As a company with roots in AI, we continually seek innovative ways to harness its power to address our customers’ most critical challenges. This quarter, the Red Sift Brand Trust team has been hard at work enhancing AI-powered solutions for brand protection. We’re thrilled to unveil improvements to our GPT-4 powered asset discovery feature, and introduce our upcoming facial recognition capabilities to combat executive impersonation. These innovations significantly reduce the time and expertise typically required for brand protection efforts, easing the burden on already stretched legal and cybersecurity teams.
Red Sift OnDMARC has also seen significant enhancements this quarter, solidifying our leadership in the DMARC space. We’ve introduced DNS Guardian, the first feature of its kind from a DMARC provider, which bridges the gap between DNS and DMARC to protect against SubdoMailing attacks, dangling DNS, and CNAME takeovers.
Additionally, Red Sift Certificates has undergone a comprehensive interface redesign to align with the wider portfolio and now includes new features like content classification for fast remediation and AI-powered filtering to speed up search queries.
Lastly, we’re proud to have deployed enhancements to Red Sift ASM within 24 hours of the recent polyfill.io domain takeover. These updates warn customers if the compromised polyfill domain is detected in their external attack surface.
Let’s dive into the details.
Brand Trust
Enhancements to our Relevance Detection feature
Brand Trust leverages DNS, WHOIS, and SSL metadata from domains to create comprehensive identities for our customers. These identities help uncover domains that customers might own but have not yet discovered, including those that are parked, forgotten, or left unsecured – commonly known as shadow IT.
Customer benefits
With this release, we’ve introduced significant enhancements to Brand Trust’s Relevance Detection feature:
- New Dashboard for Identity Insights
- Identities we recommend you enable: Our AI analyzes each identity, gathering context to infer ownership, and recommends enabling identities with the highest likelihood of discovering your domains.
- Total discovered identities: The total number of identities we’ve uncovered for your domains through scanning DNS, WHOIS, and SSL metadata.
- Disabled identities: The count of identities currently disabled, which will not be subject to discovery.
- Unclassified discovered domains: The total number of lookalike domains identified as potential assets.
- Extra visibility for improved protection: Once a potential asset is identified, customers can transfer it to their “My Domains” view and enable it for lookalike discovery. This ensures continuous intelligence on emerging risks, keeping customers ahead of malicious actors.
Industry classification
We’re thrilled to introduce our new AI-powered Industry Classification model. Screenshots of web pages will be scanned by our AI, and assigned to one of 15 different industry classifications, allowing you to quickly find and filter domains within a specific industry. This is particularly useful if you want to identify lookalike domains that are closely impersonating your content and industry, and it adds to the evidence of any takedown submission. We used a subset of industries from the North American Industry Classification System (NAICS), including:
- Mining: Extraction of natural resources like coal, ores, crude petroleum, and natural gas, as well as mineral processing.
- Utilities: Establishments managing and distributing essential resources like electricity, water, natural gas, sewage treatment, and recycling.
- Construction: Involves building, infrastructure, and engineering projects, including general construction, specialty trade contracting, and heavy and civil engineering construction.
- Manufacturing: Involves transforming materials into new products across various industries, such as machinery, electronics, chemicals, and food products.
- Ecommerce: Encompasses online platforms for retail and wholesale trade, emphasizing the sale and distribution of goods without major alterations.
- Transportation: Encompasses the movement of goods and passengers, along with storage and handling of goods. Includes air, rail, water, truck, and pipeline transportation, along with warehousing and logistics services.
- Software and IT: Comprises diverse establishments focused on providing tailored software and IT solutions and services. Encompasses Software as a Service (SaaS), finished software products, and software engineering. Includes telecommunications, internet infrastructure, and related services.
- Finance: Involves establishments engaged in financial transactions, covering banking, insurance, securities, and related services.
- Real Estate and Rental: Engages in buying, selling, renting, and leasing real estate properties. Encompasses real estate agencies, property management, and leasing tangible assets like vehicles and equipment.
- Education: Establishments engaged in providing instruction and training. It includes activities such as elementary and secondary education, higher education, professional and management development training, and other education-related services.
- Entertainment: Involves establishments offering diverse leisure and entertainment services to the public. This includes live performances, sports events, amusement parks, gambling, and related recreational activities.
- Healthcare: Includes establishments providing health-related services and social support. It encompasses medical and dental care, nursing, specialized health services, counseling, rehabilitation, community support, and related.
- Hospitality: Includes establishments offering lodging and food services like hotels, resorts, restaurants, and caterers.
- Government: Involves establishments engaged in the administration and operation of governmental programs. This includes legislative, executive, and judicial activities across government levels, along with semi-autonomous government-owned establishments.
- Irrelevance: Encompasses establishments that do not fit into any of the provided categories or lack sufficient information for classification.
Customer benefits
- Enhanced risk assessments: Industry Classification helps evaluate the threat level of lookalike domains. Domains mimicking sectors associated with sensitive data, such as Finance or Healthcare, are flagged as high-risk, prompting quicker and more stringent responses.
- Speed up takedowns: By classifying domains, we streamline the takedown process. Domain registrars prioritize removing malicious domains within the same industry, expediting resolution.
Facial Recognition – coming soon
We’re excited to announce upcoming AI-powered facial recognition capabilities to combat Executive Impersonation, commonly known as CEO fraud.
Customers will soon be able to upload images of their executives or employees to Brand Trust. Our AI will then scan discovered lookalike domains and alert users if a recognized face appears on any of these domains.
Customer benefits
- Protection of brand trust and credibility: Impersonation of executives can severely damage a brand’s reputation. Brand Trust will alert customers to such threats, helping maintain brand integrity and credibility.
- Fraud prevention: Executive impersonation is a common tactic in spear phishing and business email compromise (BEC) schemes, leading to potentially significant financial losses. By identifying lookalike domains used to impersonate executives, Brand Trust aids in preventing these fraudulent activities.
OnDMARC
DNS Guardian
In response to the SubdoMailing attack of February 2024, where malicious actors exploited neglected DNS records to send fraudulent emails, we have introduced DNS Guardian within OnDMARC. This innovative feature bridges the gap between DNS and DMARC, safeguarding brands from SubdoMailing attacks, dangling DNS issues, and CNAME takeovers. Read the in-depth feature announcement here.
DNS Guardian not only detects and highlights dangling DNS issues but also provides step-by-step instructions for remediation.
Customer benefits
With DNS Guardian, email and security teams can:
- Stop ongoing attacks: Quickly identify subdomains currently exploited in the ongoing SubdoMailing campaigns to protect revenue, mitigate risk and enhance your organization’s reputation.
- Detect future domain security risk: Prevent future takeovers by detecting errors in your DNS configuration that leaves your organization vulnerable to malicious exploitation.
- Take the manual work out of DNS monitoring: Continuous monitoring of your DNS configuration to eliminates manual tracking and frees up valuable IT resources for higher-level tasks.
We are proud to say that Red Sift OnDMARC is the only DMARC application on the market that can identify and stop malicious mail that bypasses DMARC.
Watch our Red Sift OnDMARC Product Manager, Reid Cockrell, walk through DNS Guardian in less than three minutes.
Global IP search
Our new Global IP Search tool offers comprehensive reputational data on IP addresses, extending beyond standard DMARC reports to help expedite DMARC implementation timelines. Simply enter an IPv4 or IPv6 address to receive a detailed report including:
- IP Address Ownership: Information about the IP owner, if known.
- Domain Associations: Number of domains sending emails from this IP.
- Email Traffic Insights: Total email volume, pass rates for SPF, DKIM, and DMARC.
- IP Reputation: Evaluation of the IP’s reputation based on our blocklist.
- Authentication Rates: Daily SPF, DKIM, and DMARC authentication rates.
- WHOIS Information: WHOIS details for the IP address, if available.
Customer benefits
- Enhanced insight into IP legitimacy: Assess IP legitimacy in a broader context than standard DMARC reports.
- Behavioral change detection: Monitor changes in IP behavior, such as increased SPF failures, and investigate potential issues.
Multi-language support – starting with French
OnDMARC now supports French! You will find a simple toggle to switch between languages.
French is the first of many languages that OnDMARC will support. If you have feedback on which language would be useful for you, please reach out to us!
Please note that this feature release is limited to text translations within the product. The knowledge base, customer support, and notifications and alerting will not be available in French.
Reports – Quick Filters
Managing domains and ensuring DMARC compliance can often involve extensive navigation and filtering within the OnDMARC platform. To streamline this process, we’ve introduced two major enhancements:
1) DMARC Reporting Data in the Domains Table: You can now view critical DMARC reporting metrics directly within the domains table. This includes:
- Total Email Volume: See the total number of emails sent from each domain over the past 30 days.
- DMARC Compliance Percentage: View the percentage of emails that passed DMARC checks.
- SPF and DKIM Pass Rates: Check the pass rates for SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication methods.
2) Quick Filters: We’ve implemented a set of predefined filters to simplify domain management and expedite your workflow. These filters allow you to easily group and analyze domains based on specific criteria:
- Reporting & Not in Reject: Identify domains that are actively reporting but have not yet been moved to a p=reject policy. This helps prioritize which domains need immediate attention to enforce stricter DMARC policies.
- Reporting & No Traffic: Locate domains that are reporting but have no email traffic. This can help identify inactive or potentially abandoned domains that might require cleanup.
- Above 90% DMARC Compliance: Quickly find domains with high DMARC compliance (above 90%). These domains are generally well-configured and may need less immediate attention, allowing you to focus on less compliant domains.
- Below 50% DMARC Compliance: Focus on domains with low DMARC compliance (below 50%). These domains are likely experiencing issues with email authentication and require urgent remediation.
Customer benefits
- Enhanced visibility: By integrating DMARC reporting data directly into the domains table, you gain a clear overview of your domain’s performance and compliance metrics without having to navigate through multiple screens.
- Efficient domain management: The quick filters allow you to swiftly categorize and prioritize domains based on their compliance status and traffic patterns, facilitating a more organized and efficient approach to managing your email security.
- Improved security posture: Prioritizing domains with low compliance or no traffic helps address vulnerabilities more effectively, leading to stronger overall email security and better protection against phishing and spoofing attacks.
Certificates
We’re delighted to share that the next generation of Red Sift Certificates is now available complete with a fully updated UI to align with the branding of the wider Red Sift portfolio. This release also introduces new features, including:
- Advanced AI-powered filtering to accelerate the discovery of specific information
- Content classification capabilities for faster remediation
To read the full announcement, check out the article.
ASM
In our ongoing effort to bolster defenses against emerging threats such as the recent polyfill.io domain takeover, we are expanding on our Spring 2024 Web Technologies release with significant updates to Red Sift ASM. Already adept at detecting technologies, libraries, and third-party services to help identify malicious assets within customers’ external attack surfaces, this latest release includes:
- Automatic alerts: An issue will be created if the poisoned domain polyfill.io is found anywhere in the monitored estate. The issue explains the reason for the critical warning and the steps that are required to remove the risk from the estate. In addition, a warning will appear in the HTML Content Check letting the customer know if the poisoned domain polyfill.io was found anywhere in the monitored estate.
Customer Benefits
- Enhanced Threat Detection: Automatic alerts help you stay ahead of emerging threats by notifying you of compromised domains like polyfill.io before they can inflict damage.
- Improved Response Time: Detailed instructions and contextual warnings allow your team to act swiftly and effectively, reducing the window of vulnerability.