I have recently been tasked with taking over a network where all Cyber folks got fired at the same time. We basically have zero documentation on what they did, how they did it, or why. Best we can see it is kind of a mess.
Anyway, here is my current question: It appears that when they blocked a suspicious URL, they added an entry in their WSA as well as an entry in their DNS. What I have been doing for the past 6 years is only to add an entry in our WSA. What is the benefit of doing both and would one be better than the other? My guess is it is not necessary to do both, but I would like some input. I don't want to be doing double work if it isn't beneficial.
EDIT: We also add IP entries in the firewall.