Securing Internet Traffic
Protect devices from internet resources that are not maintained by a trusted organization via Banyan's Secure Web Gateway (SWG)
- Updated on Apr 21, 2023
Overview of Internet Threat Protection
Internet Threat Protection (ITP) is designed to help admins protect users from malicious websites, ransomware, or phishing attacks by filtering domains. It’s a framework that enforces “acceptable use policies” by blocking specific categories of websites (e.g., gambling sites). Such policies can be configured to block specific types of threats and/or categories of domains.
Banyan applies ITP policies to devices. The ITP feature set is designed to protect devices from internet resources that are not maintained by a trusted third-party organization.
How Banyan’s Internet Threat Protection functionality works
In Banyan, an admin decides which domains, or categories of domains, they need to block. These domains are added to a policy in Banyan, and the policy is then associated to a device or a group of devices.
These devices then update their name servers to point to Banyan’s name servers for all DNS traffic. The next time the device uses DNS, the request is sent to Banyan name servers, along with the device’s unique identifier. The name servers recognize the device based on its unique identifier and then match the device to the associated ITP policy.
Then, in real time, Banyan’s ITP policy categorizes the request(s) from the device, based on domain, and determines whether the request(s) should be blocked or allowed:
- If the request is blocked, then the device receives a redirect to a block page (the messaging on the block page is configurable by the organization).
- If the request is allowed, the device continues to the endpoint without any notification of evaluation.
What is a threat?
Threats (displayed in ITP policies) represent categories of domains containing content that is potentially harmful to a device. These categories of domains are devised by government agencies and third-party partnerships with Banyan. Threat categorization is best effort.
Threats displayed are not confined to traditional threats, such as malware and phishing; some threats designated include sites that could circumvent Banyan’s ITP policies (e.g., proxy and VPN domains or translation services domains). Banyan actively evaluates the dates of domain registration to determine whether the domain can be classified as “new” (i.e., less than 30 days old) or “very new” (i.e., less than 24 hours old), since these domains have higher chances of being malicious.
What is a content category?
A content category is a type of service that a particular domain offers (e.g., news sites, gambling sites, dating sites, etc.). Banyan categorizes these domains, and content categorization is best effort.
Currently, Banyan has a number of granular categories for use. Banyan also consistently evaluates whether more of such categories need to be added. Domains that are not recognized within any existing category are further evaluated for categorization.
How are Banyan’s Internet Threat Protection policies managed?
Admins can create and manage ITP policies in Banyan’s Command Center. Admins assign policies to devices via Roles, similar to other protected services in Banyan. Devices are not required to have an ITP policy associated with them; however, each device can only have one policy active at a time. ITP policies can be prioritized, similar to Trust Profiles; higher priority policies will take precedence when two or more policies apply to one device (i.e., a device with multiple Roles and separate ITP policies applicable to each Role).
Can’t find what you’re looking for?
We’re happy to help. Contact our team .