New feature in the cyber threat monitoring tool automates triage and reduces the time required to manage domain spoofing by up to 75%. The SearchLight search engine scans sources in the open, deep and dark web.
Cyber threat intelligence provider Digital Shadows has expanded its SearchLightTM monitoring solution to include new features for detecting domain spoofing. From August 2021, users will receive highly filtered, contextualized alerts as soon as a domain is registered under an incorrect brand name. This simplifies triage and allows security teams to react more quickly to potential threats. The time it takes to manage domain spoofing is reduced by up to 75%.
Detect domain abuse quickly
The search engine SearchLight scans sources in the open, deep and dark web and detects digital dangers as well as data that has become unintentionally public. Thanks to the new domain spoofing feature, the tool now also recognizes registered domains that imitate the name or brand of well-known companies and misuse them for phishing purposes.
Each alert provides a company-specific risk rating in order to better assess and prioritize the threat. Risk factors include the appearance of the fake domain in threat feeds, the use of logos and brand images, the similarity to legitimate company websites and content, and the presence of an MX resource record, which the domain is used to send and receive phishing emails empowered.
Risk score quickly shows the dangers
Cyber threat monitoring tool automates triage (Image: Digital Shadows).
SearchLight assigns each factor its own risk score. The detailed and thorough risk analysis ensures that irrelevant reports are filtered out in advance in the threat intelligence feed. The triage of analysis, evaluation and prioritization is automated and can be configured individually. Domains that do not reach a predefined threshold value (e.g. "parked" domains) do not trigger an alarm, but are monitored in the background.
With automated triage, security teams can focus more on mitigating actual threats. The more top-level domains, the greater the number of possible imitations and thus the expense for the experts. Identifying typosquats and combosquats costs SecOps teams a lot of time, especially when companies have ambiguous brand names. In addition, character substitutions, transpositions, homoglyphs and top-level domain variations are usually difficult to recognize. The automated search functions in SearchLight cover a large number of variations, can be enriched with company and industry-specific keywords and thus guarantee extensive coverage of imitation domains and subdomains.
Over 1.100 copycat domains identified
According to a current study by Digital Shadows, companies are confronted with an average of 1.100 copycat domains, which represent a potential risk for customers, employees and brand protection. Russell Bentley, VP Product at Digital Shadows, emphasizes the importance of Cyber Threat Intelligence (CTI) in this context: “Today anyone can register a domain name without extensive checks. The number of fake domains is growing exponentially and security teams are faced with a flood of alerts that need to be checked for security risks. Very few CTI solutions on the market are of any real help or provide the necessary accuracy and relevance. With the new domain spoofing function in SearchLight, we are creating more clarity here and reducing the workload for security teams many times over. "
More at Sophos.com
About digital shadows
Digital Shadows tracks down unintentionally public data in the open, deep and dark web and thus helps organizations to reduce the resulting digital risks of external threats to a minimum. SearchLight ™ helps companies comply with data protection regulations, prevent loss of intellectual property, and prevent reputational damage. The solution helps to minimize digital risks, reduce the attack surface and protect brand and company names.