Red Sift’s Fall 2024 Quarterly Product Release

Building on the momentum of our Summer Release, we’ve taken another big step forward in AI-driven security with our Fall 2024 updates. 

Over the last few months, we’ve been focused on developing our skilled up large language model (LLM), Red Sift Radar – now fully integrated with OnDMARC – making it the first LLM embedded in an automated DMARC solution. This integration allows you to identify and fix technical misconfigurations in email records more efficiently than ever.

What’s more, Radar’s capabilities will soon be expanding into Brand Trust, giving security teams insights into IP trustworthiness and the ability to detect regional threats through geolocation technology. Alongside these updates, we’re adding advanced alerting features across our platform to bring real-time visibility to critical security signals, helping teams respond faster and manage risks proactively.

OnDMARC 

Find and fix email-related issues with Red Sift Radar 

Through Red Sift Radar’s integration with OnDMARC, you can get real-time answers to email queries and fix misconfigurations in seconds:

• Fix misconfigured records: Radar detects misconfigurations like syntax errors in SPF and DMARC records and provides easy-to-follow troubleshooting steps.
• Identify unknown senders: Radar’s IP inspection helps classify unknown IP addresses, identifying potential threats to protect your domain.
• Understand DMARC failures: Radar analyzes DMARC failure reports to distinguish between spoofers and legitimate forwarders, giving you actionable insights into DMARC failures.

Read the Radar launch announcement here. 

Quickly identify risks with source classification

In the “DMARC Reports” sender table, we now provide classification recommendations for any unrecognized sending sources. Based on our analysis, we notify users if a source is an Asset, Threat, or Forwarder, and offer clear reasoning for each suggestion. 

This feature helps customers quickly identify potential risks or trusted sources, saving time and manual work in email security management. Users can confirm or adjust the classification, gaining greater control and insight into their email landscape and ultimately enhancing security posture.

Brand Trust 

Stay ahead of evolving threats with AI-driven insights – coming soon

Following Radar’s integration with Red Sift OnDMARC, we’re now focusing on bringing its AI-powered innovations to Red Sift Brand Trust. Here’s a sneak peek at the upcoming releases:

• Identify unknown IPs: On a lookalike domain, a deep inspection can be performed on an IP address. Radar will provide geolocation info and ownership details, similar to the current data available in OnDMARC, helping determine whether the IP can be trusted.
• Detect regional brand misuse: Attackers often display different content based on the visitor’s location to evade detection. For instance, a lookalike domain’s website may show harmless content when accessed from the US, but display brand-infringing material like logos or keywords when accessed from the UK.

Currently, Brand Trust captures screenshots from a single location (US). We are expanding this to include additional locations – such as London (UK), Johannesburg (South Africa), Frankfurt (Germany), Madrid (Spain), and Tokyo (Japan) – enabling users to take screenshots from multiple regions. This helps monitor what content is being served in different locales, providing a broader picture of potential threats.

Stay informed with tailored alerts from Saved Views

Our customers often seek alerts when there are strong indicators of content infringement, such as logos, brand-specific keywords, or lookalike domains that closely resemble their own. Brand Trust streamlines the detection of these signals by providing filters across all the data we collect for lookalike domains. These filters can be saved as ‘Saved Views’ for quick and easy access.

With Saved Views, you can now send alerts via email or other channels, allowing for highly customized notifications that help you react swiftly to threats while minimizing noise.  For instance, you might set up an email alert for all lookalike domains that meet the following criteria:

• Contains a specific logo
• Includes keywords like your product name
• Shows a high level of similarity to your domains
• Email readiness set to true
• DNS provider is not CSC Global

Brand Trust can monitor these signals hourly, daily, or weekly, delivering email reports that summarize all alerts matching your filters.

We’re also working on a generic webhook integration that will let you send alerts to any platform supporting webhooks. Stay tuned for more details in our next quarterly release!

UI improvements 

Prioritize critical threats with Activity Page enhancements

In line with bringing key alerts to the surface, we’ve also enhanced the Activity page to help customers prioritize critical issues more effectively. The strongest signals are now highlighted at the top, enabling customers to focus on what matters most. The new activity bar is split into:

• Total number of discovered lookalikes 
• Image detection: The number of lookalikes where logos or keywords (and soon to be faces) have been detected
• Priority review: High risk lookalikes and those that have the highest similarity to your domains
• Potential assets that we think you may own

Each signal is clickable, instantly filtering the Activity table for faster remediation and more efficient risk management.

Quickly identify high-risk domains with Lookalike Similarity

As part of these enhancements, we’re introducing a new column called “Similarity.” Brand Trust scans up to 150 million domains daily, comparing them to your own domains to identify lookalikes (domains that closely imitate your domain names). Each lookalike is assigned a similarity score, indicating how closely it matches your domain. This score ranges from lowest to highest, helping you spot domains with the closest match for easier prioritization.

Certificates

Gain better visibility with the enhanced Certificates Dashboard

We’ve enhanced the Dashboard to deliver more actionable insights and increase visibility across your domain and certificate estate. The improved dashboard shows:

Total number of monitored domains: The dashboard now provides an at-a-glance view of your certificate management scope.

Certificate breakdown: Certificates are now categorized for easier filtering and insights.

• Total Certificates 
• Owned Certificates 
• Third-party certificates: Track certificates issued by external parties but linked to your services.
• Certificates in use by endpoints: Stay informed about certificates that are currently active and in use.

Renewal tracking and expiry management: You can now filter certificates based on their renewal timelines:

• Certificates due for renewal within a specified time frame.
• Certificates overdue and requiring immediate attention.

Critical Certificate Statuses

• Expiry timeline: The expiration monitoring timeline now features a clearer visual representation of renewal timelines and critical statuses.

The enhanced renewal timeline provides clearer visuals on renewal timelines and critical statuses, helping you stay ahead of potential issues. The improved filtering and categorization make it easy to prioritize certificates, ensuring timely action and maintaining compliance with ease.