Elements of an Effective Domain Risk Management Program
Problem Statement
The practice of Domain Risk Management (DRM) is the solution to the problem created by typosquatting attacks and other threats like cybersquatting and soundsquatting (using homophones to create look-alike domains), which are then used for phishing or fraud campaigns to steal credentials, personal information, or financial information.
Domain management (DM) is often relegated to the marketing or legal teams in many organizations because there is a branding as well as trademark component to domains. Increasingly, domain risk is becoming a CISO’s responsibility because many cyber attacks leverage domains. For example, a criminal could register the domain microosoft.com (notice the “oo”), set up an email server and start sending phishing emails. Adding a proactive, defensive methodology to this established process is becoming a key part of modern cybersecurity strategies.
This leads to the question of whether to build the capability in-house or to purchase it as a service. Below is an introduction to DRM and a discussion that reviews the benefits provided by active management and monitoring of domains.
Define the Outcomes of Proactive Domain Risk Management Program
Before building anything, you must define what the result will look like. For a successful DRM, you need to consider adding the following components:
1. Active management and monitoring of domains
– Registered domains owned by others for weaponization
– Unregistered domains for registration and weaponization
– Acquisition of strategic domains
– Management of domains owned by the corporation (renewals)
2. Safe enumeration of potential threats presented by typosquatting
As a reminder, while the action of enumerating threats and mitigating them is important it is equally important that these actions are documented and that they are performed regularly.
3. Active management and monitoring of domains
Typical management activities associated with your organization’s domains should include the creation of a complete catalog of all registered and owned domains. This catalog must include sufficient detail for each domain name.
In addition to the catalog and the tracking of domain name expiration you will also need a process in place to acquire new domains as the organizations identified a need. Be certain to include a step that integrates this new domain into your catalog created above end-to-end management.
Summary and Next Steps
In this blog we introduced the idea of risk management for your organization’s domains, reviewed the critical components that constitute a DRM and discussed the value in actively managing this process. In the following posts in this series, we will go deeper into this process.
Domain Risk Management is most importantly an overall process where discipline and consistency is required. Unlike many cybersecurity challenges, it is a discrete problem that can be defined with little left to chance. The main factor that causes companies to fail is enumeration of threats to your domain(s) at scale. It is easy to leverage open source tools but ensure coverage and repeatability complexities that exist when you attempt to scale this effort without a dedicated system.
Request your free trial today: Bolster Free Trial
Learn more about Bolster Domain Protection solutions
*** This is a Security Bloggers Network syndicated blog from Bolster Blog authored by Jeff Baher. Read the original post at: https://bolster.ai/blog/elements-of-an-effective-domain-risk-management-program/
