In the ordinary course of business, companies rely upon their employees to access and use the companies' data networks. A company's data network typically includes multiple servers for operating the company's email system, storing its confidential and proprietary data and materials, and enabling its employees to access software tools, browse the Internet, and generate and store documents.
Since each employee's device is coupled to both the data network and the Internet, the data network is vulnerable to harmful intrusions originating through the Internet. For example, wrongdoers can use phishing tactics to break into the data network and obtain personal or confidential information of the company and its employees and customers. Often, the wrongdoer creates an email message and an illegitimate website in a way that resembles the appearance of the company's actual website and branding. The wrongdoer then sends the spoofed email to an employee including a hyperlink to the illegitimate website. The employee then clicks on the link and enters sensitive information at the illegitimate website, unknowingly providing the wrongdoer with sensitive information. The wrongdoer can use this information to perform harmful acts, such as: (a) gaining access to the company's data network, potentially copying confidential and proprietary data; (b) infecting the company's data network or systems with malware, such as viruses and ransomware; and (c) using the entered information (e.g., social security number, driver's license number, name and company passwords) for identity theft or other illegal purposes.
For protection, companies use network firewalls designed to prevent employees from accessing harmful websites. The firewalls, developed by software security firms, include a blacklist of website Uniform Resource Locators (URLs) that the firms know or suspect to be malicious. The software security firms make efforts to monitor URLs, identify signs of illegitimacy, and update their blacklists from time to time.
A major challenge, however, relates to newly-registered URLs. There is little information, good or bad, about newly-registered URLs. For example, it can take thirty (30) days or more for software security firms to realize that a newly-registered URL is suspicious or malicious, belonging on their blacklists. Knowing about this delay, it is common for a wrongdoer to create a new URL and make cyberattacks before the new URL is added to the blacklists. After a relatively short time (e.g., 5 days), the wrongdoer abandons that URL and creates an additional new URL. The wrongdoer then uses the additional new URL to make another set of cyberattacks before security firms are able to add it to their blacklists.
As a result, the data networks of companies are exposed to cyberattacks by newly-registered URLs. This exposure can cause substantial damage, loss and harm to the company's assets, reputation and business. Likewise, this exposure can cause substantial damage, loss and harm to the property and lives of the company's employees, customers and affiliates.
The foregoing background describes some, but not necessarily all, of the problems, disadvantages and shortcomings related to the known approaches to protect data networks from wrongdoers and their cyberattacks.