Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Domain monitoring is a fundamental part of any brand protection program that involves tracking the registration of domains that have slight variation or permutation of the target company name or brand. This can include a spelling error, switched characters, or additional keywords added to the domain name. It may even not have a similar domain name, but the contents of the site are visually similar.
Impersonating domains are subsequently used for phishing attacks, BEC campaigns, and for selling counterfeit goods. Left undetected, these domains can lead to data breaches, credential theft, significant brand and reputational damage, and loss of revenue.
For several years, companies have attempted to solve this challenge by proactively buying similar-looking domains, hoping that owning these domains reduces the risk that these may be used for malicious purposes. The problem with this former approach is it cannot and has not scaled.
That may have worked in the past, but the sheer numbers make this approach unfeasible. ICANN now recognizes more than 1,200 Generic Top Level Domains, which means that anyone with a credit card can buy any number of domains. If you imagine that each of these can have tens of thousands of possible permutations, it’s clear that this strategy does not work.
Most organizations have now realized that they need to monitor for domains themselves. In our Domain Monitoring Solutions Guide, we provide an overview of what you should consider and some free tools to get you started.
Reported Domains
Detecting these domains yourself is the ideal scenario, but domains publicly reported by others are not to be ignored. There’s plenty of domains reported on Twitter and across various threat/phishing feeds –not to mention from phishing emails reported internally by employees.
Newly Registered Domains
The most useful data source for detecting domain impersonation is via a feed of newly registered domains. Different top level domains (TLD) such as .com, .gov, and .edu entities will provide different levels of data. More on the challenges associated with this below!
SSL Certificates
Certificate transparency logs are another great source of domain data. To learn more about certificate transparency logs, check out this great post on SANS ISC InfoSec Forums: Using Certificate Transparency as an Attack / Defense Tool.
DNS Data
Beyond the domains themselves, it’s important to collect the DNS data associated with them. The DNS data can have vital information that helps you to assess the associated risk, and identify broader trends.
TLD Coverage and Standardization
Unfortunately, there is no one provisioner of domains. In order to gather domain registration data, you will need to gather these from different top level domains. Be aware that there is no standardized format for these, so challenges can arise when you begin to analyze the data.
Historical data
It’s one thing getting the right DNS data and context, but another accessing the historical data and tracking it over time. Attackers may change WHOIS information in order to hide links to other campaigns, so going back to view previous details can be highly valuable. Some security teams use Archive.org’s Wayback Machine to get an idea of what the domain has looked like previously (https://archive.org/web/web.php).
Ongoing monitoring and storage
Oftentimes, security teams will want to capture screenshots, analyze the contents of domains, and store historical DNS data. This type of historical data can be vital for quickly responding to risks associated with domain impersonation. It would be cost prohibitive to store all domains and their contents for all time, so security teams should be clear about how much data they wish to pay to store.
In the next blog, we’ll move on to the next stage of domain monitoring–detection. This will dig into all different types of typosquat and combosquat you need to search for.
In the meantime, download your own copy of the Domain Monitoring Solutions Guide to get started.