Introducing Strongarm’s New Subdomain Blocking Capabilities

October 26, 2016 | By

When an attacker registers a domain, such as badsite.com, for use in malware distribution or command and control (C2), they control the domain and the creation of any subdomains. That means that not only can a malware attack be launched from badsite.com, but from any of its subdomains, such as malware.badsite.com.

At Strongarm, we’re always looking for ways to improve the security of your network. That’s why we’ve extended our malware protection to include blocking subdomains. Now, Strongarm blacklists all subdomains of suspicious domains in our domain feed list to stop more malware than ever before.

What Defines a Malicious Subdomain?

  • The Strongarm team might consider a subdomain to be malicious either because:
    The attacker owns the domain and therefore that domain and its subdomains are malicious, or;
    The attacker is leveraging a dynamic DNS provider (e.g. registering badguy.no-ip.org, whereby no-ip.org isn’t necessarily malicious, only specific subdomins like badguy.no-ip.org are).

In the former case, Strongarm will automatically block both the domain and all of its subdomains, and in the latter case, Strongarm will block only the bad subdomains and won’t block the rest knowing that they are benign.

Working with domain feed maintainers, we’re able to quickly determine if a domain and its subdomains are malicious, a false positive, or no longer involved with malicious activity so that we deliver to you the most accurate information.

Strongarm’s Approach to Malware Blacklisting

Our approach is different because we don’t just block and drop; we speak to the malware to find out what it wants and shut it down.

On the forefront of this strategy is our analysis team. They are continuously researching, curating, and tuning both new and existing threat feeds and domains. Leveraging information and intel from these domain feeds, they can quickly determine when to block an entire domain or a single subdomain, and when to whitelist a legitimate domain.

As fast as attackers are pivoting and altering their attack strategies, we’re keeping pace by analyzing their sources so you’re prepared no matter who tries to come after you. That means your response efforts will not only become far more efficient, but more effective too.

Using Strongarm’s Subdomain Blacklisting

As of today, Strongarm will automatically blacklist all verified malicious subdomains across our large library of domain feeds. In addition, you now have the ability to choose whether or not to include subdomains when manually blacklisting or whitelisting a domain. With this increased level of protection, Strongarm will find and stop even more malware for you.

We designed the process to be as easy as possible for you, so that you can reap the benefits of malware protection without any of the headache and hassle.

Don’t let malicious subdomains compromise your security posture.

Try Strongarm today. You won’t be charged a cent until after we catch your first infection.

Sign Up For A Free Trial