Does shift address the threat of newly registered domain names?
Hi Patricia and welcome to communities!
Shift leverages the same URL database and threat intel feeds used by the Zscaler Internet Access product. The feeds do include many malicious and suspicious domains, many of which are indeed “newly registered” or “newly seen”. Traffic to suspicious domains is typically proxied to provide additional inline inspection and validate that there is an actual threat coming from that site as to not rely on reputation alone.
Zscaler is currently evaluating several new sources of threat intel and one enhancement we would like to add in upcoming releases is the ability to categorically block domains that were registered in the last 30 days. This will provide another layer of defense against sites hosting zero day payload not detectable by other means.
Thank you for the update!