The above image is exactly what you would want to see within minutes of DomainGuard identifying malicious activity against your domain or brand. The moment we identify malicious intent, we perform a take-down of the offending domain.
DomainGuard is regularly the first security vendor to report on the threats we identify. Our combination of automated statistical and human analysis results in high accuracy take-downs with no false positives. As a result of our high integrity findings, registrars and hosting providers are quick to take-down sites we report, sometimes within minutes.
Takedown Justification
Domain or typo-squatting, or the process of registering and “squatting” on lookalike domains is a well known and established process. We discuss reasons why individuals engage in this behavior and provide examples of legitimate use cases for domain squatting in our Domain Monitoring subsection.
Ultimately, the justification to perform a take-down comes down to intent. DomainGuard keeps an eye on suspicious or lookalike domains and detects changes in these domains. Our detection algorithms notify our analysts when changes are made that trigger a domain status change from one that is suspicious, to one that is malicious. DomainGuard documents the domain changes, and prepares evidence of malicious intent. Our analysts then perform a final review, before submitting the takedown request with the appropriate Domain Registrar or Hosting provider. Our combination of automated and manual analysis helps foster a better relationship with Domain Registrars and Hosting providers as they have high confidence in our submissions.
The Double-Edged Sword of Automation
Automation is always associated with a positive connotation. If an organization is using automation, it gives the appearance the organization is cutting-edge, technically literate, and better than their competitors who take a more time-consuming, manual approach. It’s worth mentioning this because automation as it relates to take-down requests can have serious consequences. We’ve heard stories of automated take-down submissions resulting in wrongful take-downs of legitimate business sites. As automated programs make inaccurate submissions, it degrades the relationship between the security vendor, and the registrars or hosting providers. In addition, the legitimate business on the receiving end of a wrongful take-down will be left with a bad taste. DomainGuard only submits take-down after gathering sufficient evidence of wrong doing, evidence that is documented and forwarded to both your security and legal teams.
