Domain threat detection helps security teams identify and block malicious domains in real time.

Domain threat detection is a critical component of the internet, and as such, malicious actors have developed ways to exploit it for a variety of attacks. Many of these include phishing, botnets, cryptojacking and data exfiltration, which can all be traced back to the underlying domain name system (DNS).

Domain threat detection uses a variety of active DNS sourcing methods to gather massive amounts of data from different sources. This approach provides a comprehensive and broad view of the domain threat landscape, enables the identification of a wide variety of threats and significantly increases speed of detection versus other methods.

Why Domain Threat Detection is Critical for Your Business: Protecting Your Online Presence from Cyber Attacks

Adversaries use look-alike domains to steal credentials and cause reputational damage. They also can launch phishing attacks using these domains, compromising users’ trust in your brand and causing significant financial losses.

Keeping track of these domains can be difficult for organizations, as adversaries are always creating new domains and modifying existing ones. To combat this, CrowdStrike Falcon Intelligence Recon now offers a capability that detects domain-based impersonation infrastructure like typosquats, spoofs and phishing attacks.

The Domain Threat Detection engine leverages a set of automated detection rules to analyze the domain name and its associated traffic patterns for signs of brand impersonation. This enables security teams to create monitoring rules that search for key terms associated with your organization or brand and alert when new domains are created that could be used in an impersonation attack.