Web reputation levels

What is Web Reputation?

Cisco Talos maintains threat levels associated with web domains and their activity. These levels describe a spectrum that characterizes the risk of visiting a website or IP address, based on extensive telemetry and investigation. With this intelligence, users and analysts can more clearly distinguish established trusted sites and exceptionally untrusted sites from lesser-trusted ones. Users can report malicious activity on a website or from an IP, which will be reviewed and might alter the assigned threat level. Domain owners can submit tickets to Talos for review, if they believe their domain’s threat level is incorrect.

Threat Levels

Cisco Talos has updated our Web Reputation intelligence to use a more granular set of Threat Levels in order to better describe a website’s or IP address’s reputation.

Legacy Verdict Reputation Threat Level Description
Displaying behavior that indicates exceptional safety
Displaying behavior that indicates a level of safety
Displaying neither positive or negative behavior. However, has been evaluated.
Displaying behavior that may indicate risk, or could be undesirable
Displaying behavior that is exceptionally bad, malicious, or undesirable
Not previously evaluated, or lacking features to assert a threat level verdict

Reasons for Neutral Web Reputation

For a website to have a “trusted” reputation, we need to have substantial positive evidence over time. Consequently, the majority of websites have “neutral” reputations. The Talos Reputation Center guidelines do NOT recommend blocking of sites with neutral reputations.

Reasons for Untrusted Web Reputation

There are many reasons why a URI or web IP can have an untrusted web reputation. If your website’s reputation is untrusted and you are not certain whether your site is compromised, please file a support ticket with our Web Reputation Ticket form and we will investigate.

Meanwhile, here are some simple “best practices” that will reduce the likelihood of problems:

  • Ensure that the IP addresses hosting the website are dedicated IP addresses. If the IP addresses change frequently, and if the site has an IP address that was hosting malicious content in the past, it can result in an untrusted web reputation.
  • Ensure that the content hosted by the website is fully owned and controlled by you and is clean.