This is Part 4 of a series about unexpected blocks. The first installment, “The Truth About Unexpected Blocks,” explains the difference between unexpected blocks and false positives, and the second, “Embracing the Human Element,” dives into the decisions security teams need to make when they encounter unexpected blocks. The third installment, “Managing Unexpected Blocks,” speaks to what to look for when encountering unexpected blocks as well as previewing our Unexpected Blocks feature in the threatER portal.
Definition: “unexpected blocks” vs. “false positives”
“Unexpected blocks” is an umbrella term for false positives, misunderstood indicators, and blocked malicious traffic on a site you weren’t expecting to be blocked. While many use the terms “false positive” and “unexpected block” interchangeably, false positives are only one kind of unexpected block, and thus the connection shouldn’t be allowed to automatically pass through.
Unexpected blocks – an important topic
At threatER, we’ve spent a great deal of time communicating about the topic of Unexpected Blocks. And there is a good reason for it, this is a very important subject and one frequently encountered by security professionals. As a reminder, it is very important to note that not all unexpected blocks are false positives, in fact most aren’t.
We understand these issues can be frustrating, but it’s important to note that this isn’t a bad thing – it means you have a secure network! Sometimes we need to use the tools we have to keep things secure while using the available features to balance security with the needed access.
Mitigating issues with Unexpected Blocks
In the video below, I speak to the issue of unexpected blocks and how you can use our helpful Knowledge Base article to mitigate issues when a website is being blocked unexpectedly. The video highlights ways you can use features in your policies, along with handy tools like the Google Admin Toolbox and CDN Planet’s CDNFinder tool to help overcome these issues.
I hope you find this video helpful, and as always we welcome your feedback and thoughts by sending us an email at customersuccess@threater.com.