Red Sift’s Spring 2024 Quarterly Product Release

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed by bad actors getting around standards-based security measures.

In light of this, Red Sift’s 2024 Spring Release features innovations that help organizations better detect and remediate common misconfigurations and exposures while meeting the latest industry requirements. 

Here’s an in-depth look at Red Sift’s latest releases. 

Free tools that help meet evolving attack vectors and new requirements

SubdoMailing Checker 

In light of the recent SubdoMailing attack, Red Sift made updates to its free tools, Investigate and SPF Checker, within 48 hours of the news breaking. These updates empower users to quickly identify any domains utilized for SubdoMailing within their email environment.

Investigate surfaces a ‘SubdoMailers’ card to show if poisoned includes have been found. The same card was added to the SPF Checker, along with functionality that creates a dynamic visualization of the SPF tree. This allows users to easily pinpoint the location of any poisoned includes and remediate them quickly.

SubdoMailer cards in Red Sift’s SPF Checker

Google and Yahoo Compliance Checker

In response to Google and Yahoo’s bulk sending requirements, Red Sift introduced a version of its free email analysis tool, Investigate, that allows users to get instant insight into how their email-sending domain stacks up against these new requirements. The tool achieves this by dynamically checking a user’s email in less than 30 seconds. 

An extract from Red Sift Investigate’s Google/Yahoo Deliverability Compliance card

Red Sift Investigate is the only free tool on the market that provides this kind of real-time insight. It checks for the majority of requirements, namely:

  • Implementation of both SPF + DKIM
  • Sending with an aligned `From` domain in either the SPF or DKIM domains
  • Sending from a domain with a DMARC policy of at least p=none 
  • Using a TLS connection for transmitting email
  • Valid forward and reverse DNS (FCrDNS)
  • One-click unsubscribe
  • Low spam reported rate (Investigate does not check for this final requirement)

OnDMARC 

Automated SubdoMailing alerting

Red Sift OnDMARC added first-class support for SubdoMailing detection to its hosted SPF solution, Dynamic SPF. It automatically surfaces if domains used for SubdoMailing are present prompting customers to quickly take remedial action.

SubdoMailing detection has also been added to the My Domains view, Investigate, and Domain Analyzer.

Google & Yahoo Bulk Sender’s Compliance Profile

OnDMARC customers can benefit from Investigate’s new Google and Yahoo compliance profile inside the application. This compliance profile quickly determines if an email-sending service is set up for bulk-sending success.

Google and Yahoo Bulk Sender’s Compliance Profile in Red Sift OnDMARC’s Investigate

Overview Dashboard

Red Sift OnDMARC released an enhanced Overview Dashboard to facilitate informed decision-making and prioritization of actions.

To better support its large brands and their complex email-sending domain estates, OnDMARC’s enhanced Overview Dashboard now offers users a comprehensive view of their DMARC status across all active domains. This new and improved dashboard serves two purposes as it:

  1. Provides summary metrics for all active domains an organization has within OnDMARC, including:
  • How many domains are at p=none, p=quarantine, and p=reject
  • The total amount of emails sent across all domains
  • How many domains have MTA-STS configured
  • How many BIMI applications are in progress 

2. Helps to identify domains that should be prioritized for DMARC policy advancement based on domains with high sending volume or consistently high DMARC compliance rates. 

The new Executive Overview in Red Sift OnDMARC

DNS Alerts

The DNS Alerts feature in OnDMARC has been upgraded with over 15 new alerts to provide users with comprehensive notifications regarding changes made within their DNS records. These enhancements enable users to promptly identify and mitigate potential risks. The new alerts cover various statuses, including missing, configured, updated, and delegated, across DMARC, SPF, and MX records.

Brand Trust

SubdoMailing Detection

Red Sift’s lookalike domain discovery application, Red Sift Brand Trust, periodically checks lookalikes against a new Red Sift threat intelligence feed and flags whether the lookalike domain is involved in a SubDomailer attack. If a SubdoMailer is detected, the risk score is increased to high risk, signaling a need for prioritized remediation to the end user.

A new column called SubDomailer has been added to the Activity table, enabling users to filter lookalikes that have been detected. When drilling down into the details page of a lookalike domain, the risk score section has also been updated to show whether a SubDomailer has been detected.

New SubdoMailer risk signal in Red Sift Brand Trust

New and improved risk rating system 

In addition to the above, Red Sift Brand Trust has improved its lookalike risk rating functionality by introducing new risk signals and updating its scoring system. This enhanced overview provides a quantifiable measure of the threat posed by lookalike domains, empowering users to triage threats in priority order, take action faster, and reduce overall noise in the system.

Each lookalike will receive a score between 0 and 100, depending on which risk signals are active and contributing to the score. The score is mapped to three risk buckets:

  • High risk (71-100)
  • Medium risk (37-70)
  • Low risk (0-36)

The new risk rating now calculates how similar a lookalike domain looks to an owned asset, with closer resemblances being more heavily weighted. This rating is updated dynamically on each scan so users can confidently track the weaponization of domains in real time. 

The risk rating is impacted by sign-in forms on web pages that could be used to harvest credentials – discovered thanks to AI computer vision – as well as the security rating of DNS providers.

In the coming months, the Brand Trust team plans to add more signals such as HTML analysis of a web page and the most abused registrars, both of which could increase the risk score. 

Visual enhancements to lookalike & domain details pages

In conjunction with the new risk rating, Brand Trust’s lookalike details and domain details pages have been revamped to make it easier than ever to see important information at a glance.

A new risk section at the top of every lookalike details page shows which risk signals are contributing to the risk rating, demystifying how we’re scoring each lookalike domain. 

Brand Trust uses numerous AI computer vision algorithms to scan screenshots gathered from domains. With the screenshot now located prominently above the fold, it’s clear to see which signals have been detected on a page (logo, detected keywords, sign-in forms, page type, etc).

The new lookalike details page in Red Sift Brand Trust

In addition, we’ve introduced a concept similar to email – users can now clearly see when new lookalikes have arrived in Brand Trust, marked by the bolded text and blue circle next to it. Clicking on one of these domains marks the lookalike as read, so users can keep track of what they’ve triaged. Just like email, lookalikes can be marked as unread and revisited later.

Red Sift ASM

Web Technologies 

Ensuring compliance with frameworks and regulations like NIST, NIS2, HIPAA, and PCI-DSS necessitates maintaining an inventory of software utilized for service delivery. Red Sift ASM addresses this need by automatically compiling and updating a comprehensive inventory of a customer’s domains, hosts, certificates, IP addresses, and cloud resources. With the launch of Red Sift ASM’s latest feature, Web Technologies, users gain deeper insights into the technologies running in their environments, thus enhancing their understanding of the services across their digital infrastructure.

The new Web Technologies feature in Red Sift ASM (previously Hardenize)

The new Web Technologies feature in Red Sift ASM offers a range of benefits:

  • Facilitates precise identification of potential risks within your estate, simplifying the management of both existing vulnerabilities and those arising from new threats.
  • Enhances compliance adherence by providing in-depth visibility into the technologies used.
  • Supports a Continuous Threat Exposure Management (CTEM) program as knowing what technologies are used across the attack surface is a critical part of identifying exposure as part of the scoping stage.

During the assessment process within Red Sift ASM, if HTTP or HTTPS is detected on a host, its headless browser automatically identifies and displays the web page, along with the technologies, libraries, and third-party services utilized. It identifies technologies across over 100 different categories. Any discovered technology will be displayed on the host assessment and will also appear in the downloadable PDF assessment.

Red Sift customers who had early access to this feature described it as a “beautiful way to triage and prioritize an issue with an asset. It gives us more information than our existing tools do in a single place.”

Oracle Cloud Infrastructure integration

Having comprehensive data readily available facilitates making informed decisions – a key requirement in cyber. So, as part of Red Sift ASM’s ongoing cloud integration enhancements, Oracle Cloud Infrastructure (OCI) has now been integrated into its platform. This integration enables customers to seamlessly import new domain names, DNS zones, and their associated name records. Moreover, it empowers them to effortlessly support their cloud resources daily, all without requiring manual intervention.

PUBLISHED BY

Francesca Rünger-Field

21 Mar. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Security

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more
News

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more
News

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more
News

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more