Despite the intent of ensuring safe transit of information\nto and from a trusted website, encrypted protocols (usually HTTPS) do little to\nvalidate that the content of certified websites is safe.<\/p>\n\n\n\n
With the widespread usage of HTTPS protocols on major\nwebsites, network and security devices relying on interception of user traffic\nto apply filtering policies have lost visibility into page-level traffic.\nCybercriminals can take advantage of this encryption to hide malicious content on\nsecure connections, leaving users vulnerable to visiting malicious URLs within supposedly\nbenign domains.<\/p>\n\n\n\n
This limited visibility affects network devices that are\nunable to implement SSL\/TLS decrypt functionality due to limited resources,\ncost, and capabilities. These devices are typically meant for home or small\nbusiness use, but are also found in the enterprise arena, meaning the impact of\nthis limited visibility can be widespread.<\/p>\n\n\n\n
With 25% of malicious URLs identified by Webroot hosted within\nbenign domains in 2019, a deeper view into underlying URLs is necessary to\nprovide additional context to make better, more informed decisions when the\nexact URL path isn\u2019t available.<\/p>\n\n\n\n
The BrightCloud\u00ae Web Classification and Web Reputation\nServices offers technology providers the most effective way to supplement\ndomain-level visibility. Using cloud-based analytics and machine learning with\nmore than 10 years of real-world refinement, BrightCloud\u00ae Threat Intelligence services\nhave classified more than 842 million domains and 37 billion URLs to-date and can\ngenerate a predictive risk score for every domain on the internet. <\/p>\n\n\n\n
The Domain Safety Score, available as a premium feature with\nBrightCloud\u00ae Web Classification and Reputation services, can be a valuable\nmetric for filtering decisions when there is lack of path-level visibility on\nwebsites using HTTPs protocols. Even technology partners who do<\/em> have\npath-level visibility can benefit from using the Domain Safety Score to avoid\nthe complexity and compliance hurdles of deciding when to decrypt user traffic.<\/p>\n\n\n\n The Domain Safety Score is available for every domain and\nrepresents the estimated safety of the content found within that domain,\nranging from 1 to 100, with 1 being the least safe. A domain with a low score\nhas a higher predictive risk of having content within its pages that could\ncompromise the security of users and systems, such as phishing forms or\nmalicious downloads.<\/p>\n\n\n\n Using these services, organizations can implement and\nenforce effective web policies that protect users against web threats, whether\nencrypted through HTTPs or not.<\/p>\n\n\n\n As mentioned, a Domain Safety Score represents the estimated\nsafety of the content found within that domain. This enables better security\nfiltering decisions for devices with minimal page-level visibility due to\nincreasing adoption of HTTPS encryption.<\/p>\n\n\n\n How do we do it?<\/p>\n\n\n\n BrightCloud uses high-level input features to help determine\nDomain Safety Scores, including: <\/p>\n\n\n\n A secure connection doesn\u2019t have to compromise your privacy.\nThat\u2019s why Webroot\u2019s Domain Safety Scores peek below the domain level to the\nplaces where up to a quarter of online threats lurk. <\/p>\n\n\n\nDevising Domain Safety Scores<\/h2>\n\n\n\n