DNS Security Categories

Umbrella's Security Categories are categories of security defense designed to give you more control over what you'd like to enable and report. These categories are used in creating policies and in filtering reports. If a domain matches a security category but is not set to be blocked by a security setting in your policy, it is still reported as an allowed visit to a destination that matches one of the security categories.

By default, three security categories are enabled: Malware, Command Control Callbacks, and Phishing. In general, we suggest that you find the right combination of security categories for your organization's policies.

Security Categories

  • Malware—Blocks requests to access servers hosting malware and websites compromised through any application, protocol, or port. Recommended.
  • Newly Seen Domains—Blocks access to domains that are being queried through Umbrella for the first time and for which Umbrella has not yet seen a client lookup. For more information, see Newly Seen Domains Security Category.
  • Command Control Callbacks—Prevents compromised devices from communicating with command and control servers through any application, protocol or port. Also, this setting helps identify potentially infected machines on your network. Recommended.
  • Phishing Attacks—Blocks access to fraudulent websites that are designed to steal personal information. Recommended.
  • Dynamic DNS—Blocks access to sites that host dynamic DNS content.
  • Potentially Harmful Domains—Blocks access to domains that exhibit suspicious behavior and may be part of an attack. For more information, see "Potentially Harmful" Security Category.
  • DNS Tunneling VPN—Blocks VPN services that allow users to disguise their traffic by tunneling it through the DNS protocol. These services can be used to bypass corporate policies regarding access and data transfers.
  • Cryptomining—Blocks access to crypto mining pools where "miners" group together and share resources—processing power—to better gather and share cryptocurrencies. Also blocks known web crypto mining source code repositories.

Integrations Sub-Category

An Integrations sub-category is available for certain packages. The Integrations security category consists of domains that have been added to Umbrella through individual integrations. Having information in this section of your configuration depends on what, if any, integrations you've enabled. It can include technology partners like Cisco AMP Threat Grid and FireEye, as well as any custom integrations. For more about integrations, see Set Up Custom Integrations.


Dispute a Security Categorization < DNS Security Categories > Web Security Categories