What Is Domain Monitoring and Why You Need It


Typosquat domains are a popular tool in the attacker’s toolkit. The look-alike domains are easy to register, abundantly available, and quite effective when leveraged as part of a phishing or ransomware campaign. Organizations need domain monitoring to reduce the risk associated with typosquat domains, a service that continuously monitors and takes down typosquat domains.

Why do I need domain monitoring?

In the digital world, your Internet domain is your brand, and your brand has value. Attackers use typosquat domains to pose as brands that consumers trust. By utilizing a look-alike domain, attackers exploit the brand reputation of a legitimate organization to encourage users to click on a link or submit sensitive information.

It’s easy to register a domain name that appears to be from a legitimate organization — and the opportunities are plentiful. For a domain of any reasonable length, there are orders of magnitude in which there are more typosquatting variants to choose from to stage a malicious presence. For example, a six-character domain has as many as 12,000 typosquatting variants. On top of that, there are more than 3,000 top-level domains to pair with each typosquatting instance. Anyone with a credit card or cryptocurrency can purchase large swaths of these domains.

source: bolster.ai

Typosquatting works, and attackers know it. In 2021, the total number of phishing and counterfeit pages detected increased 1.5x over 2020 to more than 10.5 million — and it continues to grow. The average number of phishing and counterfeit pages daily increased to over 29,000.

You might be under the impression that your organization is already covered, as many domain registrars offer some form of domain monitoring. However, these services aim not to protect organizations against typosquatting. The goal of the domain monitoring services provided by your domain registrar is to help keep you from losing control of your domains. They alert you when registrations are due to expire so that you can pay up before the domains return to the market. These services do not monitor domains that are not in your possession.

How does domain monitoring work?

Domain monitoring software protects your brand against infringement and fraud and involves continuously monitoring and taking down typosquat domains. A modern domain monitoring solution leverages AI and automation to identify thousands of typosquatting variations spanning 3,000 plus TLDs, and then continuously monitors threat level conditions and domain name availability.

Domain monitoring tools should deliver actionable insights in real-time, including:
• Details on each suspicious domain detected
• The number of lookalike domains and fake sites by IP address, top-level domain, geography, and more
• URL construction, the TLD in use, registrant information, MX record detection, and more
• Phishing and scam risk levels

Quick plug: Bolster offers the most comprehensive and complete Domain Monitoring solution. We have the industry’s most extensive typosquat detection and monitoring capabilities (3,000+ TLDs), complete lifecycle monitoring from pre-weaponization through to post-weaponization takedown and removal, and we are the only platform out there with built-in defensive domain acquisition functionality. Check out our solution here.

Balancing Domain Monitoring with Domain Acquisition

Your organization has likely registered some high-risk domains to keep them off the market and out of attackers’ hands. While domain acquisition helps reduce your attack surface, it isn’t a viable solution in and of itself – it’s cost prohibitive to purchase all typosquatting domain variations across more than 3,000 TLDs. But domain acquisition does have a place in a domain protection strategy. A domain monitoring solution should help you right-size your domain portfolios, balancing monitoring and acquisition strategies to optimize for cost and risk.

Read our blog on domain acquisition to learn more: To Protect Your Internet Domain, Start Playing Defense

The Bigger Picture

As an Internet-facing asset, domains are part of your external attack surface. Thus, domain monitoring is an essential component of external attack surface protection. Unlike your other internet-facing assets and systems, however, domains aren’t always in your direct ownership or control, so it’s essential to have a tool that can provide visibility of and monitor all potential typosquatting domains and the ability to take them down when necessary.

Remember: domain monitoring entails much more than keeping an eye on registration expiry dates for the domains in your possession. Domain protection requires a domain monitoring solution that looks outside to ensure the parts you don’t use aren’t being used against you.

Need an easy way to get started with domain monitoring? Request a free, no-obligation domain risk report.

It’s a great (and fast) way to assess risks to your Internet domains—risks that could manifest as typosquatting attacks. Provide your website URL, and our system will analyze variations of your domain name across more than 3,000 TLDs. Within a couple of business days, we’ll send you a comprehensive risk report that identifies the domain variations that pose the most significant risk to your brand and business and acquisition analysis.