Red Sift Brand Trust launches first GPT-4 powered feature, Relevance Detection

Relevance Detection is an AI-powered feature that automatically classifies the significance of identities found across sources such as DNS, WHOIS info, SSL certificates, and many others. By automatically pinpointing and highlighting the most relevant identities, Red Sift empowers your organization to enable the identities of choice in order to uncover and categorize more of your assets across the internet.

What are identities?

Identities are unique queries that use the metadata parsed from your existing inventory as search terms. Think of them as signals or snippets of interesting information that are associated with domains that can be used to discover potential assets that haven’t yet been found, or have been parked or forgotten and left unsecured.

Examples of identities can be:

  • Domain name registration identities (from WHOIS and RDAP)
  • Domain name email addresses
  • Organization names hidden in SSL certificates
  • Mail records, such as MX or SOA 
  • Mail server relationships
  • Private name servers

How does Relevance Detection work?

Brand Trust’s Relevance Detection feature leverages functionality that exists inside ASM (formerly Hardenize), Red Sift’s Attack Surface Management and Network Perimeter Protection solution. In ASM, Related Domain Discovery automatically monitors all configuration aspects of your known domain names and hosts to extract your unique identities. Once those have been found, ASM continuously monitors global databases to discover new domain names associated with those identities. 

We ingest 10 million new certificates a month and check more than 1.9bn hostnames in our own database. Our proprietary methods of real-time monitoring of publicly-issued certificates and discovery of hostnames mean that identities are created as soon as the metadata is published on the internet and that new discoveries can be found by them in real time. 

Historically, Brand Trust and ASM surfaced a set of identities that, while overlapping, were slightly different. We’ve worked on combining the technologies and now Brand Trust surfaces all discovered identities to its users. By leveraging OpenAI’s GPT-4 technology, it is then able to automatically scan each identity and generate a custom recommendation that tells you whether an identity should be enabled and why. Relevance Detection puts the power back into your hands and lets you decide which identities you want to include in your domain asset discovery process.

Relevance Detection, OnDOMAIN’s new AI-powered identity classification feature

In addition, the AI that powers Relevance Detection automatically translates identities that have been picked up in foreign languages, making it extremely useful for the average non-multilingual human who would otherwise not be able to understand and review them.

Once identities that appear relevant have been reviewed and enabled, Brand Trust is able to surface any undiscovered domain assets owned by your company, as well as uncover any potential lookalikes that exist in the wild. This enhanced discovery allows you to discover assets that may have been parked or even forgotten years ago and, if left vulnerable, could be an exploitable attack surface.

Relevance Detection, an invaluable feature for large, distributed organizations with complex domain name inventories

For large organizations that struggle with network monitoring, this feature is invaluable. While building a comprehensive list of domain names may be a simpler task for smaller organizations, at scale, it’s very difficult. For very large, distributed, organizations that have experienced years of mergers and acquisitions, building a good list requires a lot of effort – maintaining it even more so.

For organizations that do successfully generate and maintain comprehensive asset inventory lists, they are still difficult to evaluate given their volume and complexity. Relevance Detection removes that pain by automating the identity discovery and classification process, and providing you with recommendations for full identity enablement with just a couple of clicks. After all, the more visibility you have of your domain estate, the faster and better you are able to secure any vulnerabilities that exist.

According to a survey conducted by MIT Technology Review Insights of 700+ global leaders, over 50% said they have experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.

A case study: Major financial brand worth $300B tests Brand Trust’s Relevance Detection

Red Sift recently had the opportunity to present Relevance Detection to one of the world’s most valuable financial organizations.  

After adding the company’s main domain and just a couple of the brand’s logos into Brand Trust, the solution worked its magic and quickly suggested some 300 identities. Despite choosing only a small number of identities to enable, the results were astonishing. Brand Trust uncovered a number of high-risk, malicious lookalikes that the company had previously been completely unaware of. 

The first malicious lookalike domain that Brand Trust uncovered had been blocked by Google Safe Browsing and marked as a credential harvesting/social engineering page. However, despite it having been reported, it was still live on the internet and operating without the company being aware of its existence.

In this Domain Details preview, Brand Trust uncovers a malicious lookalike that has been flagged as social engineering

The second lookalike Relevance Detection detected had fraudulently used various elements of the financial firm’s branding, including logos, typefaces, and brand imagery to con users into believing it was legitimate. Upon closer investigation, we identified that the CTAs used across the website were linked to a WhatsApp number, strongly suggesting that the owner of this domain was running a scam operation. This page was also still live and had not made it onto any block lists, even after 20 days of being online. 

When presented with these findings, this financial organization commented that Relevance Detection “blew their minds” and highlighted the chronic need for a solution as sophisticated as Brand Trust, made only stronger by the power of AI. 

Curious to find out what assets or vulnerabilities your organization is waiting to uncover? Get in touch to book your free Brand Trust demo now.


Francesca Rünger-Field

5 Jun. 2023



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to Latest update: 27th June 2024 Sansec, a…

Read more