There are several ways to evaluate the data provided on the Bolster platform. We have collected some best practices and wanted to share these with you below. Much of these suggestions are based on the current workflows of our existing customers.
- Start by looking at the list of sites presented under the "Takedown Malicious" Bolster action. These are the sites automatically detected by Bolster's engine and are often clear-cut phishing sites. If automated takedowns are enabled on your account, there is no further action required on your end. However, if you have elected to manually review each site found, you will need to click on the URL and hit the "Request Takedown" option found on the Insights page.
- From the main Web dashboard, use the "logos detected" filter to see if there are any Pre-Malicious sites that might be infringing on any of your trademarks. If trademark abuse is a use case included in your Bolster license, you can make a request for takedown if there's unauthorized use of you marks. Trademark and/or copyright abuse cases do typically tend to take a lot more time compared to the takedowns of phishing sites.
- From the main Web dashboard, use the "MX Records" filter to find any parked sites that have an associated Mail Exchange record associated with it. If any of these domains are high risk, consider working with your IT team to block emails coming from these domains to help prevent any business email compromise (BEC) type of scams from occurring. Furthermore, if you have any recurring communications that go out to your partners or key clients, it might also be good for you to inform them of these domains as well.
- There are scenarios where threat actors may use SEO strategies to support their fraudulent sites or scams using your brand's keywords. Bolster does detect these sites by running actual Google and Bing searches. Using the filter for Google/Bing searches will help you understand if there are any suspicious sites that were initially found by running these searches. Just like in recommendations 2 and 3, you can find this filter on the main Web dashboard.
- Navigate to the full list of "Pre-Malicious" sites being monitored by Bolster and sort by "First Seen" date in descending order. This will have the newest sites appear at the top of the list. You can then use the "Category" field to further narrow down the results to those that might be of interest to your team. The category selected may depend on your use case, your team's responsibilities, and/or even your business vertical. Some popular categories used in filters include: Sensitive Data, BEC, Domain Parking, and Cryptocurrency.