What is domain monitoring – and why you need it

Typosquat domains are a popular tool in the attacker’s toolkit. Lookalike domains are easy to register, available in abundance, and quite effective when exploited as part of a phishing or ransomware campaign. To reduce the risk associated with typosquat domains, organizations need domain monitoring, a service that continuously monitors and removes typosquat domains.

DevOps/Cloud-Native Live!  Boston

Why do I need domain monitoring?

In the digital world, your internet domain is your brand and your brand has value. Attackers use typosquat domains to impersonate brands consumers trust. By using a similar domain, attackers leverage the brand reputation of a legitimate organization to trick users into clicking a link or submitting sensitive information.

It’s easy to register a domain name that appears to be from a legitimate organization – and the opportunities are plentiful. For a domain of reasonable length, there are orders of magnitude in which there are more variants of typosquatting to choose from to stage a malevolent presence. For example, a six-character domain has up to 12,000 typosquatting variants. On top of that, there are over 3,000 top-level domains to associate with each instance of typosquatting. Anyone with a credit card or cryptocurrency can buy large chunks of these domains.

What is domain monitoring - and why you need it
source: bolster.ai

Typosquatting works and attackers know it. In 2021, the total number of phishing and counterfeit pages detected increased 1.5 times compared to 2020 to reach a total of over 10.5 million – and it continues to grow. The average number of phishing and counterfeit pages detected per day rose to over 29,000.

You might feel like your organization is already covered, as many domain registrars offer some form of domain monitoring. However, the purpose of these services is not to protect organizations against typosquatting. The purpose of the domain monitoring services provided by your domain registrar is to help you maintain control over your domains. They notify you when registrations expire so you can pay before the domains go back on the market. These services do not monitor domains that are not in your possession.

How does domain monitoring work?

Domain monitoring for the purpose of protecting your brand against counterfeiting and fraud involves continuous monitoring and removal of typosquat domains. Modern domain monitoring solution leverages AI and automation to identify thousands of typosquatting variations spanning over 3,000 TLDs, then continuously monitors threat level conditions and domain name availability .

Domain monitoring should provide actionable insights in real time, including:
• Details on each suspicious domain detected
• The number of similar domains and fake sites by IP address, top-level domain, geographical area, etc.
• URL construction, TLD used, registrant information, MX record detection, etc.
• Phishing and scam risk levels

🔌 Quick take: Bolster offers the most comprehensive and comprehensive domain monitoring solution on the market. We have the most extensive typosquat detection and monitoring capabilities in the industry (over 3,000 TLDs), full lifecycle monitoring from pre-arming through removal and post-disposal. armament, and we are the only platform with built-in defensive domain acquisition functionality. Discover our solution here.

Balance domain monitoring with domain acquisition

Your organization has probably registered high-risk domains to keep them off the market and out of reach of attackers. While domain acquisition helps reduce your attack surface, it’s obviously not a viable solution on its own – it’s prohibitively expensive to purchase all typosquatting domain variants across 3,000+ TLDs. But domain acquisition has its place in a domain protection strategy. In fact, a domain monitoring solution should help you properly size your domain portfolios, balancing monitoring and acquisition strategies to optimize cost and risk.

Read our blog on domain acquisition to learn more: To protect your internet domain, start playing defense

The overview

As an internet-facing asset, domains are part of your external attack surface. Thus, domain monitoring is an important part of protecting the external attack surface. Unlike your other Internet-accessible assets and systems, however, domains are not always under your direct ownership or control, so it’s important to have a tool that can provide visibility and monitor all potential domains of typosquatting – as well as the ability to take them down if needed.

Remember: domain monitoring involves more than keeping an eye on the registration expiration dates of the domains you own. Domain protection requires a domain monitoring solution that looks outward to ensure that domains you don’t use aren’t used against you.

Need an easy way to get started with domain monitoring? Ask for a free and non-binding offer domain risk report. This is a great (and quick) way to assess the risks to your Internet domains, which could manifest as typosquatting attacks. Simply provide your website URL and our system will analyze variations of your domain name across over 3,000 TLDs. Within a few business days, we’ll send you a comprehensive risk report that identifies the domain variations that pose the greatest risk to your brand and business, along with an acquisition analysis.

*** This is a Bolster Blog Security Bloggers Network syndicated blog written by Felicia Zhang. Read the original post at: https://bolster.ai/blog/what-is-domain-monitoring-and-why-you-need-it/

Comments are closed.