Red Sift’s Spring 2024 Quarterly Product Release

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed by bad actors getting around standards-based security measures.

In light of this, Red Sift’s 2024 Spring Release features innovations that help organizations better detect and remediate common misconfigurations and exposures while meeting the latest industry requirements. 

Here’s an in-depth look at Red Sift’s latest releases. 

Free tools that help meet evolving attack vectors and new requirements

SubdoMailing Checker 

In light of the recent SubdoMailing attack, Red Sift made updates to its free tools, Investigate and SPF Checker, within 48 hours of the news breaking. These updates empower users to quickly identify any domains utilized for SubdoMailing within their email environment.

Investigate surfaces a ‘SubdoMailers’ card to show if poisoned includes have been found. The same card was added to the SPF Checker, along with functionality that creates a dynamic visualization of the SPF tree. This allows users to easily pinpoint the location of any poisoned includes and remediate them quickly.

SubdoMailer cards in Red Sift’s SPF Checker

Google and Yahoo Compliance Checker

In response to Google and Yahoo’s bulk sending requirements, Red Sift introduced a version of its free email analysis tool, Investigate, that allows users to get instant insight into how their email-sending domain stacks up against these new requirements. The tool achieves this by dynamically checking a user’s email in less than 30 seconds. 

An extract from Red Sift Investigate’s Google/Yahoo Deliverability Compliance card

Red Sift Investigate is the only free tool on the market that provides this kind of real-time insight. It checks for the majority of requirements, namely:

  • Implementation of both SPF + DKIM
  • Sending with an aligned `From` domain in either the SPF or DKIM domains
  • Sending from a domain with a DMARC policy of at least p=none 
  • Using a TLS connection for transmitting email
  • Valid forward and reverse DNS (FCrDNS)
  • One-click unsubscribe
  • Low spam reported rate (Investigate does not check for this final requirement)

OnDMARC 

Automated SubdoMailing alerting

Red Sift OnDMARC added first-class support for SubdoMailing detection to its hosted SPF solution, Dynamic SPF. It automatically surfaces if domains used for SubdoMailing are present prompting customers to quickly take remedial action.

SubdoMailing detection has also been added to the My Domains view, Investigate, and Domain Analyzer.

Google & Yahoo Bulk Sender’s Compliance Profile

OnDMARC customers can benefit from Investigate’s new Google and Yahoo compliance profile inside the application. This compliance profile quickly determines if an email-sending service is set up for bulk-sending success.

Google and Yahoo Bulk Sender’s Compliance Profile in Red Sift OnDMARC’s Investigate

Overview Dashboard

Red Sift OnDMARC released an enhanced Overview Dashboard to facilitate informed decision-making and prioritization of actions.

To better support its large brands and their complex email-sending domain estates, OnDMARC’s enhanced Overview Dashboard now offers users a comprehensive view of their DMARC status across all active domains. This new and improved dashboard serves two purposes as it:

  1. Provides summary metrics for all active domains an organization has within OnDMARC, including:
  • How many domains are at p=none, p=quarantine, and p=reject
  • The total amount of emails sent across all domains
  • How many domains have MTA-STS configured
  • How many BIMI applications are in progress 

2. Helps to identify domains that should be prioritized for DMARC policy advancement based on domains with high sending volume or consistently high DMARC compliance rates. 

The new Executive Overview in Red Sift OnDMARC

DNS Alerts

The DNS Alerts feature in OnDMARC has been upgraded with over 15 new alerts to provide users with comprehensive notifications regarding changes made within their DNS records. These enhancements enable users to promptly identify and mitigate potential risks. The new alerts cover various statuses, including missing, configured, updated, and delegated, across DMARC, SPF, and MX records.

Brand Trust

SubdoMailing Detection

Red Sift’s lookalike domain discovery application, Red Sift Brand Trust, periodically checks lookalikes against a new Red Sift threat intelligence feed and flags whether the lookalike domain is involved in a SubDomailer attack. If a SubdoMailer is detected, the risk score is increased to high risk, signaling a need for prioritized remediation to the end user.

A new column called SubDomailer has been added to the Activity table, enabling users to filter lookalikes that have been detected. When drilling down into the details page of a lookalike domain, the risk score section has also been updated to show whether a SubDomailer has been detected.

New SubdoMailer risk signal in Red Sift Brand Trust

New and improved risk rating system 

In addition to the above, Red Sift Brand Trust has improved its lookalike risk rating functionality by introducing new risk signals and updating its scoring system. This enhanced overview provides a quantifiable measure of the threat posed by lookalike domains, empowering users to triage threats in priority order, take action faster, and reduce overall noise in the system.

Each lookalike will receive a score between 0 and 100, depending on which risk signals are active and contributing to the score. The score is mapped to three risk buckets:

  • High risk (71-100)
  • Medium risk (37-70)
  • Low risk (0-36)

The new risk rating now calculates how similar a lookalike domain looks to an owned asset, with closer resemblances being more heavily weighted. This rating is updated dynamically on each scan so users can confidently track the weaponization of domains in real time. 

The risk rating is impacted by sign-in forms on web pages that could be used to harvest credentials – discovered thanks to AI computer vision – as well as the security rating of DNS providers.

In the coming months, the Brand Trust team plans to add more signals such as HTML analysis of a web page and the most abused registrars, both of which could increase the risk score. 

Visual enhancements to lookalike & domain details pages

In conjunction with the new risk rating, Brand Trust’s lookalike details and domain details pages have been revamped to make it easier than ever to see important information at a glance.

A new risk section at the top of every lookalike details page shows which risk signals are contributing to the risk rating, demystifying how we’re scoring each lookalike domain. 

Brand Trust uses numerous AI computer vision algorithms to scan screenshots gathered from domains. With the screenshot now located prominently above the fold, it’s clear to see which signals have been detected on a page (logo, detected keywords, sign-in forms, page type, etc).

The new lookalike details page in Red Sift Brand Trust

In addition, we’ve introduced a concept similar to email – users can now clearly see when new lookalikes have arrived in Brand Trust, marked by the bolded text and blue circle next to it. Clicking on one of these domains marks the lookalike as read, so users can keep track of what they’ve triaged. Just like email, lookalikes can be marked as unread and revisited later.

Red Sift ASM

Web Technologies 

Ensuring compliance with frameworks and regulations like NIST, NIS2, HIPAA, and PCI-DSS necessitates maintaining an inventory of software utilized for service delivery. Red Sift ASM addresses this need by automatically compiling and updating a comprehensive inventory of a customer’s domains, hosts, certificates, IP addresses, and cloud resources. With the launch of Red Sift ASM’s latest feature, Web Technologies, users gain deeper insights into the technologies running in their environments, thus enhancing their understanding of the services across their digital infrastructure.

The new Web Technologies feature in Red Sift ASM (previously Hardenize)

The new Web Technologies feature in Red Sift ASM offers a range of benefits:

  • Facilitates precise identification of potential risks within your estate, simplifying the management of both existing vulnerabilities and those arising from new threats.
  • Enhances compliance adherence by providing in-depth visibility into the technologies used.
  • Supports a Continuous Threat Exposure Management (CTEM) program as knowing what technologies are used across the attack surface is a critical part of identifying exposure as part of the scoping stage.

During the assessment process within Red Sift ASM, if HTTP or HTTPS is detected on a host, its headless browser automatically identifies and displays the web page, along with the technologies, libraries, and third-party services utilized. It identifies technologies across over 100 different categories. Any discovered technology will be displayed on the host assessment and will also appear in the downloadable PDF assessment.

Red Sift customers who had early access to this feature described it as a “beautiful way to triage and prioritize an issue with an asset. It gives us more information than our existing tools do in a single place.”

Oracle Cloud Infrastructure integration

Having comprehensive data readily available facilitates making informed decisions – a key requirement in cyber. So, as part of Red Sift ASM’s ongoing cloud integration enhancements, Oracle Cloud Infrastructure (OCI) has now been integrated into its platform. This integration enables customers to seamlessly import new domain names, DNS zones, and their associated name records. Moreover, it empowers them to effortlessly support their cloud resources daily, all without requiring manual intervention.

PUBLISHED BY

Francesca Rünger-Field

21 Mar. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more
Email

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more
Email

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more