Threat Detection Analysis

Webshrinker periodically performs threat detection tests on security products to analyze threat protection capabilities.

Webshrinker Domain Analysis Testing Process

1. Generate a 48-hour lookback list of the top 1,000 most dangerous threat domains in the categories of: Botnet, Malware, and Phishing & Deception

2. Generate another 48-hour lookback list of the top 1,000 domains in the categories of: Adult Content, Drugs, Gambling, P2P & Illegal, Terrorism & Hate, and Weapons

3. Configure policy on test subject to block against specified categories

4. Verify traffic capture is actively routing through the test subject

5. Perform dnslookup on domains to simulate traffic while safeguarding our internal networks

6. Eliminate domains containing any error code from the analysis

7. Check domains for signs of a block on the test subject

8. Cross-check malware domains with VirusTotal

9. View and record blocked domains from the test subject

The domain list is considered a snapshot in time because threat domains are quickly de-platformed once discovered.