Automated Online Brand Protection and Domain Take-Down Action
Category: Data Enrichment and Threat Intelligence, Analytics and SIEM
Cyware Products Used:
Respond
Orchestrate
Collaborate
Third-Party Integrations Used:
SlashNext: To provide brand monitoring service by monitoring the most extensive internet data sets available with the comprehensive monitoring of digital channels.
Problem Statement
Cybercriminals attempt to impersonate a brand by creating fake domains, plagiarizing brand content, and creating fake products and websites to reflect poorly on a brand. It causes brand image erosion, reputation damage and financial losses, and legal costs as the trust in a brand is broken. Hence it is vital for security teams to establish brand protection as part of the organization’s cybersecurity strategy just like protecting any other business-critical assets.
Solution
Security teams must establish security strategies that effectively and continuously shield the brand and associated assets from threats, such as impersonated domains, infringing domains, typo-squatting domains, phishing sites, and fake web pages.
The solution is to automatically retrieve brand monitoring alerts and send them to incident response with the required evidence. The process detects brand impersonators and malicious URLs using deep inspection of website content and packages (IOCs, forensics, and screenshots) and drafts an email to take-down the malicious domain. The abuse investigation department can simply forward the draft email to the domain registrar for further action.
How do we solve this problem?
Retrieve Brand Monitoring Alerts: The playbook starts by retrieving the brand protection alerts from brand monitoring tools on a regular time interval. You can also use a tool such as Slashnext for brand monitoring services.
Filter Alerts: The playbook identifies alerts that are related to domain impersonation, domain infringement, typo-squatted domains, phishing sites, and fake web pages. The alerts are formatted with important information such as the malicious site address, domain name, domain owner details, source IP address, and more.
Create CFTR Incident: The playbook creates an incident in Respond and updates the details of the brand alert. Analysts can take the incident for manual investigation. After the investigation, analysts can create response actions such as sending a takedown request for the malicious domain.
Draft Email Request: The malicious details identified in the brand monitoring alert are drafted as an email with the screenshot evidence and URL analysis report and kept ready for analyst approval.
Send Takedown Request: Analysts can review the incident details and directly send the draft email to the domain registrar for the takedown request.
Notify Members: The details of the incident is sent to Collaborate. Collaborate creates an advisory and shares it with network organizations to proactively notify them about the incident while the domain takedown request is in progress.
Update Respond Incident: After the registrar has considered the take-down request, analysts can close the incident with learnings.
Benefits
Robust Brand Protection
The solution enables your security teams to be proactive, consistent, and smart about brand protection to keep your brand and business online and protected always.
Saves Analyst Time
With an automated solution in place, security analysts can save hundreds of hours spent on a weekly basis managing your organization’s brand abuse inbox.
Respond Effectively to Brand Threats
The solution combines advanced global threat intelligence automation and enrichment of high-fidelity threat intelligence data to enable analysts to respond effectively to targeted brand threats.