This is an overview of the zero trust approach for Graph Defense rules. This feature is in early stage beta.
Graph defense is patent pending ranking & domain trustworthiness system developed by Securd. The intent of the system is to score established, long-lasting and tightly linked Internet infrastructure, domains and assets that are highly correlated less end-user and endpoint risk. Most established Internet topology at the registered domain level will rank between 1-100M. Tuning Graph Defense to encompass only ranked domains will drastically reduce your organizational attack surface. Because domain lifespan, behavioral history, reputation are variables that impact our scoring, the feature will reduce threat actors capacity to create new and algorithm based domains from being leveraged against your endpoints.
{info} Graph Defense does not ignore security categories.
Any asset in an active ALLOW OR BLOCK list will take priority over this feature.
{warning} We highly recommended that you train your Greywall until new hosts plateau before enabling Graph Defense.
Please use the Dashboard for a company to become familiar with the number of new hosts discovered per day. Once your new host discovery plateau for 3 days, you should be able to proceed enabling this feature to GREEN & YELLOW Mode.
The Green setting is to limit the greywall delay. Any newly observed domain ranking inside this range will avoid a greywall event.
The Yellow setting is where the grewall delay starts. The greywall delay in your policy will determine the time of delay a new hostname or domain can be accessed.
The Red setting is where all sites lower than this ranking will be immediately blocked.
{danger} This is a HIGHLY restrictive feature and this will block traffic.
You will have make sure all the traffic that you want accepted is either inside the GREEN OR YELLOW ranking. Otherwise, you will have to ALLOW LIST the hostnames or domains to be accepted.