Elements of an Effective Domain Risk Management Program

Statement of the problem

AppSec/API Security 2022

The practice of Domain Risk Management (DRM) is the solution to the problem created by typosquatting attacks and other threats like cybersquatting and soundquatting (use of homophones to create similar domains), which are then used for campaigns phishing or fraud aimed at stealing identifiers, personal information or financial information.

Domain management (DM) is often relegated to marketing or legal teams in many organizations because there is a branding component as well as a branding component to domains. Increasingly, domain risk becomes the responsibility of a CISO as many cyberattacks exploit domains. For example, a criminal could register the domain microosoft.com (note the “oo”), set up an email server, and start sending phishing emails. Adding a proactive and defensive methodology to this established process is becoming a key part of modern cybersecurity strategies.

This leads to the question of whether to build the capability in-house or buy it as a service. Below is an introduction to DRM and a discussion that reviews the benefits of actively managing and monitoring domains.

Define the results of the proactive domain risk management program

Before building anything, you need to define what the result will look like. For a successful DRM, you should consider adding the following components:

1. Active domain management and monitoring

– Registered domains owned by others for weaponization

– Unregistered domains for registration and weaponization

– Acquisition of strategic domains

– Management of domains held by the company (renewals)

2. Safe enumeration of potential threats presented by typosquatting

As a reminder, while the action of listing threats and mitigating them is important, it is equally important that these actions are documented and performed regularly.

3. Active Domain Management and Monitoring

Typical management activities associated with your organization’s domains should include creating a comprehensive catalog of all registered and owned domains. This catalog should include enough detail for each domain name.

In addition to cataloging and tracking domain name expiration, you will also need a process in place to acquire new domains when organizations have identified a need. Be sure to include a step that incorporates this new domain into your catalog created above end-to-end management.

Summary and Next Steps

In this blog, we introduced the idea of ​​risk management for your organization’s domains, reviewed the critical components that make up a DRM, and discussed the value of actively managing this process. In subsequent articles in this series, we will delve deeper into this process.

Domain risk management is above all a global process where discipline and consistency are required. Unlike many cybersecurity challenges, this is a discrete problem that can be defined with little luck. The biggest factor behind business failure is enumerating threats to your domain(s) at scale. Leveraging open source tools is easy, but be sure of the coverage and repeatability complexities that exist when trying to scale this effort without a dedicated system.

Request your free trial today: Support free trial

Learn more about Strengthen domain protection solutions

*** This is a syndicated blog from the Security Bloggers Network of Reinforcement Blog written by Jeff Baher. Read the original post at: https://bolster.ai/blog/elements-of-an-effective-domain-risk-management-program/

Ryan H. Bowman