Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules

We’re happy to announce Malwarebytes DNS Filtering, a new module for the Nebula platform which helps block access to malicious websites and limit threats introduced by suspicious content.

But how exactly does it work, you ask?

In this post, we give a basic walkthrough of the module, starting off with how to create DNS filtering rules. We’ll then show you how to set exclusions to rules and filter by certain categories, as well as how to monitor and delete the rules that you create.

Let’s get into it!

Table of Contents

  • Part 1: Accessing the module
  • Part 2: Creating rules
  • 2.1: Setting rule exclusions
  • 2.2: Naming rules and setting policies
  • 2.3: Filtering categories
  • 2.4: Allowing and blocking domains
  • Part 3: Monitoring

Part 1: Accessing the module

Once you add DNS filtering to your Nebula subscription, you can access the DNS filtering page on the left hand navigation.

DNS how to 1
DNS how to 2

Part 2: Creating rules

First, let’s take a look at the Rules tab.

DNS how to 3

2.1: Setting rule exclusions

Start by adding global exclusions. Add your private and local domains here to prevent them from being blocked by any DNS filtering rules you create.

DNS how to 4

2.2: Naming rules and setting policies

Give this DNS rule a name and then select the policies you want to include.

DNS how to 5
DNS how to 6

2.3: Filtering categories

By default, Use preconfigured settings is enabled for Categories.

DNS how to 7

For further customization click on the arrow to expand the categories. Each security category has an additional description and details.

DNS how to 8

Under Content categories, you can expand each one for a more granular level of customization.

DNS how to 11
DNS how to 10

2.4: Allowing and blocking domains

DNS how to 9 1

Under allow lists you can add domains to exclude from this DNS rule. For now we’ll leave it blank.

DNS how to 12

You can also add domains to block certain domains. Remember that while allowing or blocking the domain will include the subdomains, allowing or blocking subdomain will not include the full domain.

DNS how to 13

Part 3: Monitoring

Now all the endpoints under the selected policies will follow this new DNS rule. Back on the Rules tab, you can disable and enable and also clone and delete rules.

DNS how to 14

On the Activity page, you can monitor and export data based on the rules you create.

And at the bottom, there’s a table where you can review each individual block and allow. Just like you can already do in Nebula, you can use column filter filters to create group level filters.

Elevate threat prevention for safer web browsing today

Malwarebytes DNS Filtering module makes it easy to block websites and content, helping you align internet access with your organization’s cybersecurity and any published “acceptable use” policies.

The post Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source