The ClearScreen blog.
DNS policy, threat feeds, and compliance notes for endpoint fleets.
- DNS filtering vs proxy for endpoints: what CISOs should compare TLS inspection, PAC files, and local sinkholes — the trade-offs that matter when DORA and NIS2 reviewers ask where policy enforcement lives.
- DORA ICT risk: why the DNS layer belongs in your register Third-party resolvers, unsigned blocklists, and invisible enforcement — gaps that show up in ICT risk assessments for financial entities.
- Blocking AI tools without blocking productivity UT1 categories, allowlists, and review queues — how to stop unsanctioned LLM use while keeping engineering and research workflows intact.
- False-positive review workflow: from block page to audit evidence User reports, admin decisions, and exportable records — the loop regulators expect when DNS policy blocks a legitimate domain.
- UT1 categories: what to block first on a pilot fleet Malware, phishing, adult, gambling, and AI chat — a phased rollout order that passes legal review and keeps helpdesk load manageable.
- ed25519-signed threat feeds that work offline URLhaus, OpenPhish, and PhishTank in a signed bundle — why signature verification matters when agents cannot phone home every hour.