Domain Risk Management: Elements of an Effective Program


Problem Statement

The practice of Domain Risk Management (DRM) is the solution to the problem created by typosquatting attacks and other threats like cybersquatting and soundsquatting (using homophones to create look-alike domains), which are subsequently used for phishing or fraud campaigns to steal credentials, personal information, or financial information.

Domain management is often relegated to the Marketing or Legal teams in many organizations because there is a branding as well as a trademark component to domains. Increasingly, domain risk is becoming a CISO’s responsibility because many cyber attacks leverage domain variants as a starting point. For example, a criminal could register the domain (notice the “oo”), set up an email server and start sending phishing emails. Adding a proactive, defensive methodology to this established process is becoming a key part of modern cybersecurity practices.

This leads to the question of whether to build the capability in-house or to procure it as a service. Below is an introduction to DRM and a discussion that reviews the benefits provided by active management and monitoring of domains.

Define the Outcomes of a Proactive Domain Risk Management Program

Before building anything, you must define what the result will look like. For a successful DRM practice, you need to consider adding the following components:

1. Active management and monitoring of domains

– Registered domains owned by others for weaponization

– Unregistered domains for registration and weaponization

– Acquisition of strategic domains

– Management of domains owned by the corporation (renewals)

2. Safe enumeration of potential threats presented by typosquatting

The action of enumerating threats and mitigating them is critically important, but it is equally important that these actions are documented and that they are performed on a regular basis.

3. Active management and monitoring of domains

Typical management activities associated with your organization’s domains should include the creation of a complete catalog of all registered and owned domains. This catalog must include sufficient detail for each domain name.

In addition to the catalog and the tracking of domain name expiration you will also need a process in place to acquire new domains as the organizations identified a need. Be certain to include a step that integrates this new domain into your catalog created above end-to-end management.

Summary and Next Steps

In this blog we introduced the idea of risk management for your organization’s domains, reviewed the critical components that constitute a DRM practice and discussed the value in actively managing this process. We will go deeper into this process in the ensuing blogs in this series.

Most important to remember is that DRM is an overall process demanding both discipline and consistency. Unlike many cybersecurity challenges, it is a discrete problem that can be defined with little left to chance. The main factor that causes companies to fail is enumeration of threats to your domain(s) at scale. It is easy to leverage open source tools but ensure coverage and repeatability complexities that exist when you attempt to scale this effort without a dedicated system.

To learn more about domain monitoring, read our whitepaper: Guide to Domain Monitoring and Remediation

Request your free trial today: Bolster Free Trial

Learn more about Bolster Domain Protection solutions