Zero-day domains are attacks carried out by attackers using domains that have not yet been detected by security firms. These domains are typically registered hours or minutes before the attack.
Zero-Day Domain Threats
Traditional blacklist approaches are insufficient against zero-day domains because they are not yet in any database. This is where the policy-based approach comes into play.
Policy-Based Blocking Strategy
- **Domain Age Policy:** Automatically block or monitor domains younger than 24 hours
- **DGA Detection:** Detect algorithmically generated domain names using machine learning
- **Category-Based:** Restrict domains that have not yet been categorized
- **WHOIS Integration:** Filter domains with missing or hidden ownership information
- **Geographic Policy:** Manage queries from specific country TLDs according to policy
NameDefence Policies Module
NameDefence's Policies module allows you to configure all the above strategies from a single interface. You can set department-level security by assigning different policies to source groups, and test your policies before going live with the DNS Simulator.