Question for the community…..
Assuming we are blocking the following 2 categories (and of course blocking all of the known malicious)
- "Newly Observed Domain"
- "Newly Registered Domain"
What is the opinion as to allowing “Uncategorized”? I do understand that it is not impossible that a malicious link (in an email for example) could contain just an IP address (since all IP addresses generally are categorized as “Uncatgorized” by default) and therefore is an outlier risk (as uncommon this may be), but are there other known risks here I am not considering?
The reason for the ask is that we have found that websites that are categorized by Netskope, on occasion at least, are legitimate business sites and thus have negative impact. While we can add these to a custom policy that will allow access, it is a bit of a whack-a-mole exercise in futility since sites are added to this list all the time.
