domain Sandboxing

• The domain is fully scanned for malicious code using the Blue Shield Webcrawler system.  
• Links, paths, logos, and other elements are also analyzed.  
• A weighted mathematical rule set is used to decide whether the domain is added to the dynamic whitelist or remains blocked.  

Phase 4: Behavior Profile

• A complete behavior profile of the domain is created, including snapshots, Netflow profiles, and live lookups.  
• This historical data can be used for future decision-making.  

Phase 5: Cert Streaming

• Worldwide issued certificates for domains are monitored in real-time.  
• The Certificate Authority is checked for pre-classification for Phase 7.  

Phase 6: Super-Services

• Blue Shield Threat Intelligence provides over 30 subsystems as microservices.  
• These services enrich the domain with a vast amount of data.  
• This data is then used in Phase 7 for analysis and training.  

Phase 7: Machine Learning

• Labeled domains, both good and bad, are used as training data for various machine learning models.  
• These models analyze different features of the domains.  
• A voting system analyzes the results of these models to make a final decision on whether a domain is « good » or « bad. »  

This multi-phase dynamic filtering process demonstrates Blue Shield Umbrella’s commitment to proactively identifying and blocking potential threats, ensuring a safer online experience.

Video by our Distributing Partner Ramgesoft

Reach out sales@thinqbase.com for more information and demo of the product.