This quarter, we’re making security faster, smarter, and more proactive with updates that improve threat detection, reduce manual work, and prevent threats before they escalate.
Highlights include:
- AI-driven Executive Impersonation detection in Red Sift Brand Trust, helping you proactively flag and mitigate leadership impersonation threats.
- Enhanced DMARC forensics in Red Sift OnDMARC thanks to an exclusive Abusix data feed, giving deeper insight into shadow IT and phishing campaigns.
- Red Sift Certificates Lite, the only Let’s Encrypt-recommended free certificate monitoring service with PKI posture metrics and proactive alerts.
Brand Trust
Executive Impersonation: Detect unauthorized use of leadership identities
By uploading and managing executive images in Brand Trust, security teams can detect and monitor unauthorized use of leadership identities across lookalike domains, preventing brand impersonation, phishing scams, and fraud.
Once an executive image is added to Brand Trust, the platform scans for impersonation attempts and flags detections in the Activity page. If a match is found, the risk rating will reflect the severity—typically high, unless the domain appears to be owned by your organization.
To see a quick walkthrough of this new feature, check out the video below.
Automated triaging: Focusing your attention where it matters most
Managing lookalike domains can be overwhelming, but with automated triaging, your workflows become more streamlined. This feature automatically classifies low-risk lookalikes, allowing you to prioritize higher-risk domains without losing track of potential threats. Key benefits include:
- Prioritize critical threats: Automatically classify low-risk lookalikes, allowing you to concentrate on higher-risk domains.
- Optimize time and resources: By automating routine triaging tasks, you can dedicate more time to strategic, high-value activities.
- Continuous monitoring and reassessment: Low-risk lookalikes are not forgotten – they remain under constant surveillance, and if new risks are detected, they are flagged for your review.
- Customizable rules: Tailor the classification system to fit your organization’s unique risk criteria.
The Automated Triaging feature is part of our ongoing commitment to empower your brand protection efforts. We plan to introduce additional automation capabilities to further enhance your ability to manage threats effectively and efficiently.
Ageing out lookalikes: Keeping your monitoring focused
Lookalike domains that no longer pose a threat can clutter your monitoring system, making it harder to focus on actionable risks. The ageing out lookalikes feature automatically removes expired or inactive domains from your active monitoring list. Key functionality includes:
- Automatic cleanup: Domains that expire or show no activity are aged out, keeping your monitoring streamlined.
- Reassessment on activity: If a domain is re-registered or becomes active again, it’s automatically re-added for review.
- Full historical access: The aged-out lookalikes page provides a complete history of removed domains, including details like deletion dates and remaining time before permanent removal.
- One-click restoration: Quickly restore aged-out domains to the low-risk tab if you want to resume monitoring.
This feature ensures your monitoring efforts remain focused, reducing noise while maintaining flexibility to reassess emerging risks.
OnDMARC
Enhanced Forensics: Deeper visibility with the new Abusix data feed
We’ve enhanced our Forensics feature with a new data feed from Abusix, an exclusive enhancement that provides deeper insights into shadow IT and phishing threats. As the only DMARC vendor offering this level of enriched forensics, we now combine data from both Yahoo and Abusix, giving you unparalleled visibility into unauthorized sending sources and malicious campaigns.
What this means for you:
- Get to DMARC enforcement faster: With additional intelligence beyond standard DMARC reports, you can quickly identify all sending sources, shut down shadow IT, and move to enforcement with confidence.
- Stronger phishing and spoofing detection: Even at p=reject, gain visibility into phishing campaigns impersonating your brand, uncover phishing URLs, and deliver actionable IOCs to your SOC team.
How does it work?
Enhanced Forensics are extracted from the terabytes of data Red Sift processes from global trap networks. These are securely synthesized into DMARC-compatible forensics reports that can provide additional context on unauthorized activity and attack patterns.
Enhanced Forensics can be found on the Forensics details page under ‘Enhanced’. When the value is ‘true,’ it indicates that the forensic data has been augmented with data from Yahoo and Abusix.
Saved view alerts: Proactive notifications tailored to you
Keeping up with DMARC activity across multiple domains just got easier. You can now set up alerts based on your saved views in the Senders table. Whether you want updates on specific categories, domains, or behaviors, alerts can be customized to your needs, sent to multiple recipients, and scheduled for daily or weekly notifications.
This added functionality ensures you’re always in the loop, with proactive notifications enabling faster response times and greater control over your DMARC enforcement journey.
Red Sift Certificates
Red Sift Certificates Lite: Free monitoring and 7-day expiration alerts
We’re excited to have launched Red Sift Certificates Lite, our free tier of Red Sift Certificates Enterprise, which monitors up to 250 certificates, provides PKI posture metrics, and sends email alerts seven days before expiration.
Certificates Lite is the recommended certificate monitoring service by Let’s Encrypt, helping you stay ahead of potential outages and maintain uninterrupted service. It’s a simple but powerful safety net that makes proactive management accessible to everyone.
To get the full scoop from our CEO, read the announcement post here. If you’d like to get started with free expiration monitoring, click here.
Active certificates details page: Comprehensive certificate insights
Managing certificate chains is easier than ever with new enhancements to our active certificates details page:
- You can now view full certificate chain details, including root, intermediate, and leaf certificates, making it simple to spot broken chains or misconfigurations.
- Detailed OpenSSL certificate data is now displayed, giving you transparency into key attributes like validity periods, key usages, and SANs.
- A new PEM tab allows you to access raw Base64-encoded certificates for manual operations or integrations.
These updates put deeper insights at your fingertips, enabling faster troubleshooting, improved auditing, and stronger trust management across your infrastructure.
Network scanning: Flexibility and precision in asset monitoring
Our updated network scanning settings now offer precise control over how scans are performed, with separate configurations for static network ranges and dynamic IP addresses. You can also define exclusions to fine-tune your scanning approach.
While changes to these settings may take up to 24 hours to take effect due to the daily scan schedule, once scanning is active, new information is continuously and automatically added to your account in real time. These improvements allow you to efficiently monitor both fixed and transient assets across your infrastructure, ensuring no gaps in your visibility.
