Website reputation checks

Maybe we should follow govt, cut out the Internet. ?ÿAllow user to surf net on a separate computer. It could be a viable option.

Can try urlvoid.com

U guys always do such checks first?

 

Thanks for the link

My team will usually check in the following scenarios:

1. User sends us emails which they deem as 'suspicious' or 'suspected phishing emails'
2. The CSIRT in head office will send us list of IP addresses or URLs to block after they received information from FS-ISAC.

On a separate note, MAS is collaborating with FS-ISAC.
www.mas.gov.sg/News-and-Publications/Med...lligence-Centre.aspx

correct me if i'm wrong, if u have an IPS or IDS within your network, it should be able to do a first layer filtering right? Not forgetting the firewall which filter out the unnecessary noises first. There's thousands of such suspicious emails, it's going to be tedious to check them all, isn't it?

the MAS news is mainly for financial sector companies right? not applicable for private companies.

IPS/IDS usually filters the web traffic. Firewalls like the NGFW also helps to block out attacks. Even with Ironport, sometimes users will still receive phishing emails. ?ÿI don't monitor IPS/IDS/FW alerts. At my previous workplace, this monitoring was outsourced. Even with the IPS outsourced, the vendor will still send us around 20 potential web attack alerts a day to be investigated. Usually these are SQL injection attempts and bot net attempts.

There are a few ISACs in the world. FS-ISAC is one of them. It's for FSIs and individual firms. It is a paid service. There is another one from the US. MS-ISAC, which is part of CIS.

Hmm, then if I subscribed to services like cloudflare or akamai, does it help?