In the previous blog we introduced the elements of an effective Domain Risk Management (DRM) practice. The practice comprises 1.) active management; 2.) proactively acquiring domains to mitigate threats; and 3.) the continual monitoring of domains. Diving deeper into the DRM process, this blog will outline the ongoing need to discover and assess domain threats. The blog will then move into a discussion around the the challenges posed by scaling the DRM process.
Discovering the Threats
Once you have a comprehensive catalog of domains owned and managed by your organization, you can shift your attention to threats created by typosquatters and other cyber criminals. The domain variations that need to be considered for this exerciser extend beyond the simple character replacements, for example “app11e” instead of “apple.” The variants also need to include word combinations such as “apple-support” or “applepasswrd.” Fortunately, this is a discrete problem that can be solved rather than an undefined problem with infinite possibilities.
The objective here is to discover the various (and numerous) permutations that can exist for your organization’s domain names…
