by Will Andre | Jul 10, 2026 | Blog
For years, security vendors made a quiet assumption: when a device on your network opens a TLS connection, the Server Name Indication (SNI) field in the ClientHello will tell you exactly where it’s going. That hostname became the foundation of every DNS filter,...
by Will Andre | Jun 29, 2026 | Blog
If you’re evaluating DNS blocklist feeds, you already know what they do. This post skips the explainer and gets to the part that actually matters: how to tell whether the feed you’re running—or considering—is actually any good. Most teams set up a DNS...
by Will Andre | Jun 15, 2026 | Blog
Today we’re announcing an integration with Tenzir that moves URL enrichment out of the SIEM and into the security data pipeline — where it can actually change outcomes. Most SIEM threat enrichment strategies share the same flaw: they start after data has already...
by Will Andre | Jun 13, 2026 | Blog
Your DNS filter sees every query your network generates. But seeing a query and understanding it are two different things. Most URL classification systems were built around a specific assumption: the host being queried is a website, and the website has content worth...
by Will Andre | Jun 10, 2026 | Blog
🔍 Want to look up an IP reputation score right now? Enter any IP address into threatYeti and get a full reputation score, threat breakdown, and infrastructure context — no account required. Free, instant, no rate limit for manual lookups. Every security product that...