GPT-4 Helps Red Sift Find Phishing Sites and Identities

Highlights:

• Relevance Detection employs OpenAI LP’s GPT-4 large language model to autonomously detect and contextualize identities associated with DNS, WHOIS information, and SSL certificates.
• As the enterprise attack surface expands, research suggests a significant increase in the average number of cyber assets from 165,000 to 393,419 by 2023.

Red Sift, a cybersecurity company, has recently released Relevance Detection, the first asset discovery and classification solution powered by GPT-4 for its OnDOMAIN hostname and certification monitoring platform.

Relevance Detection employs OpenAI LP’s GPT-4 LLM to autonomously detect and contextualize identities associated with WHOIS info, DNS, and SSL certificates. It informs the user of the identities associated with a domain name and then generates suggestions for which identities to enable.

Chief Executive Rahul Powar said, “Relevance Detection leverages OpenAI’s GPT-4 technology to automatically scan each identity and generate a custom recommendation that tells security teams whether an identity should be enabled and why. This helps them decide which identities they want to include in their domain asset discovery process.”

The announcement emphasizes a novel application for generative artificial intelligence. In addition to creating an inventory of domain assets in the wild that require protection, security teams can also identify phishing sites impersonating their organization’s brand.

Leveraging Generative AI for Cyber Asset Discovery

As the enterprise attack surface expands, research suggests a significant increase in the average number of cyber assets from 165,000 to 393,419 by 2023. Moreover, there is a rising trend in phishing attacks and social engineering schemes.

In this evolving threat landscape, security professionals face the challenge of safeguarding vulnerable assets and mitigating the risks posed by malicious domains and phishing sites to protect their reputations.

Manually monitoring the web for these assets can be time-consuming, but the emergence of generative AI offers the potential to automate identifying and protecting such assets. This enables security analysts to address vulnerabilities before malicious actors exploit them proactively.

Rahul Powar said, “Today 50% of companies have experienced a cyberattack from an unmanaged or poorly managed asset. The average Fortune 500 company takes 12 or more hours to find a serious vulnerability, while bad actors focusing on a site takes less than 45 minutes. This means that discovering assets that are unknown, short-lived or impersonating is critical, and discovering them quickly is equally as critical.”

Powar stated that a financial institution valued at over USD 300 billion has successfully utilized Relevance Detection to discover 300 digital identities and detect a website impersonating the organization.

This demonstrates the value of generative AI in identifying and understanding digital identities and assisting human users in assessing risk across the organization’s ecosystem.

Exploring GPT-4’s Impact on the Domain Discovery Market

Since its establishment in 2015, Red Sift has experienced significant growth, expanding its presence with offices in North America, Spain, and the United Kingdom. It has raised a total of USD 69.8 million, including a USD 54 million Series B funding round in February 2022. Red Sift verifies over 1.9 million hostnames and adds around 10 million new certificates to its database every month.

In the future, generative AI will be a distinguishing factor for Red Sift in the email security market, setting it apart from competitors like Proofpoint Inc., which was acquired for USD 12.3 billion by Thoma Bravo in 2021 and includes its domain research functionality.

Proofpoint’s domain lookup tool, Domain Discover, scans recently registered domains to identify malicious subdomains or URLs that aim to redirect website traffic or deceive users through phishing attempts.

In contrast, Red Sift plans to leverage generative AI to differentiate itself from such providers. Red Sift aims to offer IT administrators enhanced insights into digital identities and a fresh perspective that can help mitigate organizational risks.