The Red Sift Blog
“What’s Next for DMARC”: Red Sift & Inbox Monster Webinar Recap
Filter all blogs
All blogs
Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers
tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…
Read more
“What’s Next for DMARC”: Red Sift & Inbox Monster Webinar Recap
The recent webinar hosted by Inbox Monster, “What’s Next for DMARC: Data & Predictions for a New Era in Email Authentication,” featured insights from Red Sift and examined the significant changes brought by Yahoo and Google’s bulk sender requirements earlier this year. It also offered a forward-looking perspective on the future of email authentication.…
Read more
Navigating the Information Security Landscape: ISO 27001 vs. SOC 2
As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…
Read more
G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues
We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…
Read more
Google will no longer trust Entrust certificates from October 2024
Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…
Read more
Understanding the polyfill.io domain attack
tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…
Read more
Decoding the tricks: An analysis of poisoned domains in the SubdoMailing Attack
At Red Sift, we have been paying close attention to SubdoMailing – a domain takeover attack first discovered in February of 2024. Malicious actors exploited poorly maintained DNS records to send fraudulent emails impersonating legitimate brands. We identified affected organizations in our customer base and resolved the issue for all impacted users within 72…
Read more
DNS is the foundation for DMARC: Understanding the overlap
When the threat of SubdoMailing was newly discovered, we wrote a comprehensive guide and worked to get our impacted customers remediated within 72 hours of the discovery being published by Guardio Labs. We are proud of what we accomplished, but through the process, we also discovered that many people don’t fully understand the overlap…
Read more
Red Sift Recognized on Deloitte’s EMEA Fast 500™ List
We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…
Read more
The vital role of cybersecurity for Nonprofits: A deep dive
Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…
Read more
Red Sift brings DMARC data to the SOC with new Cisco XDR…
Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…
Read more
Preventing certificate related violations in cybersecurity frameworks: A guide to certificate monitoring…
TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet. At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…
Read more
Red Sift ASM & Red Sift Certificates: the missing link in your…
According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…
Read more
G2 Spring 2024 Report: Red Sift OnDMARC’s Fourth Consecutive Leader Title
We’re thrilled to share that Red Sift OnDMARC continues to impress in G2’s quarterly reports. This Spring 2024, the customer-loved DMARC application has maintained its position as DMARC Leader and shines with a total of 9 badges! This recognition is based on our high Customer Satisfaction scores and strong market presence. This quarter, we…
Read more
The best tools to protect yourself from SubdoMailing
In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…
Read more
Red Sift’s Spring 2024 Quarterly Product Release
This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…
Read more
Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…
In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity. In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…
Read more
Where are we now? One month of Google and Yahoo’s new requirements…
As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty. At the end of January 2024, one-third of global enterprises were bound to fail the new…
Read more
Your guide to the SubdoMailing campaign
A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed. The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…
Read more
A confident deployment guide for TLS and PKI
Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…
Read more