After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.
With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By delivering internet-scale cybersecurity intelligence, the expertise of a security analyst, and the power of an LLM directly into existing workflows, Radar empowers defenders with actionable insights to close security gaps across email, domains, and public-facing assets before they can be exploited.
In this post, we’ll share insights from the beta phase, unveil new enhancements, and showcase how early adopters have already benefited from Radar. Don’t miss our live briefing tomorrow, October 2, 12 pm ET / 5 pm BST, where Red Sift CEO Rahul Powar and Senior Director of Sales Engineering Billy McDiarmid discuss how Radar is helping teams improve operational efficiency and strengthen security practices.
Shaping Red Sift Radar: Key learnings from our beta users
Back in February, we launched the beta version of Red Sift Radar with a simple goal: to make it easier for security teams to gather, analyze, and act on real-time cybersecurity insights. We invited trusted, long-time customers to test how Radar could transform their daily operations. While we anticipated benefits like task automation and improved consistency, our primary aim was to understand user experiences firsthand.
Here’s how Radar delivered value to our early adopters:
10x faster resolution: stop wasting time on manual tasks
By embedding actionable, real-time intelligence directly into existing workflows, Radar reduces manual investigation time by up to 10x. Teams save significant time with its chat interface for quick troubleshooting and in-app prompts that surface critical configuration checks right where they work.
Jose Gomez, IT Director at General Catalyst, noted:
“Before using Radar, my workflow was manual and inefficient, and checking a single domain could take up to 20 minutes. With Radar’s quick and comprehensive insights, I can now assess a domain’s security posture and configuration in just two minutes.”
Eliminate manual data collection
Instead of relying on the painful process of gathering security insights from multiple sources – such as blocklists, MXToolbox, and DNSStuff – Radar streamlines workflows by analyzing data across channels. It detects malicious behaviors and stops configuration drift, dramatically reducing the time and effort required for accurate security assessments.
Frank L. Smith III, Director of Information Security at GC Foods, shared:
“Prior to utilizing Radar, we would go through the painstaking process of gathering security insights from several sources. The introduction of Radar has greatly decreased the time it takes to accurately evaluate a domain or email system for validity and security.”
Improve your security posture
Powered by advanced AI, Radar classifies potential threats and offers in-depth assessments of suspicious activities. Through tools like OnDMARC’s IP assessments and the Email Analyzer, security teams can quickly differentiate between assets and threats.
Zachary Bennett, IT & Security Manager at FHC, commented:
“In the first 24 hours of using Radar, it saved us $4,000 by identifying a fraudulent invoice from its header information.”
In addition, Radar’s contextual understanding of a user’s environment enables it to tailor actionable insights to address specific issues.
Adam Newbold, Founder of Neatnik, added:
“Radar helped me identify an opportunity to tighten security around one of my email domains with an MTA-STS policy. It explained why the policy is important, walked me through the steps to configure and enable it, and even verified that everything was set up correctly afterward. Incredibly helpful!”
Upskill faster
Radar transforms complex security tasks into simple, natural language conversations, allowing both technical and non-technical team members to master advanced troubleshooting without additional resources.
Frank L. Smith III, Director of Information Security, GC Foods also emphasized:
“Radar gives us a quick and easy way to not only check the configurations but also to provide IT professionals with excellent documentation and explanations of the problem, along with information to fix the issue.”
Deep dive: Radar’s enhancements and core features
During the beta, we listened closely to feedback from security teams about what would make Radar even more indispensable. With these insights in hand, we’re excited to introduce several new features designed to better equip defenders.
Strengthen your email against phishing: Integration with Red Sift OnDMARC
One of the standout developments is Radar’s seamless integration with Red Sift OnDMARC, making it the first LLM embedded in an automated DMARC application. This integration allows you to receive real-time answers to email-related queries and diagnose misconfigured records or settings in seconds.
Find and fix misconfigured records
Radar provides proactive insights and step-by-step guidance for resolving misconfigurations. When it detects syntactical issues with SPF or DMARC records, Radar offers detailed troubleshooting instructions. Before supplying the corrected record, it validates the fix to ensure accuracy.
Quickly identify unknown senders to stop unauthorized use of your domain
Radar’s IP inspection feature evaluates unknown IP addresses, helping you accurately identify and classify potential threats to strengthen your security defenses.
Better understand DMARC failure reports to pinpoint spoofing attempts.
Radar analyzes DMARC failure reports to identify whether sources are spoofers or legitimate forwarders, providing clear insights into the cause of failures.
Stay ahead of bad actors: Analyze suspicious emails without opening them
Radar lets users forward potentially malicious emails for thorough analysis. By detecting harmful links, poor domain reputations, and other indicators of malicious activity, Radar unlocks an extra layer of defense for your business, allowing your team to proactively secure its email setup while also bolstering resilience against inbound threats.
Access deep cyber expertise, 24/7: Chat interface for complex queries
Radar’s intuitive LLM-powered chat interface simplifies complex cybersecurity into clear, natural language conversations. This user-friendly approach ensures that both technical and non-technical users can effectively utilize Radar, making sophisticated troubleshooting accessible without the need for training. What’s more, Radar is available directly from the Red Sift platform’s sidebar, providing seamless access no matter where you’re working. With just a single click, you can quickly analyze issues without losing your workflow.
Ensuring consistency and accuracy in Radar’s outputs
To ensure that Radar is an effective, trustworthy tool for security teams, we introduced three key innovations:
- Steering the LLMs with playbooks: We guide the model to enhance consistency in multi-step problem-solving while maintaining its ability to diagnose new issues.
- Integrating standard and proprietary tools: This enables real-time monitoring of internet-connected resources.
- Utilizing internet-scale data sets: We incorporate external data when necessary to extract insights not readily available from these resources
For more details on the integration of standard and proprietary tools, as well as the utilization of internet-scale data sets, read more about these innovations in our beta blog post here.
Diving a little deeper
Now, let’s look closer into how we achieve consistency in outputs through a system of “playbooks”, which guide Radar through multi-step cybersecurity analyses, ensuring accuracy, reliability, and consistency in handling complex scenarios that standard models often struggle with.
Radar leverages over 25 tools, ranging from shell commands and IP/domain reputation checkers to website rasterization. During early testing, we discovered that as the number of available tools increased, the model occasionally generated inconsistent planning steps for similar queries, such as “How secure is my website?”.
To address this challenge, we developed orchestration mechanisms called playbooks. These ensure that queries are handled using the same tools, in the same order, enhancing consistency and reducing errors.
For instance, if an LLM performs a complete domain security check without a playbook, it might overlook critical steps, such as verifying email requirements like SPF and DMARC or neglecting certificate checks like DNSSEC. By implementing the playbook approach, Radar guarantees that all necessary aspects are thoroughly investigated every time.
Transparency and privacy
At any point when using Radar’s chat, you can expand the dropdown that shows which API is being called to service the request and see both the request made and the response received. This is a great way for new users to get familiar with Radar’s playbooks in context.
Red Sift also maintains a privacy-centric approach to applying generative AI. While Radar is powered by the OpenAI API Platform, no customer data is used to train or improve models.
Looking ahead
The launch of Red Sift Radar is just the beginning. While we’re excited about the progress we’ve made, there is much more to come. Expect deeper integrations with Red Sift applications and third-party tools, new GenUI visualizations, the ability to export Radar’s outputs, and ongoing improvements to ensure Radar continues to strengthen your organization’s preventative defenses. And, of course, the long-awaited dark mode.
Ready to get started?
Red Sift Radar is now available at no additional cost for all Red Sift customers, with the level of access depending on your subscription tier.
Over the next few weeks, we will be rolling out access to eligible customers. In line with best practices and to ensure you have full control, Radar will not be automatically activated. To get started, you’ll need to opt in via an in-app modal, and a team member will assist with the setup.
If you are not yet a Red Sift customer but are interested in our suite of applications, you can sign up for a demo here.