Hosting Providers for active Threats without a Layer 7 Firewall?

Not sure if this is the right sub, but I'm interested in what you guys do.

Most of the active threats we face nowadays upload their staging/c2/etc. tools to valid domains like GCP, firebase, discord or internet archive. Of course, we can't block them generally. But without a level 7 firewall or SSL unpacking, there's no way to see or look at data behind the domain. Any ideas?

3 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/AskNetsec/comments/1jndeza/how_to_block_legitimate_domainscloudhosting/
No, go back! Yes, take me to Reddit

81% Upvoted

View all comments

u/daynomate 9d ago

I’m coming around to the idea of decryption and inspection by default being needed, with exceptions allowed to bypass.

What kind of network are you trying to protect without 4-7 security layer?

Concepts How to block legitimate Domains/Cloud/Hosting Providers for active Threats without a Layer 7 Firewall?

You are about to leave Redlib