Domain Monitoring

NetSPI » Attack Surface Visibility » Domain Monitoring

NetSPI’s Domain Monitoring helps organizations identify look-alike domains that resemble their legitimate domains but are be used by attackers for brand impersonation, fraud, phishing, or malware campaigns. This is available for free with your pentesting services.

Monitor Fraudulent Domain Activity

Domain Monitoring Services help organizations detect registered and unregistered look-alike domains, web addresses that resemble a company’s legitimate domain and are often used in brand impersonation, fraud, phishing, or malware campaigns. Attackers create these domains by making subtle modifications to real domain names that are difficult to spot at first glance. Common use cases for attackers deploying look-alike domains include:

  • Phishing Campaigns
  • Credential Harvesting
  • Malware Distribution
  • Brand Impersonation
  • Command & Control (C2)
  • Social Engineering

“”

Executive Blog

The question facing security leaders isn’t whether attackers will attempt to impersonate their organization, it’s whether they can detect and neutralize these threats before customers are defrauded and brand reputation is damaged.

  • Why Your Security Program Needs Domain Monitoring

Key Features

  • Potential Threat Score
  • Confirmed Threat Score
  • Brand Abuse Score
  • Domain Association
  • Takedown Reports
  • Proactive Acquisition

” ”

NetSPI Domain Monitoring

  • Continuous Discovery & Assessment:

    Continuous registered and unregistered look-alike domain discovery and assessment. Domain threats are prioritized through multiple risk scores: Confirmed Threat Score, Potential Threat Score, Brand Abuse Score, and Domain Association.

  • Comprehensive Threat Analysis:

    Deep contextual intelligence including risk profiles, WHOIS records, IP details, DNS records, and certificate data. This comprehensive threat analysis provides actionable insight to support legal takedown initiatives outside the platform.

  • Domain Takedown Reports:

    Take action by generating pre-filled takedown reports downloads with all relevant evidence and technical details included. Track the status of domain takedown requests to confirm threatening domain activity has been remediated appropriately.

  • Proactively Acquire Domains:

    Unregistered Look-alike Domains that are able to be purchased are listed on the domain monitoring dashboard. Proactively acquiring look-alike domains helps to reduce the risk of future fraudulent domain activity.

Domain Impersonation Techniques Example: company.com

  • Typosquatting:

    compnay.com (switching ‘a’ & ‘n’)

  • Homograph attacks:

    cοmpany.com (Greek omicron ‘ο’ instead of ‘o’)

  • Subdomain abuse:

    company.security-update.com

  • TLD variations:

    company.org, company.net, company.co

  • Character substitution:

    c0mpany.com (zero instead of ‘o’)

  • Hyphenation:

    comp-any.com or company-inc.com