5 Questions to Ask When Evaluating Brand Protection Solutions

Organizations face attacks from all sides. Cybercriminals and state-sponsored threat actors regularly impersonate brands on social media, as well as, set up malicious phishing websites. They can damage the brand while also stealing employee and customer information to sell on the dark web. It can be hard to combat these threats, since all of this happens outside the corporate network. Right now, security teams are investing in intelligence to protect their company’s most important asset – their brand.

When it comes to building brand intelligence, smart security teams start with a brand protection solution. But, with all of the brand protection solutions out there, picking the right one can be hard. To make it easier, we’ve compiled a list of the five most important questions to ask yourself as you evaluate brand protection solutions to find the right one for your organization.

1. What are the problems I’m looking to solve?

The first question to ask yourself could be the most important in deciding on the solution you need. Brand protection is a broad term that emcompasses a wide variety of use cases. Which ones are most important to your organization, specifically?

To start, make a list of the challenges you need to solve, clearly define objectives, and rank them in order of priority. These may include typosquat domains, leaked credentials, code repository leaks, dark web conversations, and executive impersonation. Organize your priorities according to your organization's external risk profile. The most important thing is to know what you're looking for, so you can find the best solution for your company.

2. How will the vendor help my security program mature over time?

When you purchase a critical component, like a brand protection solution, for your organization's cybersecurity tech stack, you'll work with that vendor for a long time. Make sure the vendor does more than solve your immediate problems: make sure the vendor can continue supporting you in the future as your cybersecurity program matures.

Many vendors offering brand protection solutions offer additional use cases that go well beyond protecting your organization against brand attacks. These may be anything from vulnerability prioritization to third-party risk assessment. However, not all of these vendors offer equally mature solutions for these additional use cases. While brand protection may be your biggest need today, you'll want to expand your capabilities in the future. Make sure you choose a vendor who can support you as you grow.

3. Where does this solution draw from to provide intelligence?

The best way to deliver on your organization's brand protection needs is to find a solution that draws on the broadest possible range of sources for threat data. If you depend too much on a smaller set of sources, you may easily miss threats, or end up with a skewed perspective of the threat landscape. Any solution you pick should be able to provide a detailed picture of data from open sources, technical sources, dark web, and criminal underground sources.

Open sources are easily accessible to the public, like global news sites and social media. The value of an intelligence provider of open sources comes from scale. Monitoring a handful of websites doesn’t tell you much. But, monitoring hundreds of thousands of websites can provide real insight into events as they happen.

Technical sources provide a stream of indicators that can be applied to automatically identify and block suspected malicious communication. This is the kind of actionable intelligence your security team can use to ensure technical controls and processes are in place and ready to go. Most companies don’t have comprehensive visibility into technical indicators on their own. This requires strong partnerships with technology providers across different types of data and technology.

Dark web sources provide direct visibility into the actions and intent of threat actors. These sources are where threat actors go to sell corporate data and plan their attacks, so insight into dark web chatter and activities is crucial. Most of the really valuable sources of information from the criminal underground are closed to the public. Getting access to this information requires highly-trained professionals to infiltrate the criminal underworld.

4. Does this solution use both machine and human intelligence effectively?

It's crucial to be able to integrate and analyze data from a wide variety of sources. This gives you relevant context and deep insight that you simply cannot get from fewer sources. However, a provider that collects from too many sources can easily become too noisy and a time sink, instead of being a timesaver.

The ideal solution doesn't just consume data from an extensive range of sources; it needs to provide context for that data and prioritize the important alerts. Otherwise, your teams will be overwhelmed with excess information. The best approach here is one that combines both machine and human intelligence.

Machine learning and natural language processing capabilities are vital for analyzing vast quantities of data and making connections humans can't. Automated language analysis quickly reads and processes content in the language of the threat actors, whether you speak it or not. A vendor that relies too heavily on human translators can cause major delays that impacts your response time.

Image analysis and optical character recognition capabilities are an increasingly important tool for online brand protection. They help organizations track down malicious usage of their brand, product, or logo across the internet. Any vendor that doesn't include image analysis will have significant misses with this kind of threat.

However, you still need more than machines for brand protection. Actual humans can provide the sort of nuanced understanding of critical risk events that machines can't. You also need humans to maintain and evolve source collection, since threat actors constantly update their communication channels. Any intelligence provider that uses exclusively automated collection will miss out on important information.

5. Does this provider automate remediation and takedown?

Being able to identify external attacks isn't enough: you also have to be able to mitigate the damage. A good provider will give you all of the information you need to submit a takedown request with the relevant hosting provider. However, manual takedowns can be a time-consuming process in an industry where time is always of the essence – especially if you have to submit a large volume of takedowns.

Fortunately, many brand protection vendors offer services to make the takedown process easier. They have established relationships with hosting services that allow them to execute faster, more successful takedowns. It's important when considering vendors to make sure the one you pick automates remediation and takedown activities. You don't want to have to do it all by hand.

Getting Started

To learn how you can build a brand protection program that’s right for your organization, read our Brand Protection Buyer’s Guide. In it, you will find more critical aspects of a brand protection solution with an editable Request for Proposal (RFP) template. To get hands-on insights with a brand protection tool to help validate your brand intelligence priorities and to better understand your brand’s exposure, start your two-week free trial of Recorded Future’s Brand Intelligence module today.