Digital Shadows, a company that offers digital risk protection software, has introduced new capabilities to manage the significant issue of impersonating domains.
New research reveals that on average a Digital Shadows client is alerted to nearly 1,100 domains that have been registered to potentially mimic their organisation or brand(s) every year. Managing this threat has become a burden for security teams and the update will eliminate the time taken to manage this process by up to 75%.
Russell Bentley, VP Product at Digital Shadows explains: "It is easy for anyone to register a domain name with little to no checks. This creates a volume of potential risk which puts a burden on security teams who know how important this is but monitoring for and taking down impersonating domains is one of their least desired jobs. Worse still, the threat intelligence market is not providing security teams with effective tools to detect these impersonations. Instead, they are forced to make a trade-off between coverage and accuracy. The new features we are adding to SearchLight today will help to eliminate this tradeoff and enable customers to reduce domain noise by up to 75%."
How will the new capabilities work?
Customers of Digital Shadows SearchLight will now receive highly filtered, contextualised domain alerts enabling quicker triage, coordination, and response to high-risk impersonations. Such factors which might make a domain 'high risk' include the domain appearing in threat feeds, it may include a client logo or reference content within a legitimate website or contain an MX record, enabling a criminal to send and receive phishing emails against that URL.
SearchLight will assign a risk score to each of these factors to help reduce alert noise with automated triage so that security teams can focus their time on more impactful actions and protect their brand reputation. Users will be able to set up their automated triage against these risk factors so that they can automatically reject domains that do not reach their threshold (such as if it is just parked), and only receive alerts that they care about. All domains, including those rejected, are then continually monitored, ensuring security teams are the first to know when a domain poses a legitimate threat.
These advanced triaged capabilities mean that security teams no longer need to compromise on coverage.