Guide
TrainingSupportCommunity

Monitor and protect zones

Suggest Edits

Zone protection allows you to monitor your zones for domains that threaten your organization. Zone protection monitors for these threats:

  • Phishing. Domains used for a phishing campaign or for fake websites. Phishing domains are often used to create websites that look legitimate but actually deceive users into providing sensitive information, such as login credentials, credit card information, and more.

    A phishing attack can target users within an organization by sending fake notices that urge immediate action. These fraudulent notices may arrive in the form of an email and use sophisticated scare tactics. For example, these notices may warn of copyright or trademark infringement in an attempt to obtain sensitive information about an organization. ​Akamai​ monitors the domains that belong to the email address of email senders.
  • Typosquatting. Domains that are a common misspelling or mistype of another popular domain or brand. While typosquatting can be used for activity that has a low risk to your organization, threat actors may use this technique to direct users to fake websites that are designed to steal information or install malware.

When you enable zone protection in a zone, ​Akamai​ actively monitors the zone and reports on domains that are used for this malicious activity.

In Control Center, you can:

  • Enable Zone Protection in each of your zones.
  • View a detailed report on domains that pose a threat to your organization. Information includes risk indicators, URLs where the domain was used, and more. You can filter domains by threat level, set a priority level for domains, assign the administrators who should follow the domain, and review the report. For more information, see Related domains report.
  • Take down domains that are a risk to your organization. For more information on domain takedowns, see Take down fraudulent domains.
  • Add or remove domains in an allowlist. Edge DNS zones are automatically added to the allowlist. Domains in this list are not monitored for phishing threats and are not included in the related domains report or any zone report.
  • View a dashboard that gives you a high-level, graphical view into domains that are malicious. It also shows the number of takedowns that are in progress or completed. For more information, see Zone dashboard.

Zone dashboard

The Zone Dashboard lets you monitor your zones for threats. On this dashboard, you can:

  • View the number of zones that are protected with Zone Protection. Zone Protection monitors your zones for domains that are a risk to your organization. You can click Protect Zones to select the zones that you want to protect.
  • View the number of threats based on the detected risk level and your priority level. You can click View Report to view the related domains report.
  • View the number of domain takedowns that are currently in progress or that were completed. The Domain Takedowns widget also shows takedowns by their current state in the takedown workflow and the number of potentially malicious domains that were found in your zone. You can click View Takedowns to view your takedown history.

Related domains report

The related domains report shows data on domains that ​Akamai​ detected are a risk to your organization. In this report, you can:

  • Filter the list of domains to narrow your view. You can filter by zone or zones, risk level, assigned priority level, timestamp of when the domain was last registered, whether an administrator is following it or not, whether a notification about a risk level change was sent to administrators, takedown status, and assigned tags.
  • View detailed information about a domain. You expand the table row of a domain in the report to view additional information about the domain. For more information, see Detailed domain information.
  • Review the risk level that was detected and assigned to the domain. The report automatically sorts domains by the highest risk level.
  • Assign priority level. To manage the list of domains, you can assign a priority level that lets you or other administrators manage it more easily.
  • View a screenshot of content that’s hosted by the related domain. This allows you to view content without navigating to the domain.
  • Follow a domain. You provide the email address of administrators or other users who are notified when the risk level for a domain changes
  • Take down a domain that you no longer want accessible to users. To learn more about domain takedowns, see Take down fraudulent domains.
  • Add a domain to an allowlist. After a domain is added to an allowlist, it no longer appears in zone reports for your account. Similarly, you can also remove a domain from the allowlist.
  • Download a CSV that contains a filtered list of domains in the report.
  • Perform bulk actions on multiple domains. These actions include adding domains to an allowlist, setting a priority level, managing tags, following or unfollowing domains, and updating the follow settings with new recipient email addresses.

Detailed domain information

You can expand a domain to view more detailed information about the domains that ​Akamai​ considers a risk to your organization.

Data FieldDescription
Risk IndicatorsAttributes that were identified and allowed Zone Protection to identify the domain as a threat. These attributes include device, browser information, a domain update, and more.
Domain URLsURLs where the domain is used
TagsTags associated with the domain. You can add or remove a tag. For more information, see Create and manage tags.
WHOIS Registration Time (UTC)The date and time in UTC format when the domain was registered with WHOIS.
DNSSECIndicates whether the domain was protected with Domain Name System Security Extensions (DNSSEC). DNSSEC are cryptographic signatures added to DNS records to secure DNS data transmitted over the internet.
Name serversAddresses of the name servers that are associated with the domain.
DNSRecords in the domain.
Rule nameShows the specific rule that identified the domain as a risk.
Zone(s)Zone or zones of the related domain.
CommentComment that you can enter about the domain.

Risk levels

​Akamai​ monitors your zone and assigns one of these risk levels to domains.

You can use the report filter to show the domains for a specific risk level. Each risk level includes the attributes of the previous risk level. For example, a risk level with a Medium risk level also includes the attributes of a domain with a low and minimal risk level. For more information, see Filter the related domains report.

Risk LevelDescription
CriticalIndicates the domain appears in a long URL that is likely part of a phishing scam.
HighIndicates the domain leads to a phishing form that is used to steal sensitive information.
MediumIndicates the domain includes a DNS record that is a mail exchanger (MX) record. An MX record routes emails to email servers.
LowIndicates a website is live with this domain.
MinimalIndicates the domain is an A or Address record where a domain maps to an IP address.

Priority levels

To help you manage domains in the related domain reports, you can assign one of these preset priority levels:

  • Critical
  • High
  • Medium
  • Low
  • Minimal

The priority level you assign is based on your preference. A critical priority level should be reserved for domains that require the most attention, while minimal should be assigned to domains that require the least amount of attention. For instructions on setting a level, see Set a priority level.

Domain takedowns

You can take down a domain that poses a spoofing or phishing threat to your organization.

Before you start a domain takedown, you must first submit an authorization letter to your Control Center account. After this letter is approved, you can initiate a domain takedown.

For more information on domain takedowns, see Take down fraudulent domains.

Enroll in zone protection

You can select the zone or zones where you want to enable zone protection.

To enroll in zone protection:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The Zone dashboard appears.
  2. In the Zone Protection dashboard, click Protect Zones. The zones that are enabled for zone protection are listed in the Protected Zones tab.
  3. Click the Unprotected Zones tab.
  4. In the search field, enter a zone name.
  5. Select a zone or multiple zones.
  6. Click Protect Zones. A confirmation message appears.
  7. Click Submit.

View the zone dashboard

Complete this procedure to view the zone dashboard. The dashboard contains widgets that direct you to pages where you can enroll in zone protection, view the related domains reports for zones that are enabled with Zone Protection, and view more information about domain takedowns.

To view the zone dashboard:

Do one of the following:

  • In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  • In Control Center, go to > DNS SOLUTIONS > Edge DNS. In the links at the top of the page, click Zone protection. The zone dashboard appears.

View the related domains report

Complete this procedure to view the related domains report.

Before you begin:

Make sure you are enrolled in Zone Protection. For instructions, see Enroll in zone protection.

To view the related domains report:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report. Until you filter the report, the report shows data for all zones enabled with Zone Protection.
  3. Apply filters to narrow the list of domains. For instructions, see Filter the related domains report.

Manage the related domains report

You can perform these tasks to review and manage the related domains report:

Filter the related domains report

You can filter the related domains report to narrow the list of domains that are presented in the report.

To filter the related domains report:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report. The report appears with a Filters panel.
  3. In the Filters panel, select the zone or zones that you want to filter by. Domains are shown only for the zone or zones you select.
  4. Apply filter settings. You can filter by this data:
    • Risk level or levels. Select a specific risk level. For example, you can filter by domains that ​Akamai​ has detected are a Critical and High risk.
    • Priority level. Select a priority level. By default, domains are set with a Minimal priority level. However, in the report itself, you can change this level to help you filter and sort the domain list. For more information, see Set a priority level.
    • Domain updates. Select to show domains that were updated in the domain registration within the last day, week, or month.
    • Following. Select whether the domain is currently followed or not followed by another user or administrator. For more information on follow settings, see Follow or unfollow a domain.
    • Notifications. Select whether the domain has generated a notification. Notifications are sent to recipients who are set to follow the domain when the risk level for the domain changes.
    • Takedown status. Select the status of a takedown. For more information on these states, see Takedown statuses.
    • Tag. Select specific tags or apply tags that match specific criteria.
  5. Click Apply. The related domains report appears with filtered domains.

Follow or unfollow a domain

When you review a domain in the related domains report, you can set whether a domain is followed or not. If you select to follow the domain, you can provide the email address of users or Control Center administrators who are notified when the state or risk level of the domain changes.

To follow or unfollow a domain:

  1. Go to the related domains report:
    1. In Control Center, go to > DNS SOLUTIONS. > Edge DNS > Zone Protection. The zone dashboard appears.
    2. In the Zone Threats area of the dashboard, click View Report.
  2. Apply filters to the related domains report. For instructions, see Filter the related domains report.
  3. To follow a domain, complete these steps:
    1. Go to the domain that you want to follow.
    2. Enable the Follow toggle for that domain.
    3. In the provided field, enter an email address for the administrator or user who should receive notifications about the domain. If you already provided an email address for the follow settings, you can also select the email address from the list that appears.
    4. Click Submit.
  4. To follow multiple domains, complete these steps:
    1. Select the domains that you want to follow.
    2. Click the Bulk Actions button.
    3. In the drop-down menu, select Follow.
    4. In the “Follow the select domains” window, enter the email address of users who should follow the domain and press Enter. If you already provided an email address for the follow settings, you can also select the email address from the list that appears.
    5. Click Submit.
  5. To unfollow a domain, complete these steps:
    1. Go to the domain that you want to unfollow.
    2. Disable the Follow toggle for that domain. A confirmation window appears.
    3. Click Yes. All recipients will no longer receive notifications about this domain.
  6. To unfollow multiple domains, complete these steps:
    1. Select the domains that you want to unfollow.
    2. Click the Bulk Actions button at the top of the report.
    3. In the drop-down menu, select Unfollow. A window appears where you can review the domains and the recipients who will stop receiving notifications about those domains.
    4. Click Submit.

Set a priority level

You can set a priority level to help you manage the domains. To learn more about priority levels, see Priority levels.

To set a priority level:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report.
  3. Apply filters to the related domains report. For instructions, see Filter the related domains reports.
  4. To set a priority level for a single domain:
    1. Go to the domain where you want to set a priority level.
    2. Go to the Priority menu and select a level.
  5. To set a priority level for multiple domains:
    1. Select the domains that you want to assign with the same priority level.
    2. Click the Bulk Actions button at the top of the report.
    3. In the drop-down menu, select Set Priority. The “Set priority for the selected domains” window appears.
    4. In the provided menu, select a priority level for the domains.
    5. Click Submit.

Create and manage tags

You can assign tags to help you manage and categorize related domains. Tags are added to your account. You can add new tags or assign tags that are already associated with your account. You can also remove and replace tags.

To manage tags:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. Apply filters to the related domains report. For instructions, see Filter the related domains report.
  3. To add a tag to a domain:
    1. Select the domain that you want to tag.
    2. In the Actions menu for the domain, select Manage tags. A window appears for domain tags.
    3. In the provided field, enter a new tag or in the list that appears as you type, select a tag or multiple tags.
    4. Click Submit.
  4. To remove a tag from a domain:
    1. Select the domain that includes the tag you want to remove.
    2. In the Actions menu for the domain, select Manage tags. A window appears for domain tags.
    3. Click inside the provided text box. In the menu that appears, select the tag that you no longer want associated with the domain.
    4. Click Submit.
  5. To add, replace, or remove tags for multiple domains:
    1. Select the domains that have tags you want to manage.
    2. Click the Bulk Actions button at the top of the report.
    3. In the drop-down menu, select Manage tags. The “Manage tags for the selected domains window” appears.
    4. To add tags, select Add tags from the Action menu. In the provided field, enter the tag names or select the tags from the drop-down menu.
    5. To replace tags that are assigned to the domain already, select Replace tags from the Action menu. In the provided field, enter the tag names or select the tags from the drop-down menu.
    6. To remove tags, select Remove tags from the Action menu. In the provided field, enter the tag names or select the tags from the drop-down menu.
    7. Click Submit.

Add domains to an allowlist

You can add domains from the related domains report to an allowlist. Domains in an allowlist are not monitored by Zone Protection. As a result, the domain no longer appears in the report.

📘

You or another user cannot follow the domain that you plan to add to an allowlist.

To remove domains from an allowlist, see Manage domains in an allowlist.

Before you begin:

Make sure no one is following the domain or domains that you want to add to the allowlist

To add domains to an allowlist:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report.
  3. Apply filters to the related domains report. For instructions, see Filter the related domains report.
  4. To add a single domain:
    1. Select a domain from the list and in the actions menu for the domain, select Add to allow list.
    2. In the confirmation window, select Yes.
  5. To add multiple domains:
    1. Select the domains that you want to add to the list.
    2. Click Bulk Actions and in the menu that appears, select Add to allow list. A window appears showing the selected domains. If a domain cannot be added, additional information is provided.
    3. Click Submit.

Manage domains in an allowlist

You can manage all the domains that you added to the allowlist.

To manage domains in an allowlist:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report.
  3. Apply filters to the related domains report. For instructions, see Filter the related domains report.
  4. Click Manage Allowlist at the top of the report.
  5. To add domains:
    1. Click Add Domains.
    2. Search for the domain that you want to add.
    3. Select the domain or multiple domains.
    4. Click Submit.
  6. To remove a domain or multiple domains:
    1. Click the Remove icon for a domain.
    2. In the confirmation window, click Yes.

Download a CSV with related domains

Download a CSV file that contains the domains in the related domains report. If you apply a filter, the CSV contains the filtered list of domains.

To download a CSV with related domains:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS > Zone Protection. The zone dashboard appears.
  2. In the Zone Threats area of the dashboard, click View Report.
  3. Apply filters to the related domains report. For instructions, see Filter the related domains report.
  4. Click the download icon at the top of the report. You can find the file wherever your browser saves downloaded files.

Updated about 2 months ago