Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity. These changes will give you additional details needed to make more informed decisions for your network.

Beginning Jan. 21, customers using Cisco platforms that receive Talos Intelligence will see updates to our Content Categories. The changes will allow sites to be more discretely categorized resulting in a better understanding of the site’s context. These changes include:

  • An introduction of 15 new Content Categories:


  • Four new regionally restricted categories (Great Britain, Italy, Germany, and Poland) designed to help our customers address restrictions that specific countries or territories may require. Please refer to your Cisco product community for the availability of this functionality.
  • Two existing Content Categories will be split into four new Content Categories designed to provide more granular context for sites, allowing for more accurate management of web traffic.
  • “Health and Nutrition” will split into “Recipes and Food” and “Health and Medicine.”
  • “Nature” will become “Nature and Conservation” and “Animals and Pets.”
  • Two of our Threat Categories — “Dynamic DNS” and “DNS tunneling” — will become new Content Categories that will prevent these types of sites from evading corporate security measures. These categories represent addresses that are not inherently malicious, though some customers may still choose to block them as part of their security posture.

There will also be changes to our Threat Categories on Feb. 8:

  • Deactivate the two threat categories mentioned above that are being converted to Content Categories.
  • Three additional Threat Categories will be deactivated:
  • Mobile Threats
  • P2P Malware
  • Potential DNS Rebinding

Prior to this update, we recommend revisiting your acceptable use and security policies to see if these changes may affect your current operations.

As we evolve to better understand data, threats, and user behavior, we will continue to improve our intelligence, providing you the ability to make more informed decisions to keep your network safe without becoming prohibitive to your users.

For detailed information on the current Content and Threat Categories, please visit the Intelligence and Threat Categories page.

Note: The “Private IP Addresses as Host” category will be available in a future product release of WSA, NGFW and Umbrella.