Triage capabilities enable security teams to spot fake domains and act against those with criminal intent
London and San Francisco, July 21 2021 – Digital Shadows, the leader in digital risk protection, today announces new capabilities to manage the significant issue of impersonating domains. New research reveals that on average a Digital Shadows client is alerted to nearly 1,100 domains that have been registered to potentially mimic their organization or brand(s) every year. Some are relatively harmless and ‘parked’, yet others have been set up with clear criminal intention and require immediate takedown measures. Managing and triaging this threat has become a significant burden for security teams and the update will eliminate the time taken to manage this process by up to 75%.
From today, customers of Digital Shadows SearchLight will receive highly filtered, contextualized domain alerts enabling quicker triage, coordination, and response to high-risk impersonations. Such factors which might make a domain ‘high risk’ include the domain appearing in threat feeds, it may include a client logo or reference content within a legitimate website or contain an MX record, enabling a criminal to send and receive phishing emails against that URL.
SearchLight will assign a risk score to each of these factors to help reduce alert noise with automated triage so that security teams can focus their time on more impactful actions and protect their brand reputation. Users will be able to set up their automated triage against these risk factors so that they can automatically reject domains that do not reach their threshold (such as if it is just parked), and only receive alerts that they care about. All domains, including those rejected, are then continually monitored, ensuring security teams are the first to know when a domain poses a legitimate threat.
These advanced triaged capabilities mean that security teams no longer need to compromise on coverage. As more Top-Level Domains become registered, the number of potential impersonations grows exponentially. Typosquats and combosquats are a frequent difficulty for many teams, especially those organizations with ambiguous brands. Tricker domains to detect may include character replacement, transposition, homoglyph, replacement and top-level domain variations of organizations and their brand names. Digital Shadows detects and alerts its clients to all these as well as variations with industry-specific keywords added, ensuring comprehensive coverage of impersonating domains and subdomains.
Russell Bentley, VP Product at Digital Shadows explains: “It is easy for anyone to register a domain name with little to no checks. This creates a volume of potential risk which puts a burden on security teams who know how important this is but monitoring for and taking down impersonating domains is one of their least desired jobs. Worse still, the threat intelligence market is not providing security teams with effective tools to detect these impersonations. Instead, they are forced to make a trade-off between coverage and accuracy. The new features we are adding to SearchLight today will help to eliminate this tradeoff and enable customers to reduce domain noise by up to 75%.”
The new features are available to existing and new customers coming in August 2021.
ABOUT DIGITAL SHADOWS
Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.