Relevance Detection is an AI-powered feature that automatically classifies the significance of identities found across sources such as DNS, WHOIS info, SSL certificates, and many others. By automatically pinpointing and highlighting the most relevant identities, Red Sift empowers your organization to enable the identities of choice in order to uncover and categorize more of your assets across the internet.
What are identities?
Identities are unique queries that use the metadata parsed from your existing inventory as search terms. Think of them as signals or snippets of interesting information that are associated with domains that can be used to discover potential assets that haven't yet been found, or have been parked or forgotten and left unsecured.
Examples of identities can be:
- Domain name registration identities (from WHOIS and RDAP)
- Domain name email addresses
- Organization names hidden in SSL certificates
- Mail records, such as MX or SOA
- Mail server relationships
- Private name servers
How does Relevance Detection work?
OnDOMAIN’s Relevance Detection feature leverages functionality that exists inside Hardenize, Red Sift’s Network Perimeter Protection solution. In Hardenize, Related Domain Discovery automatically monitors all configuration aspects of your known domain names and hosts to extract your unique identities. Once those have been found, Hardenize continuously monitors global databases to discover new domain names associated with those identities.
|We ingest 10 million new certificates a month and check more than 1.9bn hostnames in our own database. Our proprietary methods of real-time monitoring of publicly-issued certificates and discovery of hostnames mean that identities are created as soon as the metadata is published on the internet and that new discoveries can be found by them in real time.|
Historically, OnDOMAIN and Hardenize surfaced a set of identities that, while overlapping, were slightly different. We've worked on combining the technologies and now OnDOMAIN surfaces all discovered identities to its users. By leveraging OpenAI’s GPT-4 technology, it is then able to automatically scan each identity and generate a custom recommendation that tells you whether an identity should be enabled and why. Relevance Detection puts the power back into your hands and lets you decide which identities you want to include in your domain asset discovery process.
In addition, the AI that powers Relevance Detection automatically translates identities that have been picked up in foreign languages, making it extremely useful for the average non-multilingual human who would otherwise not be able to understand and review them.
Once identities that appear relevant have been reviewed and enabled, OnDOMAIN is able to surface any undiscovered domain assets owned by your company, as well as uncover any potential lookalikes that exist in the wild. This enhanced discovery allows you to discover assets that may have been parked or even forgotten years ago and, if left vulnerable, could be an exploitable attack surface.
Relevance Detection, an invaluable feature for large, distributed organizations with complex domain name inventories
For large organizations that struggle with network monitoring, this feature is invaluable. While building a comprehensive list of domain names may be a simpler task for smaller organizations, at scale, it's very difficult. For very large, distributed, organizations that have experienced years of mergers and acquisitions, building a good list requires a lot of effort - maintaining it even more so.
For organizations that do successfully generate and maintain comprehensive asset inventory lists, they are still difficult to evaluate given their volume and complexity. Relevance Detection removes that pain by automating the identity discovery and classification process, and providing you with recommendations for full identity enablement with just a couple of clicks. After all, the more visibility you have of your domain estate, the faster and better you are able to secure any vulnerabilities that exist.
|According to a survey conducted by MIT Technology Review Insights of 700+ global leaders, over 50% said they have experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.|
A case study: Major financial brand worth $300B tests OnDOMAIN’s Relevance Detection
Red Sift recently had the opportunity to present Relevance Detection to one of the world’s most valuable financial organizations.
After adding the company’s main domain and just a couple of the brand’s logos into OnDOMAIN, the solution worked its magic and quickly suggested some 300 identities. Despite choosing only a small number of identities to enable, the results were astonishing. OnDOMAIN uncovered a number of high-risk, malicious lookalikes that the company had previously been completely unaware of.
The first malicious lookalike domain that OnDOMAIN uncovered had been blocked by Google Safe Browsing and marked as a credential harvesting/social engineering page. However, despite it having been reported, it was still live on the internet and operating without the company being aware of its existence.
The second lookalike Relevance Detection detected had fraudulently used various elements of the financial firm’s branding, including logos, typefaces, and brand imagery to con users into believing it was legitimate. Upon closer investigation, we identified that the CTAs used across the website were linked to a WhatsApp number, strongly suggesting that the owner of this domain was running a scam operation. This page was also still live and had not made it onto any block lists, even after 20 days of being online.
When presented with these findings, this financial organization commented that Relevance Detection “blew their minds” and highlighted the chronic need for a solution as sophisticated as OnDOMAIN, made only stronger by the power of AI.
Curious to find out what assets or vulnerabilities your organization is waiting to uncover? Get in touch to book your free OnDOMAIN demo now.