Handling the category none – Threat Risk Scoring

Back in 2014 I wrote a blog on the different options available to Blue Coat ProxySG Customers for handling uncategorised websites (or the category ‘none’). At the time, the choice was limited being only 3-fold:

1. Block Access

2. Allow Access

3. Provide Coaching Pages to allow the user to decide

Jump forward a few years (from 2014) and Major Version Releases to SGOS where the Threat Risk Level Intelligence Service was introduced. This service introduced (alongside the Blue Coat Web Filter Database) the concept of assigning a Threat Risk Level to URLs numbering from 1 (Low Risk) to 10 (High Risk). This additional metric gave Security Teams the ability to control access to a URL based not only on how it was categorised, but also based upon how risky the Blue Coat Intelligence Services Cloud found it to be.

The following gives an overview of the risk levels and how Symantec has reached this conclusion:

Low (Levels 1-2)

The URL has an established history of normal behaviour and has no future predictors of threats.