See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
Understand Threats Against Your Domain and Brand
As brands increasingly transact business and engage with customers through their website, having an advanced domain infringement detection strategy is critical. Threat actors can easily and cheaply register domains using trusted brand names to drive monetizable traffic to other sites, phish for sensitive data, distribute malware, sell counterfeit goods, and more.
RiskIQ Domain Threats provides comprehensive detection of brand-related domains combined with the intelligent discovery of a brand’s legitimate domain footprint to identify infringing domain names. Via our proprietary virtual user technology, RiskIQ analyzes a brand’s official site content and behavior. Experiencing websites the same way that real users would ensure that we uncover malicious and fraudulent activities designed to elude detection by other detection methods.
Download the Datasheet Now
Organizations invest significant resources in designing, securing, and driving traffic to official websites to build and preserve customer loyalty and brand trust. However, these investments are undermined—and the security of the company and its customers threatened—when third parties register look-a-like domains containing the brand names, or variations and misspellings of the brand names, to divert users away from the legitimate site or sites.
It’s easy for users to follow links in social media, emails, and on other websites where the actual URL isn’t easily seen. And while many users may notice when they expect to go to www[.]domain[.]com and instead end up at www[.]somethingotherthandomain[.]com, it’s not as easy to see the difference between www[.]domain[.]com and www[.]dornain[.]com (note that the R and N side-by-side look like an M). These threats also use subdomains to target your organization.
Any URL can lead to websites hosting phishing pages, scams and counterfeit goods, or malware. And it’s important to understand the domains, subdomains and actual websites that are using branded terms and look-a-like terms that are targeting your organization.
Subdomain Infringement: The unseen threat that’s running rampant
RiskIQ searches WHOIS registrations and DNS data to identify third-party owned domains and subdomains containing exact matches or close spelling variants to branded terms. Our proprietary discovery technology automatically maps out all of an organization’s legitimate websites and infrastructure. That information is then used to intelligently distinguish between company-owned domains and infringing domains and subdomains. The result is fewer false positives and more accurate risk identification.
After identifying an infringing domain, RiskIQ’s unique virtual user crawling infrastructure intelligently analyzes the web page and HTML code associated with it. The virtual users detect brand references, logos, and other site content, and follow redirects and load scripts that may lead to malicious content or phishing. Virtual users visit websites from multiple geographic locations and browser types, just like a real user would. This provides the additional context needed to determine how threat actors may be using each domain and the risk it poses to the associated organization.
Subdomain Infringement: The Unseen Threat
Learn more about the individual threat types that make up the External Threats solution set: