Domain Discover leverages the entire breadth of Proofpoint’s threat intelligence network—including email, social media, SaaS applications, and mobile platforms—to create a data set not available elsewhere in the security industry, delivering a solution that prevents fraudulent lookalike domains from attacking an organization’s employees as well as their customers and supply chain partners.
“Our new solution analyzes more than 300 million registered domains every day to shield organizations and their entire cloud-based ecosystem from fraudulent domain attacks— all before a single malicious message is delivered,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “Organizations worldwide trust our security expertise and today’s announcement underscores our continued commitment to maximizing innovation.”
Immediately available, Proofpoint Domain Discover integrates real-time threat intelligence with fraudulent domain registration to provide necessary visibility, automation, and quick remediation capabilities. Prevalent in email fraud and credential phishing attacks, lookalike domain attack attempts recently increased by 200 percent between Q1 and Q2 2017 across Proofpoint’s enterprise customer base.
According to Proofpoint research, this year the average volume of suspicious lookalike domains, that spoof the brand names of the Fortune 50 companies, increased by 20 percent year-over-year. For every brand-owned defensively registered domain there are 20 suspicious domains registered (a 100 percent increase over 2016).
Fraud attackers often purchase and register fake domains that closely mimic legitimate companies; however, because targeted organizations do not own the deceiving domains—they cannot control them. This limits the targeted company’s ability to stop malicious activities spearheaded by that domain. Unfortunately, if successful, victims often trust the fake communications, potentially leading to the handover of sensitive data or money. Proofpoint helps stop these targeted attacks (including email fraud, malware campaigns, ransomware, and credential phishing) before they reach recipients.
For most organizations, it is impossible to identify every lookalike domain manually given the many ways they can be built. Proofpoint Domain Discover makes it easy to review the domains that really matter by automatically flagging high-risk domains as suspicious, phishing, or trademark infringement. Integrated real-time threat intelligence is linked with comprehensive domain information including registration details, MX record checking, domain screenshots, and other attributes.
Armed with a prioritized domain list, security teams save time and proactively block any emails coming from the suspicious sending domain. From the administration console, security teams can simply configure the takedown option and submit a request with third-party takedown providers. The Proofpoint Nexus Threat Graph also incorporates all identified suspicious domains to protect all Proofpoint customers from the malicious lookalike domains.
