# Authentic Web > Enterprise Domain management for the new TLD Era --- ## Pages - [Innovate 2025 Attendees](https://authenticweb.com/qr/): Organizations believe they are IT security compliant. They aren’t. External DNS security issues are persistently causing cyber-attacks, ransomware, and data... - [Domain Portfolio Managers and Administrators](https://authenticweb.com/domain-portfolio-managers-and-administrators/): Domain Portfolio Managers & Administrators Easily manage hundreds, even thousands of domains, reducing effort & cost Apply automated change management... - [Risk, Compliance, and Governance Officers](https://authenticweb.com/risk-compliance-and-governance-officers/): Risk & Compliance OfficersEnterprise believes it’s security-standards compliant. It isn’t. Despite security framework standards like ISO, NIST, SOC Type II,... - [IT Security](https://authenticweb.com/it-security/): IT SecurityThe easiest way to establish and maintain external DNS security. External DNS is a pain to manage. Too many... - [M&A Due Diligence Executives](https://authenticweb.com/ma-due-diligence-executives/): M&A Due Diligence ExecutivesWhen you buy a company, you’re also acquiring their DNS network security risks. Corporate domains are valuable... - [Network Operations](https://authenticweb.com/network-operations/): DNS Network OperationsManaging domains, zone files, DNS security, and TLS certificates is time consuming and costlyNetwork operations bear the brunt... - [Domain and DNS Solutions for Managed Service Providers](https://authenticweb.com/solutions/domain-dns-managed-service-providers/): MSP Partner ProgramDomain and DNS Solutions for Managed Service ProvidersMeet the growing demand for managed domain and DNS services with... - [DNS Inspector™](https://authenticweb.com/platform/dns-inspector/): DNS Inspector™The fastest, most accurate security audit of your domain assets and external DNS DNS Inspector is an automated testing... - [Brand TLD Resources](https://authenticweb.com/resources/brand-tld-resources/): We research, publish, and curate resources of interest to brand owners to learn about the value of trusted Brand TLD... - [Domains DNS/TLS Security Resources](https://authenticweb.com/resources/domains-dns-tls-security-resources/): We research, publish, and curate resources of interest to enterprise stakeholders responsible for Domains, DNS, and TLS Certificate management. Here... - [Authentic Web Start](https://authenticweb.com/): Corporate Domain Management made easy! DNAM™ (Domain Name Asset Manager) is a modern corporate domain management system that secures domains,... - [Get a clear view of your DNS security.](https://authenticweb.com/dns-audit/): Get a clear view of your DNS security. Get a free DNS audit to uncover risks, fix misconfigurations, and improve... - [Registry Trust Manager™: RTM](https://authenticweb.com/platform/registry-trust-manager-rtm/): Automated, trust certificates at each endpointDNSSEC management automationConnection monitoring and remediationPolicy based DNS security enforcementProtection from people errors/omissionsCost effective and... - [SSL](https://authenticweb.com/legal/ssl/): INTRODUCTION AND INTERPRETATION Unless otherwise stated, capitalized terms used herein have the meaning ascribed to them in the General Terms... - [TLS/SSL certificate management](https://authenticweb.com/solutions/tls-ssl-certificate-management/): The challenge organizations face to implement HTTPS everywhere is the increased administrative burden and cost of managing TLS certs on... - [Request a demo](https://authenticweb.com/demo/): Request a demo. → Easily lock down domain and DNS security → Eliminate wasted time, effort and error potential →... - [Cookie Policy](https://authenticweb.com/cookies/): We keep this Cookies Policy under regular review. This Cookies Policy was last updated in June 2018. At Authentic Web... - [Platform](https://authenticweb.com/platform/): A single, unified control system can dramatically simply the complex chain of operations required to manage domains and the DNS.... - [Services](https://authenticweb.com/services/): The best way to simplify and secure your domain and DNS management operation is to consolidate domain registrars, managed DNS... - [Domain Name Asset Manager: DNAM™](https://authenticweb.com/platform/domain-name-asset-manager-dnam/): Trusted by global enterprises - [DNS Security & Compliance](https://authenticweb.com/solutions/domain-dns-security-compliance/): DNS Security and Compliance Enterprise domain portfolios and DNS networks are under attack with increasing frequency and impact. Domain and... - [Resources](https://authenticweb.com/resources/): Resource CenterDomain and DNS resources for enterprise business, digital and IT Leadership. We research, publish, and curate resources of interest to... - [Corporate Domain Management](https://authenticweb.com/solutions/corporate-domain-management/): Consolidate domains, DNS, and TLS certificates into a single pane of glassSecure your enterprise data and eliminate complexity, costs, and... - [Solutions](https://authenticweb.com/solutions/): Corporate domain stakeholders including digital marketing leaders, IT and ITSec management, and IP attorneys face increasing challenges to managing domains... - [Domain Asset Portfolio and DNS Audits](https://authenticweb.com/services/domain-asset-portfolio-and-dns-audits/): ServicesDomain Asset Portfolio and DNS AuditsHave you conducted a Domain/DNS Audit lately? Take hundreds or thousands of domains. Spread them... - [Brand Registry Asset Manager: BRAM™](https://authenticweb.com/platform/brand-registry-asset-manager-bram/): PlatformBrand Registry Asset Manager: BRAM™Innovate in Brand Authentic Digital Spaces. The BRAM™ service is designed from the ground up for... - [Domain Name System Services: DNS](https://authenticweb.com/platform/domain-name-system-services-dns/): PlatformDomain Name System Services: DNSAuthentic Web offers managed DNS options certain to improve your operational efficiency, security and compliance. - [.Brand Registry Strategy, Application and Deployment](https://authenticweb.com/services/brand-registry-strategy-application-and-deployment/): ServicesBrand Registry Strategy, Application and DeploymentOver 550 Brands applied for their Brand Registry, yet only 140 have deployed. Why? - [Domain/DNS Total Cost of Ownership (TCO) Survey](https://authenticweb.com/services/costofownershipdomain-dns-total-cost-of-ownership-tco-survey/): ServicesDomain/DNS Total Cost of Ownership (TCO) Survey Everyone wants to reduce operational costs. The challenge for your domain and DNS... - [Legal](https://authenticweb.com/legal/): Authentic Web Inc. (“Authentic Web”, “AW”, “we”, “us”, “our”, or “ours”) welcomes you to AW’s website authenticweb. com and any... - [Privacy Policy](https://authenticweb.com/privacy-policy/): We keep this Privacy Policy under regular review. This Privacy Policy was last updated in June 2018. At Authentic Web... - [Domain and DNS Consolidation](https://authenticweb.com/services/domain-and-dns-consolidation/): ServicesDomain and DNS ConsolidationWe minimize your consolidation effort and do all the heavy lifting. - [About Us](https://authenticweb.com/company/about-us/): About UsDomain and DNS Risk and Pain for IT Teams + Digital Brand Trust is evolving! Corporate domains and the... - [Why Authentic Web](https://authenticweb.com/company/why-authentic-web/): Why Authentic WebComplete Control, One SystemAuthentic Web is the only corporate domain registrar enabling enterprise brands to fully manage their domains,... - [Technology](https://authenticweb.com/company/technology/): TechnologyTechnologies that streamline domain and DNS management. World-class technologies under a single, unified platform to easily manage your domain assets,... - [Contact](https://authenticweb.com/contact/): Contact UsPlease use this page to contact us for any domain name related queries you may have, including complaints about... - [Company](https://authenticweb.com/company/): Authentic Web is the only corporate domain registrar enabling enterprise brands to fully manage their domains, DNS, and Brand registry on a... --- ## Posts - [Retail Sector Newsletter Q1 2025](https://authenticweb.com/newsletters/retail-sector-newsletter-q1-2025/): This report benchmarks the DNS security posture of 25 of the largest players in the US Retail Sector. - [Top 10 Domain Pain Symptoms in the Enterprise](https://authenticweb.com/domains-dns-and-tls-certificates/top-10-domain-pain-symptoms-in-the-enterprise/): The IT Director is the one who receives the stress-inducing, "Critical", "Urgent", "ASAP", "Priority 1", "Production Critical", "Revenue Impacting", or... - [The IT Director's Story Domain and DNS Management](https://authenticweb.com/domains-dns-and-tls-certificates/the-it-directors-story-domain-and-dns-management/): Over the past decades of domain, DNS and certificate management in the enterprise, there was and is a constant state... - [10 Predictions for 2024](https://authenticweb.com/domains-dns-and-tls-certificates/10-predictions-for-2024/): At the end of every year, there are a flurry of prediction articles that we all like to read. Predictions... - [DNS Inspector: 3 questions answered](https://authenticweb.com/domains-dns-and-tls-certificates/dns-inspector-3-questions-answered/): When any business launches a new innovative service, particularly a technology service, it is critical to listen to prospect questions... - [IT Processes for Domain & DNS Management are Broken](https://authenticweb.com/domains-dns-and-tls-certificates/it-processes-for-domain-dns-management-are-broken/): Flawed business processes make this complex operational area effort-intensive, costly, and exposed to security risks. - [Business Process Challenges Solved](https://authenticweb.com/domains-dns-and-tls-certificates/business-process-improvement/): A process can be short, such as a simple purchase-to-fulfillment process or a complex, long-term asset management process that spans... - [A Strong Case for Business Process Management Improvements](https://authenticweb.com/domains-dns-and-tls-certificates/a-strong-case-for-business-process-management-improvements/): Corporate domain management is all about business process. Many organizations admit their business processes are broken and in need of... - [A Systems-based approach to Corporate Domain Management](https://authenticweb.com/domains-dns-and-tls-certificates/a-systems-based-approach-to-corporate-domain-management/): Corporate domain management is painful, but it needn’t be. New best practices and modern systems eliminate manual processes, cost, and... - [Domain Management Pain: Governance, Compliance and Cost of Ownership](https://authenticweb.com/domains-dns-and-tls-certificates/domain-management-pain-governance-compliance-and-cost-of-ownership/): Corporate domains are held in ever-growing portfolios for years. These critical, digital assets demand ongoing governance and compliance at increasing... - [Why IT suffers most through the Domain, DNS and SSL Lifecycle](https://authenticweb.com/domains-dns-and-tls-certificates/why-it-suffers-most-through-the-domain-dns-and-ssl-lifecycle/): One a new domain is registered it falls on IT (network operations and InfoSec) to manage the domain through its... - [Front-end Domain Management Pain: Originators, approvers and registrars](https://authenticweb.com/domains-dns-and-tls-certificates/front-end-domain-management-pain-originators-approvers-and-registrars/): Corporate domain management pain starts with the people that request and approve domains. Process flaws in this critical, initiate step... - [The Pain of Corporate Domain Management](https://authenticweb.com/domains-dns-and-tls-certificates/the-pain-of-corporate-domain-management/): Domain management is a long lifecycle task that impacts numerous stakeholders throughout an organization. As domain portfolios grow in size,... - [Digital Security and Compliance Priorities: Before, During and After COVID-19](https://authenticweb.com/domains-dns-and-tls-certificates/digital-security-compliance-priorities-covid-19/): Before COVID-19, enterprises are sure to experience material security breaches due to a history of short-term priority setting, autopilot driven... - [How to Simplify DNSSEC Adoption](https://authenticweb.com/domains-dns-and-tls-certificates/how-to-simplify-dnssec-adoption/): Any company with an online presence — that is, every organization — is vulnerable to attacks that compromise the DNS. DNS... - [How to Know If Your DNSSEC Is Working](https://authenticweb.com/domains-dns-and-tls-certificates/how-to-know-if-your-dnssec-is-working/): DNSSEC, the security settings that validate domain query data, is a critical component in defending the domain name system. DNSSEC uses pairs... - [The Real Risks of Not Deploying DNSSEC](https://authenticweb.com/domains-dns-and-tls-certificates/the-real-risks-of-not-deploying-dnssec/): To understand the importance of DNSSEC, you need to know what can happen without it. Hackers aggressively target the DNS... - [The Challenges of Deploying DNSSEC](https://authenticweb.com/domains-dns-and-tls-certificates/the-challenges-of-deploying-dnssec/): Why Is DNSSEC Adoption So Low? DNS Security Extensions (DNSSEC) are a proven security measure to defend against DNS hijacking,... - [How DNSSEC Works - And Why Every Organization Needs It](https://authenticweb.com/domains-dns-and-tls-certificates/how-does-dnssec-work/): DNSSEC protects brands by ensuring internet users won't be misdirected to unauthorized online content destinations. Here's how it works. - [What Is DNSSEC?](https://authenticweb.com/domains-dns-and-tls-certificates/what-is-dnssec/): DNSSEC is the most effective security measure a company can implement to defend against DNS hijacking. In part 1 of... - [When You Want to Improve DNS Security, Focus on Efficiency](https://authenticweb.com/domains-dns-and-tls-certificates/when-you-want-to-improve-dns-security-focus-on-efficiency/): Inefficient and costly DNS management practices undermine DNS security. 70% of the Fl 000 has yet to implement DNSSEC or... - [Effective DNS Security Starts With These 4 Best Practices](https://authenticweb.com/domains-dns-and-tls-certificates/effective-dns-security-starts-with-these-4-best-practices/): Few organizations deny the importance of protecting the DNS, yet the challenges of managing and securing domain name systems leave... - [Why Is DNS So Hard to Manage?](https://authenticweb.com/domains-dns-and-tls-certificates/why-is-dns-so-hard-to-manage/): Enterprise DNS is more vulnerable to attack than ever, despite well-known best practices intended to prevent compromise. Why is this... - [How to Minimize Threats With These 7 DNS Security Solutions](https://authenticweb.com/domains-dns-and-tls-certificates/how-to-minimize-threats-with-these-7-dns-security-solutions/): DNS security is easily compromised and more targeted than ever. In this post, discover seven DNS management practices that mitigate... - [External DNS Security: An Overlooked IT Security Threat](https://authenticweb.com/domains-dns-and-tls-certificates/external-dns-security-an-overlooked-it-security-threat/): Enterprise IT security frequently overlooks the DNS - an increasingly vulnerable layer to every organization’s cyber security. Learn how common... - [What Is DNS Security, and Why Is It Important?](https://authenticweb.com/domains-dns-and-tls-certificates/what-is-dns-security-and-why-is-it-important/): Organization’s Domain Name Systems (DNS) have come under increasingly frequent and serious attacks. This 1st of a 6-part series explains... - [Serious new domain and DNS compromise demands a preventative approach](https://authenticweb.com/domains-dns-and-tls-certificates/serious-new-domain-and-dns-compromise-demands-a-preventative-approach/): On April 17, Cisco’s Talos Group reported a widespread DNS hijack targeting government and enterprise domains. Standard domain and DNS... - [Domain and DNS Security measures don’t work](https://authenticweb.com/domains-dns-and-tls-certificates/domain-and-dns-security-measures-dont-work/): Organizations are vulnerable to cyber threats despite security measures recommended by experts. The reason? Most DNS security measures are impractical... - [ICANN World vs Real-World](https://authenticweb.com/brand-top-level-domains/icann-world-vs-real-world/): Is the global governing authority for domains in touch with digital reality? Maybe not... - [Google is Making The Internet Safer](https://authenticweb.com/domains-dns-and-tls-certificates/google-is-making-the-internet-safer/): Brands need to get on board – or risk digital fallout Google is leading global initiatives to make the Internet... - [The Dreaded Domain and DNS Audit](https://authenticweb.com/domains-dns-and-tls-certificates/the-dreaded-domain-and-dns-audit/): Companies know the importance of auditing their domains and DNS. So why don’t they? - [Domain and DNS Security Policies Work!](https://authenticweb.com/domains-dns-and-tls-certificates/domain-and-dns-security-policies-work/): DNS security policies like DMARC and DNSSEC are proven to work. So why aren’t enterprises using them? - [Who Won The War of the CXOs?](https://authenticweb.com/domains-dns-and-tls-certificates/who-won-the-war-of-the-cxos/): A Gartner analyst, Laura McLellan once famously predicted that CMOs would outspend their CIO counterparts on technology within five years. - [Brand TLD 2016 Year End Status](https://authenticweb.com/brand-top-level-domains/infographic-brand-tld-2016-year-end-status/): View the infographic to learn about the status of the Brand TLD market at the end of 2016. Click to... - [Customer Experience: Who wants to be a leader?](https://authenticweb.com/brand-top-level-domains/customer-experience-who-wants-to-be-a-leader/): As 2017 strategic plans are finalizing inside the enterprise, brand leaders have one priority in common; the Customer Experience. Nothing... - [Corporate Domain Management Journey](https://authenticweb.com/domains-dns-and-tls-certificates/infographic-corporate-domain-management-journey/): Corporate domain management has evolved from a simple to a complex administration and technical challenge. - [What is the Corporate Domain Management Business Problem?](https://authenticweb.com/domains-dns-and-tls-certificates/what-is-the-corporate-domain-management-business-problem/): Managing corporate domain portfolios is one of the most irritating, yet business critical functions for Digital, IP and IT Managers. - [4 Brand TLD Use Cases](https://authenticweb.com/brand-top-level-domains/infographic-4-brand-tld-use-cases/): With 95% of Brand TLDs delegated to the Internet, it’s safe to say this emerging digital identity evolution is here.... - [.WEB Acquired for $135 Million. Too much? How does it compare?](https://authenticweb.com/brand-top-level-domains/dot-web-acquired-for-135-million/): At $135 million, . WEB is the highest valued first round new Top Level Domain registry sold at auction. It... - [3 Reasons why Brand TLDs can Boost your SEO (Part 2)](https://authenticweb.com/brand-top-level-domains/3-reasons-why-brand-tlds-can-boost-your-seo-part-2/): Ok, let’s start by understanding Google’s current take on Brand TLDs. Google’s latest announcement on December 10, 2015, stated that... - [SEO History Helps to Understand the Brand TLD Future (Part 1)](https://authenticweb.com/brand-top-level-domains/seo-history-helps-to-understand-the-brand-tld-future/): Now first things first. No one can predict the future of SEO, however, we can make a good prediction at... - [Is Google Changing the Internet with the New TLDs?](https://authenticweb.com/brand-top-level-domains/is-google-changing-the-internet-with-the-new-tlds/): A wake-up call for brands in the new Top Level Domain (TLD) era. - [Brand Registries and Gartner’s Technology Priorities for CIOs in 2016](https://authenticweb.com/brand-top-level-domains/brand-registries-and-gartners-technology-priorities-for-cios-in-2016/): Brand Registries aka dotBrands are new Internet entities. Over 500 brands are beginning to rollout, with more brand use case... - [9 Reasons Why Brand Registries are the Best Defense](https://authenticweb.com/brand-top-level-domains/why-brand-registries-are-the-best-defense-9-reasons/): Brand Registries are the best defense to protect and grow brand identity in the name space. - [New Brand Registries: Leaders and Followers](https://authenticweb.com/brand-top-level-domains/new-brand-registries-leaders-and-followers/): As of September 2015, 517 brands have signed ICANN agreements to operate proprietary Brand Registries. That’s an increase of 180... - [Did Google Overpay for .APP?](https://authenticweb.com/brand-top-level-domains/did-google-overpay/): In 2014, we saw the first 500 of approximately 1,400 new Top Level Domains (TLDs) delegate and go live on... - [The Brand Registries of 2015](https://authenticweb.com/brand-top-level-domains/brand-registry-2015/): I enjoy all the end of year prediction articles. It is fun to think about what is likely in this... - [Game On! TLDs Start to Roll](https://authenticweb.com/brand-top-level-domains/game-on/): After several years of planning, policy making, strategy formation and more than a $1-billion invested (some suggest it’s more like... - [Authentic Web Comments on .Brand TLD Spec 13](https://authenticweb.com/brand-top-level-domains/authentic-web-comments-on-spec-13/): December 24, 2013 Internet Corporation of Assigned Names and Numbers (ICANN) 12025 Waterfront Drive, Suite 300 Los Angeles, California 90094-2536... - [The first TLDs go live!](https://authenticweb.com/brand-top-level-domains/first-tlds-go-live/): November 2013: Mark this month, the FIRST that saw new TLDs (top-level-domains) delegated to the Internet root. The FIRST of... - [Did Hilton make a big mistake?](https://authenticweb.com/brand-top-level-domains/did-hilton-make-a-big-mistake/): Last week, Hilton executives made the decision to withdraw their TLD application for . HILTON. Did they make a mistake?... - [New gTLD Market Strategies](https://authenticweb.com/brand-top-level-domains/new-gtld-market-strategies/): The optimistic view and the one I choose is that new gTLDs will create innovations enabling Internet users to contribute,... - [Brand Registries: 3 Initiatives](https://authenticweb.com/brand-top-level-domains/brand-registries-3-initiatives/): Opportunity Premise New TLDs offer brands the ability to innovate their online presence to build better relationships with current customers... - [The Brand Registry: A CEO's Vantage](https://authenticweb.com/brand-top-level-domains/the-brand-registry-a-ceos-vantage/): . BRAND registries prepare to innovate their online presence. How it really happens. Q1: 2011: I am Bob, Brand CEO.... --- ## Whitepapers - [DNS Security and Compliance in the Retail Sector](https://authenticweb.com/whitepapers/dns-security-and-compliance-in-the-retail-sector/): Retail consistently ranks among the top five most cyber-attacked industries. This paper uncovers external DNS management as a critical vulnerability,... - [DNS Security in the Healthcare Sector](https://authenticweb.com/whitepapers/dns-security-in-the-healthcare-sector/): Healthcare became the most cyber-attacked industry in 2023, overtaking banking. This paper highlights external DNS management as a critical yet... - [M&A Guide to Assess and Consolidate Domain Assets and DNS Networks](https://authenticweb.com/whitepapers/ma-guide-to-assess-and-consolidate-domain-assets-and-dns-networks/): Assessing and consolidating domains and DNS providers are crucial “pre” and “post” M&A deal priorities. In corporate acquisitions, you’re not... - [A CISO Brief: Why your Enterprise is Exposed on the DNS](https://authenticweb.com/whitepapers/a-ciso-brief-why-your-enterprise-is-exposed-on-the-dns/): Lack of functional ownership over domain and external DNS security, combined with a lack of unified control systems to enforce... - [How to Implement and Manage DNSSEC](https://authenticweb.com/whitepapers/how-to-implement-and-manage-dnssec/): DNSSEC was the DNS industry’s response to solve an inherent vulnerability in the DNS query/answer integrity gap. Learn how to... - [9 TLS and DNS Risks to Enterprise Security and Compliance](https://authenticweb.com/whitepapers/9-tls-and-dns-risks-to-enterprise-security-and-compliance/): Eliminate known DNS and TLS problems that put your security and compliance at risk. Multiple, known weaknesses in the internet... - [The SSL Certificate Imperative](https://authenticweb.com/whitepapers/the-ssl-certificate-imperative/): We take website encryption for granted as seen by the “little green padlock icon” on company homepages. The problem is,... - [6 Domain Name System Problems](https://authenticweb.com/whitepapers/6-domain-name-system-problems/): Recent audits of dozens of companies’ domain/DNS systems spanning over 40,000 domains reveal common security and compliance problems. Learn what... - [Your Domains and DNS are exposed to risks](https://authenticweb.com/whitepapers/your-domains-and-dns-are-exposed-to-risks/): Domain and DNS risks are real. Large enterprises are dependent on their mission-critical digital footprint and increasingly vulnerable to breaches,... - [Your Corporate Domain Portfolio 7 Best Practices For Success](https://authenticweb.com/whitepapers/your-corporate-domain-portfolio-seven-best-practices-for-success/): Fact Over 75% of all IT directors surveyed say that managing domains is “a total pain. ” Other corporate stakeholders... --- ## Webinars - [How to Mature From a Reactive to Proactive DNS and Email Security Posture](https://authenticweb.com/webinars/how-to-mature-from-a-reactive-to-proactive-dns-and-email-security-posture/): What is the webinar about? Cybersecurity shouldn’t be a response to incidents – it should be a proactive strategy. Yet,... - [Healthcare: DNS Security Vulnerabilities Discovered and Solved](https://authenticweb.com/webinars/healthcare-dns-security-vulnerabilities-discovered-and-solved/): The high value of healthcare data, combined with legacy systems and siloed operations, makes managing infrastructure a formidable challenge. Ensuring... - [IT Director Pain & Compliance Risk](https://authenticweb.com/webinars/it-director-pain-compliance-risk/): Join us to learn how your IT Director peers view and solve these problems. In this webinar, Authentic Web CEO... - [Brand Risk: External DNS Vulnerabilities Risk and Mitigation](https://authenticweb.com/webinars/external-dns-vulnerabilities-risk-and-mitigation/): Peter will discuss the common problems that enterprise IT and InfoSec teams face to manage, secure, and ensure that change... - [DNS Security Exposures](https://authenticweb.com/webinars/dns-security-exposures-visibility/): Join us to learn about common DNS security exposures. Learn what will happen if these exposures are not addressed, what... - [How your organization is exposed on the DNS](https://authenticweb.com/webinars/a-cisos-briefing/): As a CISO SVP, or VP responsible for the overall security posture of your enterprise, this webinar is for you.... - [DNS Security: The Zone Mess](https://authenticweb.com/webinars/dns-security-the-zone-mess/): Are you an IT, Network Manager or Director struggling to get a handle on domains, DNS, and certificates? You are... - [Enterprise DNS Audit Results Revealed](https://authenticweb.com/webinars/enterprise-dns-audit-results-revealed-the-state-of-dns-security-and-compliance/): Peter LaMantia, CEO of Authentic Web Inc. will share results from enterprise DNS network audits that expose the business and... - [Peter’s interview with BizTek.org Founder Bashir Fancy](https://authenticweb.com/webinars/do-we-understand-the-risks-on-the-dns-interview/): Peter and Bashir discuss the challenges for enterprise IT and leadership to understand the security exposures and compliance gaps in... - [JUMP THE CURVE: Part 1: A Brand TLD Business Case](https://authenticweb.com/webinars/jump-the-curve-part-1-a-brand-tld-business-case/): Brand Top-Level Domain innovation is an opportunity to JUMP THE CURVE. You can build a better, more efficient, and brand... - [Building and Executing a Brand Top-Level Domain Strategy](https://authenticweb.com/webinars/building-and-executing-a-brand-top-level-domain-strategy/): Peter followed up from the first webinar, JUMP THE CURVE PART 1: Building a Brand TLD Business Case, walking attendees... - [Domain and DNS Risk Modernization](https://authenticweb.com/webinars/domain-and-dns-risk-modernization/): Peter LaMantia, CEO of Authentic Web explains why enterprise Domain and DNS security issues persist in creating risks for organizations.... - [All You Need to Know About Brand TLDs](https://authenticweb.com/webinars/brand-top-level-domains-why-what-how/): We're biased, but perhaps the best concise video overview of the new dot Brand Top-Level Domains (Brand TLDs). --- ## Case Studies - [Major Global Bank](https://authenticweb.com/case-studies/major-global-bank-confidential/): The Bank did not apply for their Brand TLD in ICANN’s 1st round. They lacked insights into strategies and business... - [Global Business Services Company](https://authenticweb.com/case-studies/global-business-services-company-confidential/): Managing hundreds of domains using a large, incumbent corporate registrar, The Company felt they lacked management control over this important... - [G Adventures Inc.](https://authenticweb.com/case-studies/g-adventures-inc/): G Adventures owns a corporate portfolio of several hundred domain names, growing via acquisition. They’ve accumulated domains over the years.... - [The Canadian Broadcasting Corporation](https://authenticweb.com/case-studies/the-canadian-broadcasting-corporation/): The CBC owns a corporate portfolio of several hundred domain names. They held their domains with a large corporate registrar... --- # # Detailed Content ## Pages - Published: 2025-02-11 - Modified: 2025-04-03 - URL: https://authenticweb.com/qr/ Organizations believe they are IT security compliant. They aren’t. External DNS security issues are persistently causing cyber-attacks, ransomware, and data breaches. Get your audit Exclusive to Attendees of Innovate! Get your own, confidential DNS Security Audit, prepared without charge for all organizations attending the Innovate Cybersecurity Conference in Nashville. It’s an effective snapshot of your company’s external DNS security posture! Visit us at Booth #312 at the conference, or fill out the “contact us” form below. hbspt. forms. create({ portalId: "21895011", formId: "6b3de8c6-16fa-4a95-a3ee-8b15741f39ca", region: "na1" }); Your external DNS is vulnerable to attack. As enterprise digital footprints expand, so do external threats via the public DNS. Innovate attendees own this challenge in their respective organizations. Domain hijackingStolen domains can redirect your web traffic putting users at risk of data theft, phishing, or spamming. Man-in-the-Middle breachesDNS spoofing or cache poisoning can redirect your site visitors to malicious websites or servers. Orphaned CNAMES in zone filesDangling CNAMEs risk web page takeover and brand damage e. g. , gambling, porn, or brand look alike sites. Non-secure redirect domainsInsecure redirects can enable Man-in-the-Middle and eavesdropping to steal customer and company data. DNSSEC configuration errorsDNSSEC failure exposes your web traffic and customers to hijacking, fraud, and brand damage. TLS certificate issuesFailed certs and loss of encryption expose your users’ web sessions, and risk data interception. --- - Published: 2024-02-07 - Modified: 2025-05-26 - URL: https://authenticweb.com/domain-portfolio-managers-and-administrators/ Domain Portfolio Managers & Administrators Easily manage hundreds, even thousands of domains, reducing effort & cost Apply automated change management to all your corporate domains. A unified, permissioned, secure system reduces domain management effort and eliminates pesky registrar service fees. See a demoExplore our platform Managing Domains is PainfulRegistrar admin portals and spreadsheets aren’t the right tools for the task. Domain portfolios are complexManaging hundreds (or thousands! ) of domains with multiple internal stakeholders, process rules, and change requests isn’t easy. Domain managers need help. Domain registrars don’t helpRegistrars’ admin portals can be limiting. Change requests take too long and cost too much. Having multiple registrars makes things worse. DNS Settings & TLS CertsAdding to domain admin pain are the endless details related to DNS settings, zone files, and TLS certificates, where any error can be serious. Help for Domain Managers is finally here! Managing domains, DNS, and TLS certificates can be easy and pain-free, reducing effort and cost. DNS InspectorDelivering security vulnerability visibility to your external DNS from a malicious actor’s viewpoint. Learn moreDomain Name Asset ManagerDNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. It’s an easier way to secure and manage corporate domains and the DNS. Learn more ResourcesWhite paperYour Corporate Domain Portfolio 7 Best Practices For SuccessFact: Over 75% of all IT directors surveyed say that managing domains is “a total pain. ” Other corporate stakeholders like marketing, brand management and domain admins aren’t much happier. This paper offers seven implementable... --- - Published: 2024-02-07 - Modified: 2024-07-11 - URL: https://authenticweb.com/risk-compliance-and-governance-officers/ Risk & Compliance OfficersEnterprise believes it’s security-standards compliant. It isn’t. Despite security framework standards like ISO, NIST, SOC Type II, and CIS, external DNS remains a security threat, unaddressed by risk and compliance officers. See a demoExplore the platform DNS Security Compliance isn’t easy The DNS is a public system, open to any party to probe for weaknesses. Enterprise external DNS is the #1 source of cyber-breaches. Multiple registrars and DNS servicesMost organizations manage hundreds (or thousands! ) of domains across multiple domain registrars and managed DNS services. Maintaining security compliance across multiple vendors is difficult. See how we can help →Lack of compliance auditsRisk and compliance officers often don’t know the state of their domain asset and DNS security compliance. Neither do their IT and infrastructure teams. Gaining compliance starts with a DNS security audit. See how we can help →Non-compliance in DNS SecurityStandards frameworks spell out the need for compliant change management systems. Yet, most organizations manage their domains and DNS manually, without tamper-proof logs or change management control. See how we can help → Establish and maintain DNS security complianceThe two-step solution to DNS security compliance: → An audit, → DNS Change Management system DNS InspectorDelivering security vulnerability visibility to your external DNS from a malicious actor’s viewpoint. Learn moreDomain Name Asset ManagerDNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. It’s an easier way to secure and manage corporate domains and the DNS. Learn more ResourcesWhite paperA CISO Brief: Why your... --- - Published: 2024-02-07 - Modified: 2025-05-26 - URL: https://authenticweb.com/it-security/ IT SecurityThe easiest way to establish and maintain external DNS security. External DNS is a pain to manage. Too many internal stakeholders have access to domain details that can affect DNS security. What if IT Security teams could easily manage the DNS details, such as zone file settings, independent of business management’s domain decisions? See a demoExplore platform Managing DNS Security is DifficultHundreds of domains, thousands of zone files, DNS security settings, TLS certificates... it’s a lot to manage and potentially get wrong. Multiple registrars and DNS servicesManaging hundreds (or thousands! ) of domains across multiple domain registrars and managed DNS services makes security problematic. IT security resources need centralized control over this risky environment. Security teams need a DNS auditYour DNS security posture is often unknown. Hidden within thousands of zone files are orphaned CNAMES, missing ARecords, missing TLC certs, misconfigured DNSSEC, and more. You can’t fix what you don’t know about. M&A makes things worseWhen you buy a company, you’re also acquiring their domain and DNS security problems. IT security teams need a better way to assess 3rd party networks before they integrate them. Get and keep control of domain/DNS securityThe two-step solution to locking down domain and DNS security: → An audit, → A system to get and keep control DNS InspectorDelivering security vulnerability visibility to your external DNS from a malicious actor’s viewpoint. Learn moreDomain Name Asset ManagerDNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. It’s an easier way to... --- - Published: 2024-02-07 - Modified: 2024-07-11 - URL: https://authenticweb.com/ma-due-diligence-executives/ M&A Due Diligence ExecutivesWhen you buy a company, you’re also acquiring their DNS network security risks. Corporate domains are valuable digital assets to be factored into any M&A deal. Domains run on the DNS, a highly insecure public platform that is largely unknown, even to the selling party. M&A teams need to quickly and easily assess the Domains & DNS networks they’re buying, to maximize investment returns and mitigate security risk. See a demoExplore the platform Acquiring domains and DNS networks is costly and risky Acquiring domains and DNS networks is costly and risky. M&A due diligence teams lack the tools they need to inspect and integrate these assets. Pre-deal DNS network due diligenceBuying domain and DNS assets invites all their security risks. Auditing these assets, pre-deal, is difficult without tools. Manual audits are costly and ineffective. Post-deal Domain & DNS IntegrationBringing 3rd party domains and DNS networks into your organization is a huge and costly effort. It’s easy to miss details that can trigger security problems. Managing the combined assetsAfter several M&A deals, organizations are burdened with multiple domain registrars and managed DNS services. It’s a complex and costly way to operate. 3 ways to reduce security risks and costs when acquiring domain assets and DNS networks → Pre-deal audit, → Domain & DNS integration, → Domain & DNS management DNS InspectorDelivering security vulnerability visibility to your external DNS from a malicious actor’s viewpoint. Learn moreDomain and DNS ConsolidationThe best way to simplify and secure your domain and DNS... --- - Published: 2024-02-07 - Modified: 2024-07-11 - URL: https://authenticweb.com/network-operations/ DNS Network OperationsManaging domains, zone files, DNS security, and TLS certificates is time consuming and costlyNetwork operations bear the brunt of domain and DNS change management, often without the necessary tools to make these tasks easy and error-free. Contact us Domain & DNS management is complex As enterprise digital footprints expand, so do external threats via the public DNS. Network Operations owns this difficult space Have you audited your DNS network audit recently? Most network operations admit to not fully knowing their domain asset inventory and DNS security posture. Audits are infrequent, manual, and time-consuming. Tools to inspect domains, zone files, DNS security settings, and TLS certificates aren’t readily available. Multiple registrars and DNS servicesManaging hundreds (or thousands! ) of domains across multiple domain registrars and managed DNS services is labor-intensive and inherently non-secure and non-compliant. Change management is painfulMost network operations manage domains, DNS, and TLS certificates manually, without automated systems or tools. It’s time consuming, error-prone, and less secure. 3 ways to simplify domain & DNS network operations → DNS audit, → Domain & DNS consolidation, → Domain & DNS change management DNS InspectorDelivering security vulnerability visibility to your external DNS from a malicious actor’s viewpoint. Learn moreDomain and DNS ConsolidationThe best way to simplify and secure your domain and DNS management operation is to consolidate domain registrars, managed DNS services, and TLS certificate providers. Learn moreDomain Name Asset ManagerDNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. It’s an easier way to... --- - Published: 2023-08-23 - Modified: 2024-07-08 - URL: https://authenticweb.com/solutions/domain-dns-managed-service-providers/ MSP Partner ProgramDomain and DNS Solutions for Managed Service ProvidersMeet the growing demand for managed domain and DNS services with a profitable delivery platform made for MSPs. Become a partner --- - Published: 2022-02-14 - Modified: 2024-07-10 - URL: https://authenticweb.com/platform/dns-inspector/ DNS Inspector™The fastest, most accurate security audit of your domain assets and external DNS DNS Inspector is an automated testing system that reveals your domain and DNS network security vulnerabilities. See a demo Empower your enterprise security teamsDNS Inspector uncovers issues your teams don’t know exist empowering investigation, resolution and verification that problems are fixed. Automates security vulnerability reportingEliminate difficult and time-consuming work so your teams can focus on other high-priority tasks. Simple and easy to useLaunch an audit and you’ll understand your vulnerabilities within 24 hours. It’s about simplifying processes to tackle complex problems. Enable remediation and complianceEasily fix the security issues identified and monitor going forward to ensure compliance. --- - Published: 2021-12-02 - Modified: 2022-06-29 - URL: https://authenticweb.com/resources/brand-tld-resources/ We research, publish, and curate resources of interest to brand owners to learn about the value of trusted Brand TLD ecosystems. Resources include descriptions of; what is a Brand TLD, why a Brand TLD is valuable and how peer organizations are using these proprietary spaces. Brand TLDs improve control and security, and serve as a platform for innovation and an authentic DIGITAL TRUST brand anchor: Topics include → What is and Why a Brand TLD is the future for major brands → How to develop a Business Case and Strategy to secure your own Brand TLD → What major organizations are doing with their own Brand Top-level Domain. --- - Published: 2021-12-02 - Modified: 2022-06-29 - URL: https://authenticweb.com/resources/domains-dns-tls-security-resources/ We research, publish, and curate resources of interest to enterprise stakeholders responsible for Domains, DNS, and TLS Certificate management.  Here you will find best practice posts, comprehensive guides to tackle everyday problems, security and compliance issues and webinar recordings with solutions advice to help make it easy for teams and reduce Total Cost of Ownership. Topics include: Best practice management of domains and external DNS Business process gaps and regulatory compliance considerations.   Security: Managing TLS certificates, DNS settings including DNSSEC, and more... --- - Published: 2021-02-05 - Modified: 2025-05-09 - URL: https://authenticweb.com/ Corporate Domain Management made easy! DNAM™ (Domain Name Asset Manager) is a modern corporate domain management system that secures domains, TLS certificates, and DNS with ease and efficiency. Learn more about DNAMRequest a demoCustomers that trust our software and servicesAuthentic Web provides us an intuitive, cost effective, business focused domain and DNS platform. Senior Director, Digital Operations, Broadcast & Media CompanyWe conducted a review of our domain registrars and DNS management services. The Authentic Web platform is easy to use. IT and Marketing users alike have found it a considerable step forward. Head of Global Digital Marketing, International HR Services ProviderAuthentic Web stood out from the crowd. They solved our technical challenges, eased our IT overhead, and reduced complexity around managing and purchasing domains and DNS. Director Information Technology, Global Travel FirmWe could not be more pleased with Authentic Web systems and services. We are now equipped and recommend them without reservation to any enterprise looking to upgrade DNS systems. Senior Executive, Technology FirmThe Authentic Web system is simple to use, allowing teams to manage our domains across multiple entities. It offers features such as permissions, domain security and SSL certificates. Senior Administrator, Global Products CompanyThe Authentic Web system has report exports which have allowed us to run DNS clean up exercises with ease. There is an abundance of useful security tools within the interface. Data Security Manager, Insurance EnterpriserAuthentic Web consolidated all our domains and DNS into a single pane of glass, significantly easing our management burden. The team... --- - Published: 2020-10-27 - Modified: 2025-05-09 - URL: https://authenticweb.com/dns-audit/ Get a clear view of your DNS security. Get a free DNS audit to uncover risks, fix misconfigurations, and improve DNS security with expert insights for your corporate domain infrastructure. hbspt. forms. create({ portalId: "21895011", formId: "67b195a9-33e3-48c2-96e8-cb9924d947a2", region: "na1" }); --- - Published: 2019-11-04 - Modified: 2022-09-13 - URL: https://authenticweb.com/platform/registry-trust-manager-rtm/ Automated, trust certificates at each endpointDNSSEC management automationConnection monitoring and remediationPolicy based DNS security enforcementProtection from people errors/omissionsCost effective and massively scalable --- - Published: 2019-06-05 - Modified: 2024-06-27 - URL: https://authenticweb.com/legal/ssl/ INTRODUCTION AND INTERPRETATION Unless otherwise stated, capitalized terms used herein have the meaning ascribed to them in the General Terms and Conditions of the Master Services Agreement. PLEASE READ THESE SUPPLEMENTAL TERMS AND CONDITIONS FOR SSL SERVICES CAREFULLY, AS IT CONTAINS IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS AND REMEDIES. These certificate services terms and conditions (the “SSL T&Cs”) supplement the General Terms and Conditions of the Master Services Agreement when you purchase certificate services from us and is made effective as of the date of electronic acceptance. These SSL T&Cs sets forth the terms and conditions of your use of the various SSL certificate services (“Services”) that we offer as a reseller through our chosen certification authority. You understand that we do not provide the Services, but are reselling the Services of our chosen certification authority – Sectigo (www. sectigo. com). Your electronic acceptance of these SSL T&Cs signifies that you have read, understand, acknowledge and agree to be bound by these SSL T&Cs, which incorporate by reference (i) all relevant agreements, statements, practices and forms set forth by the certification authority we are using (Sectigo); (ii) the General Terms and Conditions of the Master Services Agreement provided, however, that if there are any inconsistencies between these SSL T&Cs and the General Terms and Conditions of the Master Services Agreement, these SSL T&Cs shall govern; and (iii) any limits, disclaimers, and/or other restrictions presented to you on our website (the “Site”). You acknowledge and agree that (i) we and the certification... --- - Published: 2019-05-06 - Modified: 2022-10-04 - URL: https://authenticweb.com/solutions/tls-ssl-certificate-management/ The challenge organizations face to implement HTTPS everywhere is the increased administrative burden and cost of managing TLS certs on every domain, subdomain and redirect domain. The smart solution is to put certs, domains and DNS control under a single, integrated easy-to-manage system. The Bank’s digital marketing executives wanted to benchmark their domain name strategy against their competitors and assess business application use cases for the new Brand TLDs. Out of this exercise they also wanted to establish internal best practices for their current domain usage policies and procedures. --- - Published: 2019-05-06 - Modified: 2024-11-19 - URL: https://authenticweb.com/demo/ Request a demo. → Easily lock down domain and DNS security → Eliminate wasted time, effort and error potential → Ensure compliance with easy-to-follow workflow → Discover actionable reports to boost your digital performance hbspt. forms. create({ portalId: "21895011", formId: "cafdaf79-18e9-4e55-8a11-3a86224288a4" }); --- - Published: 2018-06-22 - Modified: 2024-06-27 - URL: https://authenticweb.com/cookies/ We keep this Cookies Policy under regular review. This Cookies Policy was last updated in June 2018. At Authentic Web Inc. (“Authentic Web”, “we”, “our” and “us”) we are committed to protecting your privacy, and support a general policy of openness about how we collect, use and disclose your personal information. This policy explains how we use cookies. WHAT IS A COOKIE Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please note, however, that disabling some cookies might affect your online experience and/or prevent you from taking full advantage of our site and some of its functionality. If you choose to restrict cookies you will have to provide certain information each time you visit our website and reset your preferences. You can find more information about cookies at: www. allaboutcookies. org and www. youronlinechoices. eu. ADVANTAGES OF COOKIES The advantages of cookies for you, as a user, are: Cookies can be deleted by the visitor. Cookies can be blocked by changing browser setting. Cookies cannot carry any threat to the visitor’s device. HOW WE USE COOKIES We use cookies for these purposes: to keep... --- - Published: 2018-02-13 - Modified: 2024-06-27 - URL: https://authenticweb.com/platform/ A single, unified control system can dramatically simply the complex chain of operations required to manage domains and the DNS. Eliminating manual processes reduces error, staff time, and ensures compliance for greater security. Best of all, automating domain and DNS management can reduce total cost of domain ownership (TCO) by 30% to 50%. AuthenticWeb’s latest platform version integrates with most domain registrar and managed DNS providers. Organizations can modernize and automate their legacy domain and DNS management processes without the hassle of switching providers or migrating domains and DNS. DNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. The latest version now offers integration to most domain registrars and managed DNS services, bringing the benefits of automation without the effort of switching registrars or migrating DNS. The complexity of a DNS network makes it difficult for IT teams to see the security gaps that malicious parties actively target to exploit. Wouldn’t it be great if your internal tools identified the very weaknesses that threat actors are determined to find? RTM solves the common problems of weak authentication and broken TLS encryption instances that put data-in-motion at risk. RTM uses an organization’s own Brand Registry as a more secure and trusted environment for any server-to-server connection. BRAM is purpose-built for enterprise teams to effectively deploy, manage and scale their own Brand TLD. Organizations that operate their proprietary brand registry need systems-based automation to manage their digital ecosystem efficiently and securely. Authentic Web offers a fully managed DNS service... --- - Published: 2018-01-23 - Modified: 2022-09-15 - URL: https://authenticweb.com/services/ The best way to simplify and secure your domain and DNS management operation is to consolidate domain registrars, managed DNS services, and TLS certificate providers. Having a single domain registrar and a primary (plus a secondary) managed DNS service is easier to manage, more secure, and reduces cost. Few organizations are equipped to fully audit their own domain and DNS networks. It’s a costly, time-consuming and manual process that IT staff dreads. Ensure your domain and DNS operations are fully secure and compliant with an external audit. Our APEX-level toolsets pinpoint vulnerabilities including HTTP errors, expired DNSSEC keys, missing TLS certificates, and more. The most exciting innovation in the global domain space of the last decade is the . Brand registry – the ability for qualified organizations to secure their own TLD. Whether you wish to apply for your . Brand TLD, or you already have it and are looking for use cases, improved ROI, and best practices, we can help. The true cost of owning a large domain portfolio and operating a DNS network is large and growing. Domain registration fees are a small fraction of the total cost. Our Total Cost of Ownership (TCO) survey was developed using real-work data from business and public sector organizations. Let us plug in your numbers and show you the clear areas where you can reduce cost. --- - Published: 2018-01-19 - Modified: 2024-10-24 - URL: https://authenticweb.com/platform/domain-name-asset-manager-dnam/ PlatformDomain Name Asset Manager: DNAM™It’s an easier way to secure and manage corporate domains and the DNSDNAM™ is a unified, integrated control system for managing domains, DNS and TLS certificates. Request a demo Organizations have few options to manage their domain assets. The choices are:Consolidates domains and DNS to a single systemAutomates domain, DNS and TLS cert workflowsEnforces role-based, secure access DNAM delivers. Most organizations use manual processes to manage domains, DNS and TLS Certificates across multiple vendor platforms. Consolidates domains and DNS to a single systemAutomates domain, DNS and TLS cert workflowsEnforces role-based, secure accessExceeds compliance standards A single, unified, change management platform has many benefitsA platform delivering control, visibility and automation resolving the inefficiency and pain of managing a corporate domain portfolio. ControlDNAM solves domain management controlTypical corporate domain management processes are inefficient and costly to the organization. End-to-end domain, DNS and TLS certificate management involves dozens of time-consuming steps across numerous internal stakeholders. DNAM gives every (permissioned) stakeholder an easy way to gain control over domain, DNS and TLS certificate management – for the entire life of each domain. Our system-based domain management workflows are more efficient, while maintaining centralized control. Consolidating your domains, DNS and TLS certs on DNAM reduces effort and cost while improving security and compliance. VisibilityDNAM solves domain and DNS visibilityHow many domains do you own? How many registrars do you use? How many were registered this week, last quarter or year. Where do your domains resolve? Are they all resolving correctly and how do... --- - Published: 2017-11-15 - Modified: 2025-05-13 - URL: https://authenticweb.com/solutions/domain-dns-security-compliance/ DNS Security and Compliance Enterprise domain portfolios and DNS networks are under attack with increasing frequency and impact. Domain and DNS management often lacks clear ownership. Without governance, enforcing DNS security is difficult—leaving gaps that bad actors exploit as a primary attack vector. We can help IT security breaches invariably occur at known points of weakness. Enterprise domain and DNS networks are specifically targeted by cyber criminals for this very reason. The DNS is a quasi-public infrastructure, open to numerous vectors of attack. Sadly, the majority of enterprise organizations continue to manage their domain and DNS networks with outdated, manual processes. This makes network compromise all too easy for malicious players. Eliminating the security risks to your domain and DNS network starts with understanding the vulnerabilities and management practices that make organizations a too-easy target. Benefits of an automated domain and DNS security systemAutomated DNS security ensures ongoing compliance. Removing manual tasks boosts efficiency and improves performance across your IT operations. SecurityDNS security is hard with many domains and settings. Visibility and unified control through automation make securing your DNS network easier. ComplianceDomain and DNS states constantly change. Real-time compliance and a systems-based approach are key to achieving and maintaining DNS security. PerformanceManual DNS security tools fall short. Automation removes human error, improves security, reduces effort, and boosts performance across your network. The Authentic Web PlatformA unified system to manage domains, DNS, TLS certificates, and DNSSEC — with security and control at its core. Domain Name Asset Manager: DNAM™Modern domain... --- - Published: 2017-10-24 - Modified: 2024-07-08 - URL: https://authenticweb.com/resources/ Resource CenterDomain and DNS resources for enterprise business, digital and IT Leadership. We research, publish, and curate resources of interest to brand stakeholders responsible for domain and DNS management. Best practice articles and comprehensive guides tackle everyday problems and security issues with solutions advice to help improve corporate domain and DNS management. --- - Published: 2017-07-19 - Modified: 2025-05-19 - URL: https://authenticweb.com/solutions/corporate-domain-management/ Consolidate domains, DNS, and TLS certificates into a single pane of glassSecure your enterprise data and eliminate complexity, costs, and risks Empower teams with control visibility and automation systems to improve security, compliance, and performance. Using a single control hub, we integrate domain management, DNS, and TLS certificate platforms to solve your domain-related change management problems. You can connect to your choice of DNS service providers, or we can provide direct integration between our domain management platform and enterprise-grade DNS, partnering with Dyn (an Oracle Company. ) SecurityCompliancePerformance The problem is processDomain, DNS, and certificate management problems are due to ungoverned manual processes through the domain lifecycleDNS network and data securityChange management complianceTeam and Digital PerformanceEasy for teams The DNS underpins every enterprise digital service Yet, Domain and DNS audits reveal compliance gaps in the enforcement of security policies. Digitally transformed enterprises will not be able to manage change manually. A recent audit of over 20,000 domains across dozens of companies reveals common security and compliance issues. --- - Published: 2017-07-12 - Modified: 2024-06-24 - URL: https://authenticweb.com/solutions/ Corporate domain stakeholders including digital marketing leaders, IT and ITSec management, and IP attorneys face increasing challenges to managing domains and the DNS with efficiency, security and compliance. AuthenticWeb has devoted years of best practices expertise to identifying common enterprise domain management problems, and offering pragmatic solutions that increase efficiency, security, and reduce costs to corporate domain management operations. Your DNS is critical. Gain security and compliance with a system to manage TLS certificates, DNSSEC, DMARC, SPF, and more. Eliminate the manual processes that create errors and security exposure, while increasing effort and cost. Managing corporate domains is a headache. It’s a manual process taking too much staff time, driving unnecessary internal costs and IT security exposure. Managing domains and DNS under a single control system is easier and more secure. All browsers demand encryption everywhere. Managing TLS certs across large, complex domain portfolios is a costly, manual operation with known security exposure. A systems’ based approach is easier, more secure, and less costly. The Chain of Trust is Broken Enterprise data-in-motion is at risk due to DNS authentication and TLS encryption weaknesses. Data-In-Motion Network Security Is At Risk. Organizations’ sensitive data-in-motion is at increasing risk as use cases proliferate and data volumes grow. Supply chain, IoT, EDI, WIFI – any server-server or server-network relies on the Chain of Trust for route authentication and data-in-motion encryption. --- - Published: 2016-05-17 - Modified: 2024-07-11 - URL: https://authenticweb.com/services/domain-asset-portfolio-and-dns-audits/ ServicesDomain Asset Portfolio and DNS AuditsHave you conducted a Domain/DNS Audit lately? Take hundreds or thousands of domains. Spread them across different registrars, DNS services and IP addresses. Factor in 15-25 resource records in the zone per domain and you’ve got tens of thousands of endpoints. Are you absolutely certain they’re all OK? Wouldn’t be good to know? An audit will confirm exposure that you need to action. RegistrarsImpact → Severe Occurrence → 75-100% Typical Findings → Variable. From 3-15 registrars. DNS ServicesImpact → Severe Occurrence → 90-100% Typical Findings → Variable. Typically, 3-5x the number of registrars. HTTP 200sImpact → Moderate Occurrence → 10-20% Typical Findings → Resolves OK. Inspect to ensure optimized destination. HTTP 300sImpact → Low Occurrence → 30-40% Typical Findings → Redirects. May be OK. Inspect. Generally intel gap. HTTP 400-500sImpact → Severe Occurrence → 40-50% Typical Findings → Lost traffic. Potential impact to digital performance & SEO. DNSSEC/SPF/IPsImpact → Severe Occurrence → Majority Typical Findings → Weak security settings enforcement. Are your teams equipped to get and keep the DNS network secure? Complete this form to have one of our experts contact you. hbspt. forms. create({ region: "na1", portalId: "21895011", formId: "87b507dd-b5da-4b7f-b778-69ef4613979d" }); --- - Published: 2016-03-01 - Modified: 2024-07-08 - URL: https://authenticweb.com/platform/brand-registry-asset-manager-bram/ PlatformBrand Registry Asset Manager: BRAM™Innovate in Brand Authentic Digital Spaces. The BRAM™ service is designed from the ground up for enterprise teams to effectively deploy, manage and scale proprietary brand registry digital ecosystems. --- - Published: 2016-02-10 - Modified: 2024-07-08 - URL: https://authenticweb.com/platform/domain-name-system-services-dns/ PlatformDomain Name System Services: DNSAuthentic Web offers managed DNS options certain to improve your operational efficiency, security and compliance. --- - Published: 2016-02-10 - Modified: 2024-07-08 - URL: https://authenticweb.com/services/brand-registry-strategy-application-and-deployment/ ServicesBrand Registry Strategy, Application and DeploymentOver 550 Brands applied for their Brand Registry, yet only 140 have deployed. Why? --- - Published: 2016-02-03 - Modified: 2024-07-08 - URL: https://authenticweb.com/services/costofownershipdomain-dns-total-cost-of-ownership-tco-survey/ ServicesDomain/DNS Total Cost of Ownership (TCO) Survey Everyone wants to reduce operational costs. The challenge for your domain and DNS operation is accurately measuring costs for an area that touches so many vendors, processes, and stakeholders. --- - Published: 2015-09-16 - Modified: 2022-09-16 - URL: https://authenticweb.com/legal/ Authentic Web Inc. (“Authentic Web”, “AW”, “we”, “us”, “our”, or “ours”) welcomes you to AW’s website authenticweb. com and any sub-sites thereof (the “Website”). This is an Agreement between you and AW and governs your use of the Website and the content thereof. You understand, agree, and acknowledge that this Agreement constitutes a legally binding agreement between you and AW and that your use of the Website shall indicate your conclusive and irrefutable acceptance of this Agreement and you expressly consent to AW that you and any legal person you represent (collectively referred to as the “Customer”, “you”, “your” or “yours”), without limitation or qualification, to abide by and to be bound by this Agreement, and you represent and warrant that you have the legal authority to agree to and accept this Agreement on behalf of yourself and any legal person you purport to represent. You are responsible for ensuring that all persons who access our Website through your internet connection are aware of these Terms of Use and that they comply with them. AW reserves the right to make changes to the Website and these Terms of Use at any time without prior notice to you. Updated Terms of Use will be posted on the Website and shall be effective immediately. You are responsible to view these Terms of Use prior to use of our Website. Continued use of the Website after any updates constitutes your consent to all changes. Additional terms and conditions apply to you for certain... --- - Published: 2015-09-16 - Modified: 2024-06-27 - URL: https://authenticweb.com/privacy-policy/ We keep this Privacy Policy under regular review. This Privacy Policy was last updated in June 2018. At Authentic Web Inc. (“Authentic Web”, “we”, “our” and “us”) we are committed to protecting your privacy, and support a general policy of openness about how we collect, use and disclose your personal information. The purpose of this Privacy Policy is to inform you about our practices relating to the collection, use and disclosure of personal information that may be provided through access to or use of our website located at https://authenticweb. com (the “Websites”) as well as our services and related products (collectively referred to as the “Services”), or that may otherwise be collected by us. By using our Services or Website, you consent to the collection, use and disclosure of your personal information (as defined below) in accordance with the following terms and conditions. This Privacy Policy also explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information. Any questions regarding this policy and our privacy practices should be sent by email to privacy@authenticweb. com or by calling our privacy officer at: +1-416-583-3770 or writing our privacy officer at: 219 Dufferin Street, Suite 201C, Toronto, Ontario M6K 3J1. PERSONAL INFORMATION For the purpose of this Privacy Policy, “personal information” means information about an identifiable individual. WHO ARE WE? We are a corporate... --- - Published: 2015-08-13 - Modified: 2024-07-08 - URL: https://authenticweb.com/services/domain-and-dns-consolidation/ ServicesDomain and DNS ConsolidationWe minimize your consolidation effort and do all the heavy lifting. --- - Published: 2015-08-13 - Modified: 2025-04-18 - URL: https://authenticweb.com/company/about-us/ About UsDomain and DNS Risk and Pain for IT Teams + Digital Brand Trust is evolving! Corporate domains and the DNS are increasingly a source of cyber-security exposure They are hard, and time consuming for IT and InfoSec teams to manage and lock down. They are also a downright pain in the ... DNS networks and domains, the digital asset portfolio on which digital enterprises are built, are notoriously difficult to manage. Tools for the myriad tasks and processes involved in managing domain lifecycles, DNS zone files, TLS certificates, and DNS security settings (SPF, DMARC, and DNSSEC) are lacking in the marketplace.  Until now... NEW Brand Top Level Domains offer enterprises a proprietary name space that can be controlled, secured, and scaled to deliver TRUSTED experiences and secure service delivery. A new technology is needed. Owning your brand authentic Top-level Domain (TLD) is a platform for innovation anchored on TRUST. Owned spaces are brand authentic. They can be secured automatically from end-to-end, scaled at nominal, marginal cost, and represent the future for trusted brand infrastructures. However, current siloed DNS systems never contemplated proprietary spaces, Until now... Authentic Web Inc. started building in 2013 and in 2015 released our DNAM (Domain Name Asset Manager Service) as a unified digital control system to EMPOWER IT TEAMS. We offer ease of use and robust tools that bring together not just domain lists but DNS, TLS certificates, workflow, role-based permissions, hierarchy, DNS security monitoring, and other functions needed to efficiently and securely operate a brand’s digital... --- - Published: 2015-08-13 - Modified: 2024-07-08 - URL: https://authenticweb.com/company/why-authentic-web/ Why Authentic WebComplete Control, One SystemAuthentic Web is the only corporate domain registrar enabling enterprise brands to fully manage their domains, DNS, and Brand registry on a single, integrated system. --- - Published: 2015-08-13 - Modified: 2024-07-08 - URL: https://authenticweb.com/company/technology/ TechnologyTechnologies that streamline domain and DNS management. World-class technologies under a single, unified platform to easily manage your domain assets, DNS, and TLS Certs. --- - Published: 2015-07-17 - Modified: 2024-07-17 - URL: https://authenticweb.com/contact/ Contact UsPlease use this page to contact us for any domain name related queries you may have, including complaints about a service you have received, you should expect to receive a response within a few hours and no more than two business days. hbspt. forms. create({ region: "na1", portalId: "21895011", formId: "b6597e9a-20e2-407a-a57e-5d5d197587f4" }); To report domain abuse and/or illegal activity related to a domain name under our registry, please send an email with a description of the issue to abuse@authenticweb. com or contact us at 1-855-436-8853 . We will promptly investigate and take appropriate action. --- - Published: 2015-07-07 - Modified: 2024-06-27 - URL: https://authenticweb.com/company/ Authentic Web is the only corporate domain registrar enabling enterprise brands to fully manage their domains, DNS, and Brand registry on a single, integrated system. Authentic Web Inc. started building in 2013 and in 2015 released our DNAM (Domain Name Asset Manager Service) as a unified digital control system to EMPOWER IT TEAMS.   Authentic Web uses proven technologies that improve or replace manual processes to manage domains and DNS.   These queries can include complaints about a service you have received, you should expect to receive a response within a few hours and no more than two business days. --- --- ## Posts - Published: 2025-01-30 - Modified: 2025-05-09 - URL: https://authenticweb.com/newsletters/retail-sector-newsletter-q1-2025/ - Categories: Newsletters This report benchmarks the DNS security posture of 25 of the largest players in the US Retail Sector. Domain & DNS Security Quarterly Update New! Retail Sector DNS Security Benchmark Report This report benchmarks the DNS security posture of 25 of the largest players in the US Retail Sector. It analyzes their (aggregated) domain portfolio assets and public (external) DNS attributes, pinpointing security exposures to malware, ransomware, and phishing. The audit confirms that organizations’ DNS security compliance requires urgent attention to mitigate the global rise in cyber threats targeting retail enterprises. See the benchmark report here → Healthcare DNS Security Survey Highlights Insecure Redirects 39. 5% of Redirects Fail Insecure Redirects pose high risk vulnerability to Man-In-The Middle (MITM) and/or session eavesdropping. Dangling CNAMES 15. 9% of CNAMES Fail Dangling CNAMES are vulnerable to take over and expose retailers to phishing attacks. SPF Coverage Gaps 59. 4% SPF Failures Most of the domains are either not covered by or have invalid SPF records, creating exposure to phishing attacks. Enterprise Risk These vulnerabilities and others identified in the 2024 DNS Security Benchmark Report can result in phishing, malware, ransomware, brand compromise, and hijacking that can have significant brand damage and costs. Secondly, failure to have full IT change controls and monitoring over critical DNS network risks non-compliance with InfoSec frameworks. Best Practice Solution All domains and DNS network configurations should be managed under a change control system, monitored by a network vulnerability audit system. See the benchmark report here → Domain and DNS Security News New Sitting Ducks DNS Attack Puts Millions of Domains at Risk of Hijack Malicious... --- - Published: 2023-01-24 - Modified: 2024-04-19 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/top-10-domain-pain-symptoms-in-the-enterprise/ - Categories: Domains, DNS, and TLS Certificates The IT Director is the one who receives the stress-inducing, "Critical", "Urgent", "ASAP", "Priority 1", "Production Critical", "Revenue Impacting", or "Brand Damaging" emails at all hours from the NOC because of a domain-related issue. The IT Director is the one who receives the stress-inducing, "Critical", "Urgent", "ASAP", "Priority 1", "Production Critical", "Revenue Impacting", or "Brand Damaging" emails at all hours from the NOC because of a domain-related issue. Then the Director wakes up the team and forces them to fix an issue that should never have happened. Then they all sit on the emergency call while trying to figure out how to access the domain or DNS to resolve the problem. Something is wrong here; we have known it for years but never acted. Our manual processes managing domains, DNS, and certificates by excel combined with the management by the committee is not working. It is more than not working; it impacts the business and drives employee fatigue. The pain symptoms are clear; 1 → Loss of a Domain We often fail the simplest of tasks to renew a domain name because: We had no visibility into the domain’s use Thought it was not part of our production services infrastructure, A team member failed to click a button An email warning was missed due to the noise of other registrar emails, Or no one updated an expired credit card. 2 → DNS Hijack Risk We are exposed to this hijack risk: Many domains reside in registrar and DNS services with no change monitor. We have little visibility into our live zones. We do have visibility into orphaned IPs or Dangling CNAMEs. We do not enforce DNSSEC as a security policy. We use various registrars... --- - Published: 2022-12-16 - Modified: 2024-07-02 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/10-predictions-for-2024/ - Categories: Domains, DNS, and TLS Certificates At the end of every year, there are a flurry of prediction articles that we all like to read. Predictions hold the ‘promise of the possible’. Enterprise Domain Ecosystems and DNS Security Trends At the end of every year, there are a flurry of prediction articles that we all like to read. Predictions hold the ‘promise of the possible’. Predictions are subject matter experts sharing trends contextualized as future states. Less Nostradamus, more statistical and behavioural trend analytics. Here are mine. I hope you find them of value as you plan 2024. Your enterprise will suffer a domain, DNS, or certificate related disruption This prediction is a bit too easy but perhaps the most important to know since you will want to take steps to prevent the incident(s). A key domain will expire, a phishing attack will be executed using one of an enterprise’s own domains, an internal resource will make a DNS edit that will disrupt the business, a certificate will expire, a dangling CNAME will be taken over by a bad actor or a DNS zone resource record vulnerability will result in a DNS hijack. Frankly, likely, most or all of the above. Blockchain Top Level Domains (TLDs) will proliferate and harden the ‘splinter-root’. In the vacuum of ICANN not executing the next round application window for new TLDs, blockchain innovations have filled the gap with new TLDs and millions of domains running on alternative blockchain roots, and it is gaining traction as each month passes. Without the ability to own a new TLD on the trusted IANA root, innovative entrepreneurs and companies will find a way to make things happen. It is creating... --- - Published: 2022-04-07 - Modified: 2025-01-30 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/dns-inspector-3-questions-answered/ - Categories: Domains, DNS, and TLS Certificates When any business launches a new innovative service, particularly a technology service, it is critical to listen to prospect questions extremely carefully. When any business launches a new innovative service, particularly a technology service, it is critical to listen to prospect questions extremely carefully. Since the launch DNS Inspector, we consistently hear these 3 questions. What are examples of DNS security exposures or gaps?  What will happen if these exposures are not addressed?  How does DNS Inspector solve this problem? Exposures Examples Insecure Redirect Hops Session compromise and/or Man in the Middle → DNS Hijack Lame Delegations  Hacker can take control of your DNS → DNS Hijack Dangling CNAMEs CNAME pointing to URL you do not control → DNS Hijack Orphaned DNS A Record pointing to an IP you do not control → DNS Hijack NO DNSSEC Man in the Middle → DNS Hijack System Controls Ungoverned Registrar or DNS Accounts: Social Engineer → DNS Hijack How DNS Inspector Solves Automation to discover and display security gaps on your domains and DNS, so they can be closedDisplays in a single pane of glass, domain portfolio information related to live certificates, response headers, network hops, IPs, Registrars & DNS provider information to inform triage and resolution. Without DNS Inspector teams are disadvantaged Exposures are hidden from IT and InfoSec teams. Teams would need to spend hundreds of hours to uncover these gaps and information. Teams have no way to know when a new security exposure is introduced on their DNS network. --- - Published: 2020-12-15 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/it-processes-for-domain-dns-management-are-broken/ - Categories: Domains, DNS, and TLS Certificates - Tags: Business Process Management Flawed business processes make this complex operational area effort-intensive, costly, and exposed to security risks. Business Process Improvements Can Solve the Problem Business Process Management and Improvement (BPM/I) can easily deliver organizations efficiency gains and operational cost savings between 15% and 50%. The measure of improvement depends on the degree to which existing business processes need an overhaul. In addition to cost benefits there are several reasons why BPM/I is required. IT processes for corporate domain and DNS management are definitely an opportunity rich environment for improvement. IT is the most burdened of all stakeholder groups in the long, domain management lifecycle. Every domain in an organization’s portfolio of digital assets ends up with network operations and IT security to be managed in perpetuity. Domain and DNS management processes have become increasingly complex and painful over the years. Three factors are making the IT domain management job more difficult: Decades of enterprise shift to digital operations and cloudification have greatly expanded the number of domains and the complexity of the digital services that DNS resource records support. IT manages it all. The domain landscape is vastly more complex: The Internet started with a handful of Top-Level Domains: . com, . org,. . net... Today, there are more than 1,000 TLDs, not including Brand TLDs. The globally available DNS is under unprecedented attack. Woefully under-engineered for security, the DNS has become a leading enterprise security risk. Managing this daunting environment and establishing/maintaining security relies on a myriad of IT procedures and processes. Individual steps number in the hundreds, made more complicated by systems that don’t integrate,... --- - Published: 2020-12-01 - Modified: 2022-09-13 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/business-process-improvement/ - Categories: Domains, DNS, and TLS Certificates - Tags: Business Process Management A process can be short, such as a simple purchase-to-fulfillment process or a complex, long-term asset management process that spans years. Enterprise runs on process. Leading enterprises employ control systems to automate, measure and improve process. In any industry, thousands of processes form the basis for value delivered. Whether the timely processing of an insurance claim, the quality production of a manufactured item, or the effective delivery of internal IT services, process creates value. Processes involve multiple, predictable steps and cross-functional coordination between stakeholders over a defined lifecycle. A process can be short, such as a simple purchase-to-fulfillment process or a complex, long-term asset management process that spans years. Corporate domain, DNS and TLS certificate management is a prime example of a complex, long-term lifecycle process in need of re-engineering. Key signs indicate to organizations that business process improvement is needed. They are: Interviews with stakeholders in organizations with large domain portfolios reveal many of these issues. The domain lifecycle process typically starts with a business originator role that requests a new domain registration. New domains are a common requirement for new products, special marketing campaigns, or as a defensive means of protecting trademarks. Once a domain is registered, the long lifecycle of change management begins with many DNS edits and certificate management actions taken over a period of years. Process gaps occur when the rules of conduct or business procedures fail to meet stakeholder expectations. Originators typically want speed of turnaround. Approvers, especially Legal, may insist upon more vs. less due diligence. Expectations on speed of service delivery for the new domain can conflict with approval requirements. All-too-common email ‘ping-pong’ communications exacerbate... --- - Published: 2020-11-18 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/a-strong-case-for-business-process-management-improvements/ - Categories: Domains, DNS, and TLS Certificates - Tags: Business Process Management Corporate domain management is all about business process. Many organizations admit their business processes are broken and in need of an overhaul. Business Process Management (BPM) has transformed the world we live in since the days of Adam Smith. From auto manufacturing, to insurance claim processing, to ordering a drive-thru burger, business processes have been analyzed and transformed for the better with strategic business goals such as: Product Quality • Operating Performance • Cost Reduction Seriously. Burgers. Wendy’s Restaurants hired global consultants McKinsey to study the way orders were processed at drive-through locations. Detailed analysis of the chain of tasks comprising an end-to-end drive-through order revealed (among other things) that one key phrase in the order-taker’s voice script made a 7 to 10 second difference to order processing time: Present Method of Operation (PMO) Script: “Hi, how are you today? ” Future Method of Operation (FMO) Script: “What can we get you today? ” It turns out that a seemingly trivial few seconds’ delay at the front end of the transaction process significantly impacted throughput, customer satisfaction, revenue, and cost per order. Business Process Management improvements typically yield 15% to 50% increases to product quality, productivity, and cost savings. Organizations in every industry have many thousands of repeatable business processes characterized as a set of activities and tasks purposed to achieve a goal. Business Process Re-Engineering/Improvement (BPE/I) took off in the 1990s as organizations found opportunities to establish logical process order over activities that may have been unplanned, unstructured; and rife with errors, duplicated effort, and inefficiencies. Business wisdom dictated that the biggest, gnarliest, most customer-facing processes in any organization be targeted... --- - Published: 2020-10-07 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/a-systems-based-approach-to-corporate-domain-management/ - Categories: Domains, DNS, and TLS Certificates - Tags: The Pain of Corporate Domain Management Corporate domain management is painful, but it needn’t be. New best practices and modern systems eliminate manual processes, cost, and effort while locking down security exposure that places enterprise at risk. Managing the domain lifecycle is painful for organizations. Domains are touched by numerous internal stakeholders yet few, if any, owners. Originators request and register domains - by the hundreds – that accumulate in over-sized portfolios. Subdomains and redirection domains expand the corporate digital footprint to the point where the original domain purpose is often forgotten. IT staff is burdened with managing every domain, their respective DNS zone files, TLS certificates and a necessary array of security measures including DMARC, SPF and DNSSEC. This is a labor-intensive task, unsupported by automated tools and it must be maintained over a period of years. Most organizations fail domain/DNS security audits miserably. HTTP error codes, missing TLS certificates on redirects and the absence of DNSSEC, SPF and DMARC are common issues. Overhanging the pain of internal domain management is a highly fragmented and non-integrated vendor landscape, exacerbated by redundant, multi-vendor choices made by organizations. Companies routinely use more than one domain registrar, each with its own password security regime. Some offer MFA and SSO support. All too many still operate via email and call-center access – easily spoofed by unauthorized parties. These same organizations often use multiple managed DNS service providers. Because vendors’ domain and DNS administration systems are not integrated, malicious actors find it easy to identify orphaned domains or neglected DNS settings and appropriate them for misuse, unbeknownst to enterprise IT or InfoSec teams. They’ll even activate a fake SSL certificate on a hijacked domain using the domain owner’s organization-validated name for... --- - Published: 2020-09-29 - Modified: 2024-03-18 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/domain-management-pain-governance-compliance-and-cost-of-ownership/ - Categories: Domains, DNS, and TLS Certificates - Tags: The Pain of Corporate Domain Management Corporate domains are held in ever-growing portfolios for years. These critical, digital assets demand ongoing governance and compliance at increasing cost, effort and IT security risk. Stakeholders charged with these tasks need better tools and practices. The domain management lifecycle moves quickly from the business originator who registered the domain to IT staff that set it up and configure the initial DNS settings, but it doesn’t stop there. For most organizations, a domain is forever and entails years – even decades of ongoing governance. Large portfolios with years of accumulated legacy domains and DNS configurations create governance and compliance management pain for the organization that grows exponentially over time. Domain portfolio governance is a necessary process of continually examining every domain registered by the organization to determine whether it should be renewed or expired upon its registration anniversary date. When hundreds or thousands of domains are involved, expiring monthly on contract terms ranging between one and ten years, it can become a painful and costly area to manage. In the absence of an end-to-end change management system with tamper-proof historical data and audit reports, domain stakeholders have a difficult time knowing which domains are necessary vs. those that can be discarded. The default position becomes “keep everything. ” This is problematic in two ways: Bloated domain portfolios with accumulated legacy domains add unnecessary cost to the organization – not just for the domain renewal fees but also for ongoing DNS maintenance and security compliance by IT staff. Old legacy domains no longer actively used and managed by the business are rich targets for malicious parties who can hijack orphaned DNS settings for phishing, identity theft, and other purposes that can damage a brand. The best practice... --- - Published: 2020-09-22 - Modified: 2022-09-14 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/why-it-suffers-most-through-the-domain-dns-and-ssl-lifecycle/ - Categories: Domains, DNS, and TLS Certificates - Tags: The Pain of Corporate Domain Management One a new domain is registered it falls on IT (network operations and InfoSec) to manage the domain through its end-to-end lifecycle. IT bears the brunt of high cost, manually intensive processes that are fraught with known security risks to the enterprise. The domain management lifecycle may start with a business originator but it’s safe to say that IT owns at least 80% of the journey thereafter. Registering a domain is easy. Setting it up and operating it securely over its lifecycle is another matter entirely. IT owns that show and for most IT folks it’s painful. To be fair, the domain management journey is easy for organizations that own just a handful of domains. Competent IT network administrators with DNS expertise can easily keep track of a small set of domains and their respective DNS settings, SSL certificates and security configurations. IT pain escalates at enterprises that own hundreds or thousands of domains. The complexity of operating and system silos inherent to these organizations makes errors, omissions and dangerous security gaps not just prevalent but unavoidable. Ongoing surveys bear this out: over 70% of the F1000 have failed to establish basic DNS security practices such as DNSSEC despite the known rise in DNS breaches and compromise. 4 Challenges faced by IT 1. IT Administrators Don't Control the Registrar Vendor Decisions Large organizations typically use more than one domain registrar and have several – even dozens of active DNS services. Managing complex network settings across multiple vendor platforms is difficult. Each service has its own administrative control interface. Access controls such as SSO and 2FA differ from vendor to vendor or are absent altogether. Almost no registrar, DNS, or SSL certificate providers integrate with one another or an enterprise change management environment.... --- - Published: 2020-09-16 - Modified: 2024-03-18 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/front-end-domain-management-pain-originators-approvers-and-registrars/ - Categories: Domains, DNS, and TLS Certificates - Tags: The Pain of Corporate Domain Management Corporate domain management pain starts with the people that request and approve domains. Process flaws in this critical, initiate step launch an ongoing lifecycle of high cost, effort ,and IT security risks that can be avoided. End-to-end business lifecycle processes are a lot like ballistics: being off by a wee bit on the front end makes for a huge miss on the target of the projectile’s journey. And so, it is with the lifecycle of managing a corporate domain. Much of the pain of managing corporate domains throughout an organization can be traced to the outset of the domain journey where errors and omissions begin. Registering or introducing a new domain starts with a role we call “the originator. ” She/he may be a marketing manager setting up a time-limited campaign in need of a customer-facing URL. New products require domains for brand and promotional purposes. A typical new pharmaceutical product often registers a score of domains, with generic Top Level Domain (TLD) and country code TLD versions for various market jurisdictions (newdrug(dot)us/ca/de/cc, etc. ) In-house legal counsel seeking to protect corporate brands and intellectual property may insist upon registering common misspellings and preventative-use domains, e. g. www. newproductsucks. tld Large organizations operate in silos with many originators. Each is advised to follow a defined process to make sound decisions and prevent all manner of domain-related errors and omissions throughout the domain lifecycle. Every new domain requires up-front considerations: What domains and TLD variations are required for a particular digital initiative? Why not use a sub-domain? (www. newdrug. brand. com) Is the domain temporary i. e. a seasonal campaign? Should it re-direct on a given date? What is the ideal renewal term? Should it auto-renew or... --- - Published: 2020-09-08 - Modified: 2024-04-11 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/the-pain-of-corporate-domain-management/ - Categories: Domains, DNS, and TLS Certificates - Tags: The Pain of Corporate Domain Management Domain management is a long lifecycle task that impacts numerous stakeholders throughout an organization. As domain portfolios grow in size, operations staff in multiple departments are facing pain in terms of costs, work effort, and IT security risks. Corporate domain management broadly covers end-to-end activity concerning an organization’s domains. For individual domain owners and small businesses, it’s not much to manage. You order a domain from a registrar, configure the DNS settings, and auto-renew the domain by credit card. Simple right? In larger organizations with hundreds, even thousands of domains, it isn’t simple at all. In fact, it’s extremely complex and quite painful for your teams. Corporate domain portfolios are increasingly the source of cyber security breaches that have seriously damaged prominent brands and their customers. Attackers employ clever multi-step campaigns to compromise domains and DNS networks. DNS hijacking and man-in-the-middle schemes expose enterprise brands and customers to credential and data theft. Managing domains securely has become a costly endeavor, involving multiple stakeholders in the organization. The massive shift to digital transformation and cloud-based networks has propelled the global domain name system (DNS) to unprecedented usage and ubiquity. Cloud adoption has changed the game. The legacy approach to secure the enterprise network perimeter is dead. Domains, the DNS and associated services like PKI-based encryption certificates are growing massively. With this growth, comes new challenges, and management pain for organizations. The vendor landscape for corporate domains and related services such as DNS, SSL certificates and DNS security products is fragmented and complex. Many organizations use multiple domain registrars for their portfolio. The few that have consolidated on one or two registrars invariably have dozens of DNS services from years of legacy activity, corporate acquisitions and siloed operations across the... --- - Published: 2020-05-11 - Modified: 2024-04-11 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/digital-security-compliance-priorities-covid-19/ - Categories: Domains, DNS, and TLS Certificates Before COVID-19, enterprises are sure to experience material security breaches due to a history of short-term priority setting, autopilot driven by shareholder demands that put off addressing digital risk exposure. Before COVID-19: A Top-Down Autopilot Of Revenue Growth & Cost Cutting Priorities Enterprises are sure to experience material security breaches due to a history of short-term priority setting, autopilot driven by shareholder demands that put off addressing digital risk exposure. Business objectives drive department leader and team priorities in operations, finance, product, IT and all departments. Whether the objective is revenue growth, new product introductions, client service delivery or operating cost reductions, the business objectives dictate the priorities teams execute. It is a top down methodology autopilot. In the words of Yul Brynner, as the mighty Pharaoh ignoring risks, “So let it be written, so let it be done. ” Every year priorities are set and then updated at C-Level operating meetings to review status. All priorities are driven by the annual plan and the guidance that CEOs communicate to shareholders. Unlike revenue growth or cost reduction objectives, digital security, and compliance objectives to reduce business risks tend to play second fiddle. Enterprise leaders are not naïve, but they are self-interested. They know security and compliance initiatives and technologies are always important considerations. However, in the final analysis, when weighed against human resource budgets and competing revenue growth or cost reduction initiatives, digital security and compliance initiatives often fail to make the cut. They remain in the queue to be executed later. Preventative security and compliance initiatives are IMPORTANT but rarely URGENT relative to EBITDA immediacy. Executives tend not to get bonused on improved security and compliance postures. They do get... --- - Published: 2020-03-02 - Modified: 2021-10-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/how-to-simplify-dnssec-adoption/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security Any company with an online presence — that is, every organization — is vulnerable to attacks that compromise the DNS. DNS attacks can disable a website, compromise and alienate customers, and hurt the bottom line. DNSSEC is an important defense measure to mitigate DNS vulnerabilities. Despite increasing attention from cyber-security agencies and IT security operators, enterprise adoption of DNSSEC has been historically low. The biggest barrier to DNSSEC adoption is the amount of management effort it requires. DNSSEC management is challenged by the consequences of human error. Effective DNSSEC deployment involves a digital chain of trust comprised of domain owners, registries, registrars, and managed DNS service providers. Each player in the chain controls components that must be coordinated for DNSSEC to properly secure the DNS over the lifecycle of a domain. For most IT organizations, this level of human work effort and attention to detail can be daunting. DNSSEC validation requires looking up every RRSIG and DNSKEY at regular intervals to verify their status. This process is typically manual, unwieldy and ineffective. Companies have either avoided it, resisted it, or implemented it incorrectly. Independent audits confirm that DNSSEC is non-functional in many cases, even in organizations that believe it’s been implemented correctly. Whether DNSSEC is absent or incorrectly configured, the outcome is the same: A company’s web presence, brand reputation, online identity, and customers are open to DNS man-in-the-middle compromises. Protecting your DNS network does not have to be an overwhelming or unreliable task. DNSSEC management can be repetitively simple once organizations eliminate administrative complexities and... --- - Published: 2020-02-21 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/how-to-know-if-your-dnssec-is-working/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security DNSSEC, the security settings that validate domain query data, is a critical component in defending the domain name system. DNSSEC uses pairs of encrypted public and private keys to validate DNS query data. This is essential to protect clients from forged DNS data that can result from cache poisoning, a man-in-the-middle exploit that can present fraudulent and harmful website content to unsuspecting Internet users. Fraudulent websites enabled by hijacked DNS can cause organizations and their customers or users significant harm: lost revenue, diminished brand standing, and breach of privacy. DNSSEC is an effective cybersecurity measure when it’s provisioned correctly and maintained over the life cycle of a domain. National security agencies and IT experts agree: DNSSEC should be a priority for every organization. DNSSEC deployment, however, isn’t easy or simple. Corporate adoption of DNSSEC has been impeded by internal operational issues and external “ecosystem” factors. DNSSEC must be carefully managed and monitored to be effective. External DNS audits routinely confirm that many organizations, under the assumption that their DNSSEC setup is working, in fact have missing or expired configuration elements that invalidate their DNSSEC coverage. Validating DNSSEC For DNSSEC to operate correctly, required digital cryptographic signatures must be present and valid. The first is the resource record signature, or RRSIG, provided by the domain holder that identifies a specific DNS entry. If a domain owner neglects to provide the RRSIG, the domain being sought will fail to return a DNS query result. The second is the delegation signer, or DS record. This cryptographic signature... --- - Published: 2020-02-05 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/the-real-risks-of-not-deploying-dnssec/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security To understand the importance of DNSSEC, you need to know what can happen without it. Hackers aggressively target the DNS because it’s both vulnerable and valuable. Without DNSSEC in place to authenticate a legitimate online destination, an organization’s priceless user traffic can be hijacked. When the DNS is compromised, companies and their customers both suffer the consequences. Organizations can lose control of their DNS in a number of ways: DNS hijacking, domain shadowing, DNS cache poisoning, Man-in-the-Middle (MITM), and DNS spoofing. In many cases, malicious parties can take advantage of the complexity of DNS management, which makes companies vulnerable. Organizations typically use multiple DNS providers, few of which interface with domain registrars. This common DNS management scenario exposes organizations to compromise through misuse of orphaned domains and dormant DNS zone files. Hackers actively scan corporate networks for these vulnerabilities. Hijacked, spoofed, or corrupted DNS files are used to divert internet users and customers to fraudulent websites that can convincingly imitate a trusted enterprise brand. These fraudulent sites can be further disguised by the use of mimicked SSL certificate-based encryption that appears in the browser window under the victim brand’s own name. Unauthorized certificates are easy to acquire when the bad guy has control of the domain owner’s DNS. Malicious sites can expose users to spam, fraud, and malware infection. In the worst cases, users will enter login credentials or financial information without suspecting their data or identities are being stolen.  In another worst-case scenario, stolen login credentials can be used... --- - Published: 2020-01-29 - Modified: 2022-07-15 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/the-challenges-of-deploying-dnssec/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security Why Is DNSSEC Adoption So Low? DNS Security Extensions (DNSSEC) are a proven security measure to defend against DNS hijacking, yet surprisingly few organizations have deployed it. Those that have deployed often fail to ensure it’s actually working on the domains they believe to be covered. Poor enterprise DNSSEC adoption is a serious concern to Internet security experts. Confusion, complexity, and incompatibility are likely barriers to organizations adopting comprehensive DNSSEC deployment policies. DNSSEC was developed in the 1990s yet much of the internet infrastructure does not support it.  Fewer than 20% of all DNS services support DNSSEC. A paltry 3% of the Fortune 1000 have protected their principal corporate website domains with DNSSEC. And when it’s nominally deployed, it often doesn’t work: More than 30% of secured domains are misconfigured, according to APNIC. The reason for anemic adoption rates may be that expediency has won out over security. DNSSEC requires compatible connections between domain registrars, DNS services, and the domain registry. Organizations tend to use multiple DNS services and registrars, making DNSSEC incompatible across their networks. When considering the effort of consolidating DNS services to a single, DNSSEC-compatible provider, organizations will often choose the least-resource-intensive path. A DNS consolidation project may be viewed as a tangible cost against the hypothetical risk of DNS compromise. DNS hijacking incidents in many forms e. g. DNS spoofing and Man-in-the-Middle, are on an alarming rise, prompting global security alerts from the U. S. Department of Homeland Security and others. With DNSSEC high on the list of expert recommendations to defend... --- - Published: 2020-01-06 - Modified: 2022-09-13 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/how-does-dnssec-work/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security DNSSEC protects brands by ensuring internet users won't be misdirected to unauthorized online content destinations. Here's how it works. Domain Name System Security Extensions (DNSSEC) were developed in the 1990s as an industry response to vulnerabilities in the domain name system (DNS). When the DNS looks for an IP address i. e. from a browser-originated query, there is no assurance that the query response is authenticated. Malicious parties can forge or spoof DNS responses and misdirect internet users to fraudulent content. DNSSEC protects brands by ensuring internet users won’t be misdirected to unauthorized online content destinations. DNS hijackers often use fraudulent websites to steal data from internet users such as banking credentials and credit card payment information. DNSSEC makes sure users arrive at their intended destination and helps protect against possible data theft. Because DNSSEC is tied to the DNS, knowledge of one is important to understanding the other. The DNS is effectively a lookup service that directs users to the online destinations or content they seek. When users try to connect with a website, the action is made possible by DNS zone file data. The DNS is organized into zones and uses resolvers to direct browser-based queries. To protect DNS zones, DNSSEC matches two digital keys, one public and one private, to digitally sign the authenticity of DNS data. It ensures that DNS resolvers are locating the legitimate IP destinations instead of hijacked or cache-poisoned DNS zone files. The private key is known only to the domain owner. When DNS data is requested from the website, the private key is used to “sign” the data. The recursive DNS server compares the signature... --- - Published: 2019-10-16 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/what-is-dnssec/ - Categories: Domains, DNS, and TLS Certificates - Tags: Improving DNS Security DNSSEC is the most effective security measure a company can implement to defend against DNS hijacking. In part 1 of this 6-part series, we explain what DNSSEC is and why it’s so effective. Domain Name System Security Extensions, or DNSSEC, is an important security protocol that prevents internet users from being redirected to fraudulent websites and unintended addresses. Simple enough but understanding how it works calls for an overview of the DNS security and a little history lesson. DNS: An Origin Story Since the earliest days of the internet, Internet Protocol (IP) addresses have been used to identify where a website is hosted. Easier access to the internet called for a way to convert words into hard-to-remember IP addresses. For example, when someone types in “Apple. com,” the browser sends the user to the IP address “17. 172. 224. 47. ” Enter the DNS: a global routing directory for the internet. The DNS is foundational to the functioning internet as we know it. Every browser click we make directs our “requests” to servers that present content and services. But it has one glaring problem: It isn’t particularly secure. Internet security experts and national cybersecurity agencies in the U. S. , U. K. , and Australia have been increasingly alarmed at DNS-related threats on a global scale. Hackers have found many ways to abuse and misuse the DNS, including hijacking, spoofing, cache poisoning, and related man-in-the-middle attacks. These are all variations on a theme: criminals forge or manipulate DNS look up data to route users away from legitimate online destinations to their own, malicious online content. It’s easy to see why this is dangerous. You may think you’re surfing to and logging in to Yourbank. com, only to be... --- - Published: 2019-08-28 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/when-you-want-to-improve-dns-security-focus-on-efficiency/ - Categories: Domains, DNS, and TLS Certificates Inefficient and costly DNS management practices undermine DNS security. 70% of the Fl 000 has yet to implement DNSSEC or DMARC because it's too hard to manage. See the three basic efficiency practices that make DNS security easy to deploy. Your online operations and digital brand are only as secure as your DNS. Yet the difficulty of managing the DNS prevents most companies from effectively securing the system. Inefficient and costly management processes undermine DNS security, causing the most common DNS issues today. Ensuring DNS security involves numerous complex operations, including protecting access to domain registrar systems; managing DNS services and associated zone files; ordering and renewing SSL certificates; and deploying DNS security (DNS Security Extensions, Domain Message Authentication Reporting & Conformance, and Sender Policy Framework), also known as DNSSEC, DMARC and SPF, respectively. For most organizations, these tasks are carried out with manual processes. Emails, forms, and Excel spreadsheet lists are the basic tools for DNS change management. While vendors do offer online admin portals, each registrar, DNS service, and certificate authority has its own, non-integrated admin environment. Simply put, it’s inefficient. Download our security and compliance checklist to find out what your organization is doing right and what is putting it at risk. Inefficient management causes three common DNS security issues: missing SSL encryption, missing or flawed deployment of DNSSEC, and inadequate use of DMARC and SPF. Most organizations employ SSL certificates to encrypt their principal web destinations. Often missed, however, are domain redirects, which also require SSL certificates in order to maintain SSL-protected destinations. Managing SSL certificates on redirect domains is expensive and administratively burdensome, hence why they’re frequently missed in the encryption chain. Manual processes make it very difficult to track the setup and implementation of... --- - Published: 2019-08-21 - Modified: 2022-09-17 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/effective-dns-security-starts-with-these-4-best-practices/ - Categories: Domains, DNS, and TLS Certificates Few organizations deny the importance of protecting the DNS, yet the challenges of managing and securing domain name systems leave organizations at risk of attack. In this blog post, we discuss how to protect the DNS using security best practices. Follow these guidelines to keep your digital enterprise and customers safe: Consolidate Domains to a Single Corporate Registrar Most organizations do their best to register the majority of their domains with a single registrar. Having even a few domains managed with more than one registrar can create security vulnerabilities. Recently, major companies including Mastercard, Hilton International, and ING Bank had each chosen a preferred registrar but also had a few orphaned domains hosted with GoDaddy. Hackers targeted them among 600 other companies, successfully hijacking 4,000 domains for fraudulent and criminal use. Relying on multiple registrars makes DNS security difficult because each one has different login credentials, access controls, and notification procedures. It’s taking what should be a unified, integrated process and turning it into dozens of redundant and contradictory processes. Transitioning to a single corporate registrar unites all domains under a consistent set of security standards. To begin consolidating domains and DNS, perform an audit to discover all domains, both active and inactive. All domains should be migrated to a single registrar. Once all domains are consolidated, conduct a detailed zone file audit to discover — and clean up — superfluous or insecure domains and associated DNS settings. Consolidate DNS Providers Most large organizations use dozens of DNS providers. Using... --- - Published: 2019-08-07 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/why-is-dns-so-hard-to-manage/ - Categories: Domains, DNS, and TLS Certificates Enterprise DNS is more vulnerable to attack than ever, despite well-known best practices intended to prevent compromise. Why is this the case? The reality is, DNS is hard to manage. Learn three ways to make DNS management easier to improve security. No IT professional would argue against the idea that DNS security is a critical component of an organization’s security posture. Yet the DNS is more vulnerable to attack than ever, despite well-known best practices intended to prevent DNS compromise. Why is this the case?  The reality is, DNS is hard to manage. Common DNS management practices create more DNS weaknesses than they solve. Here are three situations IT security teams need to avoid: Managing a Fragmented DNS Ecosystem Organizations seem to collect DNS services like baseball cards. However, using more than two DNS services is too many. Managing multiple DNS services, domain registrars, and TLS certificate authorities on your network creates vendor fragmentation and unnecessary complexity. The end result is compromised security. Every DNS service provider has its own administrative portal, each with its own login credentials and access controls. For the IT security custodian, it’s like having a ring with dozens of keys on it. DNS is much easier to secure with a single, multi-factor access regime. Using multiple DNS providers has another major security issue: Domain Name System Security Extensions. DNSSEC is universally recommended to authenticate your online traffic, mitigating the risks of DNS and domain hijacking. It’s a high-priority best practice for security. The difficulty is that DNSSEC’s functionality requires close integration with each and every domain registrar and DNS service. Using multiple DNS services virtually guarantees that DNSSEC will not work across your domain portfolio — and if it does, it’s because your staff is burdened with inefficient... --- - Published: 2019-08-06 - Modified: 2024-06-21 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/how-to-minimize-threats-with-these-7-dns-security-solutions/ - Categories: Domains, DNS, and TLS Certificates DNS security is easily compromised and more targeted than ever. In this post, discover seven DNS management practices that mitigate DNS security risk and protect your organization and digital users. In a recent post, we explored the ways DNS security is easily compromised. In this post, we’ll show you how to fix DNS security issues. Defend your external DNS network and protect your customers and users with these smart strategies: 1. Prioritize End-to-End Transparency You can only manage what you can see. A DNS network is large and complex by nature: Thousands of resource records (also called zone files), SSL cert renewals, and domain expiry dates make constant monitoring virtually impossible. That’s why it’s critical to have full visibility into your DNS change management. Start mapping the journey of every new domain through each stage of its life cycle: origination, transfer to IT, and post-setup. A systems-based approach can help you monitor your DNS network to ensure transparency, error reduction, and DNS security compliance. 2. Consolidate Your Domain Registrars and DNS Services In most organizations, multiple stakeholders have frequent touchpoints with DNS-related elements on many vendor systems. End-to-end transparency and control are virtually impossible using only a handful of domain registrars and DNS services — yet most organizations have as many as 30 or more! Each of these services must be managed separately via disconnected admin portals. This reduces visibility into the DNS network. Domains should be consolidated to a single corporate registrar. DNS services should operate on one service with a redundant secondary service. Consolidation makes oversight significantly easier, giving decision makers a single source of truth: a unified point of control ensuring DNS security. 3. System-Based Change Management... --- - Published: 2019-07-19 - Modified: 2024-05-07 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/external-dns-security-an-overlooked-it-security-threat/ - Categories: Domains, DNS, and TLS Certificates Enterprise IT security frequently overlooks the DNS - an increasingly vulnerable layer to every organization’s cyber security. Learn how common DNS security weaknesses could be a threat to your organization’s digital operations and brand value. When assessing threats to enterprise IT security, there’s a tendency to overlook External DNS: an increasingly vulnerable layer to every organization’s cybersecurity. Losing control of the external domain name system, or DNS, is a massive threat to an organization’s digital operations and brand value. It's also an increasingly common occurrence. DNS security is compromised so often, in fact, that the U. S. Department of Homeland Security and other organizations have issued alerts about this vulnerability. Your external DNS security is the gatekeeper that protects your company and your customers in all digital interactions. Losing control over a domain or its DNS routing leaves you vulnerable to a loss of digital services at best, or exploitation and compromise by malicious parties at worst. In the less concerning scenario, online visitors can experience query (HTTP) or display errors; the result is forms, e-commerce, or mobile applications failing to respond. In the worst cases, hackers can direct your users to lookalike sites designed to steal sensitive data such as financial information. Variations on these DNS security issues include domain hijacking, DNS hijacking, domain shadowing, DNS cache poisoning, and DNS spoofing.  Whatever the specifics, the result is the same: The DNS has been compromised. The reason DNS hijacking and its common variations pose such a threat is that the DNS is incredibly hard to manage. It’s part of a highly complex interdependent network including domains, subdomains, and redirect domains, all of which must be encrypted by TLS/SSL certificates to protect the privacy of your customers when they interact... --- - Published: 2019-07-09 - Modified: 2022-09-20 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/what-is-dns-security-and-why-is-it-important/ - Categories: Domains, DNS, and TLS Certificates Organization’s Domain Name Systems (DNS) have come under increasingly frequent and serious attacks. This 1st of a 6-part series explains what DND security is, why it’s under threat and what to do about it. What is external DNS security? If the external DNS itself is the internet’s directory, then think of security as the gatekeeper, identifying and protecting visitors while keeping your premises safe. Essentially, it’s a way for your business to screen and validate visitors. It also assures your visitors that your website or online application is authentic. External DNS cybersecurity protects both the company and its customers from a wide range of threats known to prey upon the DNS as it directs traffic. Understanding DNS Security There are two important aspects of ensuring DNS security: technical settings and management systems. DNS security settings protect domains and users, ensuring privacy and route authentication. Most organizations employ SSL certificates on their domains to ensure visitors are protected from eavesdropping during their online sessions. Route authentication is a trickier matter. When users attempt to connect to a website — a domain — without route authentication, it’s easy for your visitors to be sent to a falsified destination outside your control. Validating domains before routing to them prevents the kind of man-in-the-middle cyberattacks in which hackers "hijack" and impersonate authentic websites. Domain or DNS hijacking is on the rise with dire consequences for organizations and their users. DNS Security Extensions (DNSSEC) can prevent threats like DNS cache poisoning and DNS hijacking. Our Apex-level DNS audit can test your DNSSEC deployment. The other aspect of DNS network security is domain lifecycle management: the systems and processes that manage all the various entry points companies create into their network.... --- - Published: 2019-05-31 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/serious-new-domain-and-dns-compromise-demands-a-preventative-approach/ - Categories: Domains, DNS, and TLS Certificates On April 17, Cisco’s Talos Group reported a widespread DNS hijack targeting government and enterprise domains. Standard domain and DNS defenses aren’t working easily bypassed, but a new and preventative approach can help you protect your digital enterprise. Traditional DNS security procedures are easily bypassed by determined attackers. On April 17, Cisco Talos reported a DNS hijack targeting government and enterprise domains in certain TLDs. It was a sophisticated and effective attack highlighting the damage bad actors can do using external DNS compromises to harvest data and customer information. In this case, credentials were obtained to gain access to enterprise VPNs. The attack method is repeatable, especially against enterprises that fail to address exposures with a prevention mindset. Enterprises must update policies and enforce them with domain and external DNS security control systems designed to address modern security threats. What Happened? In a nut shell... The bad guys accessed Registry/Registrar systems and hijacked domain DNS settings They directed traffic through their servers intercepting and harvesting ALL data in transit They forwarded legitimate requests to the intended servers to avoid detection - and it worked Nobody Noticed Compromised data and credentials were likely sold and used to perpetrate other breaches including compromising VPNs. An article in Wired on the same compromise, advises that enterprises purchase “Registry Lock” on their domains in order to prevent this type of attack. By itself, registry lock is a good action, but it is wholly inadequate as an effective network defence measure, akin to locking the car door while leaving the back window open. In order to defeat this single protection measure, the attacker merely needs to add or edit an A Record vs. edit a Name Server.  Result: Registry Lock Security Action DEFEATED. Bad actors know... --- - Published: 2019-03-28 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/domain-and-dns-security-measures-dont-work/ - Categories: Domains, DNS, and TLS Certificates Organizations are vulnerable to cyber threats despite security measures recommended by experts. The reason? Most DNS security measures are impractical or too labor-intensive to work in real-world implementation. Here is a step-by-step review of the top 10 measures and how to make them work for your organization. Why Organizations are vulnerable despite security measures The first weeks of 2019 saw a number of global domain and DNS security threat alerts issued by respected organizations.  A state-sponsored DNS hijacking exploit threatening both public and private sector organizations has been widely reported by Homeland Security’s NCCIC and the UK’s NCSC. Both cite credible private research from FireEye and Cisco’s Talos group. This threat isn’t the only one in play, nor is it the first. Similar domain hijacking mischief was recently reported involving the infamous hacker Spammy Bear. Reports show that GoDaddy’s DNS service was compromised allowing attackers to take control of DNS on domains owned by major brands including Mastercard, ING Bank, Hilton International, and DigiCert. In all, over 4,000 domains have been compromised in 600 organizations! Domain and DNS network compromises have occurred repeatedly for many years, and appear to be accelerating. DNS industry experts invariably respond to these reports with best practice recommendations. Respected security analyst KrebsonSecurity has weighed in with details and recommendations, as has Akamai. Despite many recommendations from experts, DNS breaches persist. Why aren’t recommended threat mitigation tactics working? There are several reasons. In short, most best practice recommendations, though well intended, are impractical in real world implementation on disconnected, legacy registrar and DNS systems operated in silos. Let’s take a look at a comprehensive list of best practices, recently published by a number of respected authorities and examine their respective weaknesses. Domain and DNS Threat Mitigation Practices Weaknesses and Barriers to Success 1. Implement 2FA/MFA password controls on domain registrar... --- - Published: 2018-11-14 - Modified: 2022-09-15 - URL: https://authenticweb.com/brand-top-level-domains/icann-world-vs-real-world/ - Categories: Brand Top-Level Domains Is the global governing authority for domains in touch with digital reality? Maybe not… The Pace of Digital Change As the pace of real-world digital change accelerates, one agency of huge importance seems to be in a full stall. That agency is ICANN. The stasis felt by the ICANN community is becoming a crisis that threatens the industry ICANN governs. ICANN’s regulatory/community paralysis is limiting the ability of existing and prospective contracted parties to plan for and participate in the digital transformation paradigm shift. ICANN’s October meeting in Barcelona was host to yet another series of ongoing community discussions on Policy Development Process (PDP) with the goal to find consensus to fully open the top-level domain expansion program. Since 2012, timelines to the next round have drifted. Despite some progress, due to the dedicated work of volunteers, a date for the next round still appears to be two to three years away - assuming all goes well. This timeline is at odds with real world digital transformation acceleration. To resolve the impasse and propel action there was a proposal by community stakeholders to fast track a round for Brand TLDs, followed by geographic strings and generic strings. This segmentation may be the best way to expedite the next opening for ICANN to stay relevant. We will see shortly if this is deemed workable as ICANN and the community consider the implications. A predictable and expedited process would allow enterprises to include a Brand TLD as part of their digital transformation strategic planning. Without next round predictability, it is simply not on the agenda. It... --- - Published: 2018-10-29 - Modified: 2022-09-15 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/google-is-making-the-internet-safer/ - Categories: Domains, DNS, and TLS Certificates Brands need to get on board – or risk digital fallout Google is leading global initiatives to make the Internet safer. Global data shows that Canadian brands aren’t keeping up. Failure to encrypt all online content poses risks to companies and their customers. This article explains recent changes to browser protocols that every digital marketer needs to be aware of. The Internet is a Dangerous Place The Internet is an increasingly risky place for organizations and Internet users. Enterprise brands and their customers are particularly vulnerable as nefarious actors target commercial operations and their digital stakeholders. Daily news abounds with real-life stories of data breaches, website-related fraud, email-phishing and other costly, malicious exploits. For years, major stakeholders to the global Internet have been committed to mitigating the risks that we as consumers, and brand owners all face. Google is a leading example, having launched a charter project in 2005 that has come to be known as the Safe Browsing Project. They’ve engineered and implemented numerous sophisticated measures to help ensure that users of Chrome, Android, AdSense and Gmail aren’t tricked into doing something harmful to their privacy or security. Web Page Encryption is Becoming Universal A hugely important aspect of browsing the Internet is the two-fold concern that: You are indeed on the website you intend rather than a clever imposter siteNo one can eavesdrop on your browsing to steal login details or other private data Browsers such as Google Chrome, Apple Safari and Mozilla Firefox share a common approach... --- - Published: 2018-09-19 - Modified: 2022-09-13 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/the-dreaded-domain-and-dns-audit/ - Categories: Domains, DNS, and TLS Certificates Companies know the importance of auditing their domains and DNS. So why don’t they? There must be a better way to stay compliant and secure... Every digital manager and IT professional understands the importance of maintaining a healthy domain portfolio and DNS infrastructure. Everything that is digital depends upon domains and their mission critical zone files. We all know this infrastructure should be carefully monitored; yet the vast majority of enterprises struggle to effectively keep tabs on this area. They rely on periodic, internal DNS audits that aren’t frequent enough, or sufficiently thorough. The consequences of a “set it and forget it” domain/DNS operation can be disastrous. There is an abundance of best practices advice compelling us to watch over our domain and DNS operations carefully. Performance optimization requires monitoring of negative caching, TTL settings, and zone delegation. Many companies lack a secondary DNS service for failover. Security policies require us to confirm SPF settings to minimize email spoofing – as well as DMARC, DNSSEC and DKIM settings where applicable. Inactive domains and stale IP addresses are magnets for nefarious actors seeking to compromise network security. Ensuring compliance can be an ongoing struggle between your well-intended policies and the reality of fallible human behavior. This explains the habitual “audit and clean up” activity surrounding domains and DNS. Domain (and subdomain) portfolios are growing, along with their underlying DNS, i. e. resource records. The attack surface is expanding at a faster rate. A typical enterprise portfolio of 1,000 domains can easily have 15,000 or more resource record settings that change frequently. This is the worst... --- - Published: 2018-05-10 - Modified: 2024-06-21 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/domain-and-dns-security-policies-work/ - Categories: Domains, DNS, and TLS Certificates DNS security policies like DMARC and DNSSEC are proven to work. So why aren’t enterprises using them? So why aren't they being used? Ever-expanding attack surface areas and hordes of relentlessly motivated malicious parties in hacker-land are surely depriving many CISOs of a good night's sleep. The situation is dire, but it’s also inexplicable. On the one hand, network security threats truly present technical challenges to the even most competent IT operators. On the other hand, why is it the perennial case that so many companies appear to be lacking in fundamental defenses that are universally recommended? Metaphorically, if you lived in a high-theft neighborhood, would you leave your front door open and post a sign saying, “This house is NOT protected by ADT? ” Let’s take a look at one especially bothersome issue: email phishing. Numerous credible sources reckon that 2018 will be a record year for phishing attacks. Banks and healthcare providers are cited as the top two targeted sectors. It’s a sure thing that at least 15 banks with revenues over $1 billion WILL suffer from successful phishing scams. Some of them are repeat – even serial victims. Defending one’s enterprise and customers from spoof email scams would seem to have an effective solution, embraced by all: just implement DMARC, DKIM, SPF and DNSSEC. Not to trivialize the subject, there are certainly many other measures required for a complete defense, but these DNS security parameters are minimally essential. No right-thinking IT professional would argue not to implement them. So here’s the big question: why are so few companies implementing these hugely necessary DNS security... --- - Published: 2017-07-24 - Modified: 2024-06-27 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/who-won-the-war-of-the-cxos/ - Categories: Domains, DNS, and TLS Certificates A Gartner analyst, Laura McLellan once famously predicted that CMOs would outspend their CIO counterparts on technology within five years. Marketing vs. IT spending on technology and how we’re getting along while spending it. A Gartner analyst, Laura McLellan once famously predicted that CMOs would outspend their CIO counterparts on technology within five years. Not surprisingly, Ms. McLellan attracted a backlash of opposing opinions, including one from a competing research firm, Forrester. Someone along the way coined the phrase “War of the CXOs,” to dramatize this competition; a phrase that today, uniquely fails to produce a meaningful result on a Google search. McLellan is now retired but of greater note, the five years is up, her original report having been authored in 2012. So: was she correct? According to her fellow analyst Jake Sorofman, likely “yes. ” He reckons that as of September 2016, marketing allocated 3. 24 percent of revenue to technology spending vs. the CIO’s allocation for IT at 3. 4 percent. Sorofman concludes that marketing spending on technology will have surpassed that of IT in 2017 – spot-on to McLellan’s prescient thesis. Unlike the global conflicts of the last century, wars today rarely end with an all-parties’ armistice. They tend to change shape and continue on a reduced scale; skirmishes if you will, perhaps ready to reignite into larger conflict on another day. Out in the real world of B2B technology sales and marketing, my colleagues and I have a fascinating vantage point over the relationships between Marketing and IT. In descending order of enterprise effectiveness, these are the situations we see: 1. Empowered Partners Among a... --- - Published: 2017-01-30 - Modified: 2022-09-14 - URL: https://authenticweb.com/brand-top-level-domains/infographic-brand-tld-2016-year-end-status/ - Categories: Brand Top-Level Domains - Formats: Image View the infographic to learn about the status of the Brand TLD market at the end of 2016. Click to Download PDF --- - Published: 2016-11-14 - Modified: 2022-09-15 - URL: https://authenticweb.com/brand-top-level-domains/customer-experience-who-wants-to-be-a-leader/ - Categories: Brand Top-Level Domains - Formats: Image As 2017 strategic plans are finalizing inside the enterprise, brand leaders have one priority in common; the Customer Experience. Nothing matters more than the customer. The strategy to improve affinity and motivate advocacy is Job #1. The ‘Shiny Ball’ syndrome of the new magic bullet digital marketing and engagement tools abound, so where to start? How about starting with your own house and what customers want from your brand? Digital leaders around the world are waking up to a new thing and they are puzzled. It is a paradigm shift in technology that offers new technical, messaging, branding and experience capabilities that will change how brands interact and serve their customers. It is the Brand Top-Level Domain (TLD) Internet. Secure, trusted, controlled, brand authentic and massively scalable as an innovation platform. Wait – aren’t domains so last decade? Not anymore. For the first time in the history of the internet, brands will own and control a proprietary slice of the internet that is an authentic and secure name space for customers to engage with brands in an entirely trusted environment. It is massively scalable and a platform for innovation. People forget that the Internet is very young. Expecting the use of rented spaces on . com or other domain extensions as the end state is myopic. Brands owning their own space, even without the benefit of hindsight, is an obvious evolution when you think through what it is and what it means. It may take some time but make no... --- - Published: 2016-11-03 - Modified: 2022-09-15 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/infographic-corporate-domain-management-journey/ - Categories: Domains, DNS, and TLS Certificates - Formats: Image Corporate domain management has evolved from a simple to a complex administration and technical challenge. Corporate domain management has evolved from a simple to a complex administration and technical challenge. Since the commercial internet's rise in the 1990's to today's hyper-digital world, digital transformation initiatives are what separate brand leaders from laggards. Equipping teams to manage your brand's digital identity with control, visibility, and automation is one of the most critical modern business functions. However, enterprises leaders remain in the dark. How many domains do we own? How many registrars do we use? How many domains are not resolving? How many Name Server services are in place? Who owns the myriad of zone files in our DNS accounts and who makes the decisions? We look at the corporate domain management journey in this infographic and identify both the compliance risks and the strategic opportunity drivers to separate your brand from the pack. Check it out. Download PDF --- - Published: 2016-10-17 - Modified: 2022-07-15 - URL: https://authenticweb.com/domains-dns-and-tls-certificates/what-is-the-corporate-domain-management-business-problem/ - Categories: Domains, DNS, and TLS Certificates Managing corporate domain portfolios is one of the most irritating, yet business critical functions for Digital, IP and IT Managers. Managing corporate domain portfolios is one of the most irritating, yet business critical functions for Digital, IP and IT Managers. For executives, it is an activity entrusted to managers with little visibility. Then, without warning, part of the business goes offline; and now the failure of executives to prioritize a domain management audit and implement operational best practices exposes the business for all to see. DISASTER. Domain related outages happen, often due to unknown actions executed by long-departed employees. The problem is exposed when a new action is taken on the interconnected DNS and web infrastructure. Over the years, corporate domain portfolios have undergone continuous change without change management controls and poor record keeping, resulting in a lack of institutional knowledge. The consequence is a compounding mess with multiple registrars and name servers, hundreds or likely thousands of subdomains, and various campaign micro-sites, splash pages, redirects, text, service, and mail settings that get set up and frankly forgotten. Exacerbating the situation are various registrar accounts that may not be readily accessible to make changes, particularly in times of emergency. Domain ownership is typically shared inside the business with several functional groups having an interest but no one group assuming total ownership and control. The resulting lack of accountability creates an untended digital footprint. IP cares about brand protection. Digital marketing cares about flagship websites and live campaign experiences. IT responds to business requests and business owners defer to digital and IT teams who manage the day-to-day setting changes, some of... --- - Published: 2016-10-11 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/infographic-4-brand-tld-use-cases/ - Categories: Brand Top-Level Domains - Formats: Image With 95% of Brand TLDs delegated to the Internet, it's safe to say this emerging digital identity evolution is here. The infographic below, depicting 4 Brand TLD use cases, is an effective education tool to share to keep your colleagues abreast of transformations in the domain name space. Download PDF --- - Published: 2016-07-29 - Modified: 2024-06-27 - URL: https://authenticweb.com/brand-top-level-domains/dot-web-acquired-for-135-million/ - Categories: Brand Top-Level Domains At $135 million, . WEB is the highest valued first round new Top Level Domain registry sold at auction. It sets a new high bar on the value of TLDs. Nu Dot Co and its investors, prevailed in an ICANN auction and are now the proud owners of the . WEB Registry. Industry tea leaves point to Verisign as the backer but that has yet to be confirmed. In the past two years, other TLD registries have sold for millions of dollars. Now that the big one (. WEB) is done, it is interesting to look at the relative value of these acquisitions and consider how these investments make sense for the buyers. The top 5 new TLD acquisition prices are listed below and a discussion follows. Source: https://gtldresult. icann. org/application-result/applicationstatus/auctionresults 1 Reported but unverified In March 2015, I wrote an article; Did Google Overpay for . APP? The conclusion was, “no they did not overpay". This was based on Google’s leading mobile app market position and . APP would allow them to own a new channel, introduce a new paradigm on app discoverability, and leverage Google’s Android market position in the application distribution market. Then there was . SHOP, purchased for $41. 5 million by GMO Registry. This one, I find to be a head scratcher in terms of the valuation. It is a good TLD, no question. It has clear meaning as an ecommerce destination but $41. 5 million for a niche or single purpose TLD seems rich... --- - Published: 2016-01-27 - Modified: 2024-06-27 - URL: https://authenticweb.com/brand-top-level-domains/3-reasons-why-brand-tlds-can-boost-your-seo-part-2/ - Categories: Brand Top-Level Domains Ok, let’s start by understanding Google’s current take on Brand TLDs. Google’s latest announcement on December 10, 2015, stated that the new TLDs (including the Brand TLDs) would be given no more or no less authority for search rankings. (See Google's new TLD blog post). We know that simply owning and using a Brand TLD isn’t going to wave some magic wand on your SEO efforts. But, there are things you can do right here and now, to leverage your Brand TLD, to improve your SEO performance and set your brand on a path to be an innovation leader. Innovate with your Brand TLD and make an impact on your SEO today Before you can begin to consider what activity will drive your SEO performance, it’s a good idea to consider the algorithm for search results. Now no one truly knows the formula Google uses but THREE factors are widely acknowledged by SEO experts, industry stakeholders and indicated by Google themselves to improve performance. Content is king Content marketing is not only the new kid on the block, it is now a principle component of marketing. Content needs to be relevant to the audience it is intended for. How can your Brand TLD allow you to do this? Once you have your segments, you can use your Brand TLD to serve up specific content on clear and concise brand labels for engagement. For example, let’s take ethical investments. As a Financial Services or as an investment advisory firm, you could... --- - Published: 2016-01-25 - Modified: 2024-06-27 - URL: https://authenticweb.com/brand-top-level-domains/seo-history-helps-to-understand-the-brand-tld-future/ - Categories: Brand Top-Level Domains Now first things first. No one can predict the future of SEO, however, we can make a good prediction at what it might look like by looking at the past and observing the evolution of search algorithms. SEO has gone through many transformations ... take a quick look at Google’s major algorithm changes. In 2011 we had Panda – This was all about onsite quality, penalising such things as low quality and duplicate content. In 2012 we had Penguin – This was used to address unnatural backlinks. In 2013 we had Hummingbird – Now this wasn’t just an algorithm change, it was a complete change to how the algorithm worked. Hummingbird was all about better understanding the user’s query and also started taking into consideration social voice and influence. In 2015 we had the Mobile-Friendly Update – This was designed to increase signal strength on the quality of mobile friendly sites. Ok, so enough of going through the changes. The point is, Google changes the algorithm frequently with major releases and who knows how many tweaks. We can safely say what works today will not necessarily work tomorrow. It evolves to allow Google to deliver its ultimate goal. ‘’Our goal is to get you to the answer that you're looking for faster, creating a nearly seamless connection between you and the knowledge that you seek’’ – Ben Gomes, Google Fellow Now let’s look ahead. The Brand Top Level Domain (TLD), such as . APPLE, . NIKE and . BMW, is... --- - Published: 2015-12-22 - Modified: 2024-06-27 - URL: https://authenticweb.com/brand-top-level-domains/is-google-changing-the-internet-with-the-new-tlds/ - Categories: Brand Top-Level Domains A wake-up call for brands in the new Top Level Domain (TLD) era. A wake-up call for brands in the new Top Level Domain (TLD) era. 101 New TLD Applications Those were the words of Google’s co-founder Larry Page when he became aware of the Internet Corporation for Assigned Names and Numbers’ (ICANN) plan to expand the Top Level Domain (TLD) space. Google originally planned to submit 4 TLD applications (. google etc. ) for its primary trademarks, but prompted by Page, Google submitted 101 TLD applications. Page believed the TLD expansion would have a significant impact on the Internet landscape, a market in which Google had to maintain its leadership. Google desired to operate their TLD assets as restricted spaces, where only Google entities could register domains. However, as ICANN policy ironed out, it was ruled that generic terms without trademarks, would have to be offered to the public. Upon this ruling, Google withdrew applications for the non-trademarked TLDs they were uninterested in offering publicly, but kept generic trademarked TLDs such as . drive (Google Drive) and . play (Google Play Store), and their brand TLDs such as . google, . youtube and . chrome. Here is a categorized list of Google’s TLDs: Open TLDs → 35 (Available to the public). ads, . app, . boo, . car, . corp (on-hold), . cpa (string contention), . dad, . day, . dev, . eat, . esq, . fly, . foo, . here, . home (on-hold), . how, . ing, . inc (in auction), . kid (string contention), . llc (in auction), . llp... --- - Published: 2015-12-04 - Modified: 2024-06-26 - URL: https://authenticweb.com/brand-top-level-domains/brand-registries-and-gartners-technology-priorities-for-cios-in-2016/ - Categories: Brand Top-Level Domains Brand Registries aka dotBrands are new Internet entities. Over 500 brands are beginning to rollout, with more brand use case evidence every month. Most C-Levels have yet to fully comprehend what they are, what the digital implications are and how the Brand Registry will add value to improve the P&L. To the C-Level bystander, Brand Registries appear to be simply a new set of domain names offering nice branding elements but the domain budget is already bloated with protection initiatives, so we do not need more domain names. Taken a step further they are a different way to create new naming conventions that may offer incremental benefits to website structures but we already have well established structures and it is difficult to change, so why bother? If you read this blog, you may agree that they are much, much more. Brand Registries will change brand digital identities and engagement forever. They offer new technical and branding capabilities as a platform for innovation, clear difference with security, authenticity and trust attributes. In the expanding name space, Brand Registries are unique. Last week I saw a slide from Gartner, “Technology Priorities for CIOs in 2016. ” It was striking how each priority has relevance to the new capabilities and opportunities of the Brand Registry, so I thought I would share. I highlight below how the Brand Registry can become the enterprise platform anchor for CIO offices to bind their technology priorities together over the long-run. Long-run is a rare attribute in technology.... --- - Published: 2015-11-02 - Modified: 2024-06-27 - URL: https://authenticweb.com/brand-top-level-domains/why-brand-registries-are-the-best-defense-9-reasons/ - Categories: Brand Top-Level Domains Brand Registries are the best defense to protect and grow brand identity in the name space. In 2012, ICANN announced the receipt of 1,930 applications for new Top Level Domains (TLDs). Having spent two decades in corporate digital environments, I immediately gasped. This is the worst nightmare for brand executives and their long suffering IP counsels battling it out with nefarious actors infringing on brand digital identities. Bad actors could now register any number of infringing domains across scores of new TLDs. A nightmare with two seemingly unresolvable problems; It would be cost prohibitive and ineffective to register defensive domains across all or even a subset of TLDs. It would be even more costly and consume more IP counsel time in a futile whack-a-mole effort to recover or have suspended brand infringing domains. What a nightmare! What to do? My next thoughts turned this scenario completely on its head and presents a simple, elegant, execution and cost sustainable solution. Brands could now own their proprietary piece of the internet with a BRAND REGISTRY. Action: Invest in an innovation mission on your brand registry ecosystem that is fully owned and controlled. Educate the market that your brand registry space is authentic, secure and trusted. Divest all but core defensive positions that contribute no innovation lever or business growth value. Quite simply, brand registries are the best defense to protect and grow brand identity in the name space. They are also a platform for brand innovation, but for now, consider the brand registry attributes for defense. ControlThe brand fully controls the registry. No one can register a domain... --- - Published: 2015-09-23 - Modified: 2024-05-07 - URL: https://authenticweb.com/brand-top-level-domains/new-brand-registries-leaders-and-followers/ - Categories: Brand Top-Level Domains As of September 2015, 517 brands have signed ICANN agreements to operate proprietary Brand Registries. That’s an increase of 180 signings compared to June, when 337 had signed their agreements. If you are a reader of this blog you will know that we are great proponents of the Brand Registry for both defensive and innovation potential. The Brand Registry is a digital platform that is authentic, secure and trusted with new capabilities. As the Internet continues its explosive growth of content, it is increasingly complex. Brand Registries are proprietary spaces that are new, better and different than anything that has existed before. They are a platform for brand innovation. Digital executives looking at Brand Registries may ask, “If the Brand Registry is such a great new platform, then why have organizations not deployed use cases and/or brand registry enabled services? ”Here are 8 reasons that tell the tale. Many digital executives tuned it out. It has been coming for years. Other quarterly priorities have ruled. Internal executives and teams lack an understanding of its disruptive potential. It is not possible to be an internal Champion of an initiative that is not understood. Rather than admit lack of knowledge, they and advisors dismiss. To date, legal has been in charge. Legal should not be expected to educate the C-Suite on digital innovation. Big organizations move slowly and by committee. Status quo is comfortable and easy. Change is hard. Change is risky. Change is feared. Domain sentiment in general is negative, since domains... --- - Published: 2015-03-05 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/did-google-overpay/ - Categories: Brand Top-Level Domains In 2014, we saw the first 500 of approximately 1,400 new Top Level Domains (TLDs) delegate and go live on the Internet. There are now over 4. 5 million domains registered in these new spaces and it is growing at a rate of 1 - 1. 5 million per quarter. This is before broad market awareness. Granted, there are some registries with giveaway strategies pumping the numbers, other names registered by speculators who see the value ahead of the masses but most by registrants who seek to launch new ventures or initiatives and are securing a memorable brand name that best represents their value proposition in their line of business. ie: coffee. club. Language matters and new TLDs offer fantastic, simple, memorable branding and service delivery opportunities. Google pays $25 million for the APP REGISTRY! On Feb 26, 2015, Google competed in an auction and outbid a dozen competitors for the right to run the APP REGISTRY. Google will now be able to sell, give away, innovate on and scale a new Internet platform entity called the APP REGISTRY. What is that? What will they do with it? The APP REGISTRY will be what Google makes of it. We will see. Consider a few possibilities. It will obviously be used as labels for APPs, as a starting point, but perhaps very high quality APPs, perhaps ONLY high quality and secure APPs, APPs of distinction, APPs of all kinds; categorized, discoverable, sharable for download and used in combination with other APPs... --- - Published: 2015-01-10 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/brand-registry-2015/ - Categories: Brand Top-Level Domains I enjoy all the end of year prediction articles. It is fun to think about what is likely in this hurly burly, anything can happen world we live in, so I thought I would put one out there to start the new year. "2014 is over and smart marketers know that they need to get ahead of the trends and anticipate relevant new products and services. If not, they will be devoured by their competitors. " Andreas von der Heydt, Head of Kindle Content at Amazon This is a great opening line to Andreas’ post on LinkedIn a couple weeks ago. Simple and True. YIKES! Next steps are not simple. Andreas goes on to describe many areas where the Best Brands will act. Brand marketers will identify and set actions to best achieve business goals for next quarter and next year. My favourite and maybe the most challenging is the first: “Brands must be the best in Focusing”. How is that possible in what is a digital kaleidoscope? When I speak with executive marketers at large brands, they are busy driving the plan with dozens of balls and risk mitigation actions underway. They find it hard to take time, properly consider the future and get focused. They, we all, struggle with the pace of digital marketing change. While change can be fun, there are so many options and trend lines to consider, interconnected parts and it is moving at digital innovation speed. Big brand digital leaders are in Catch 22.... --- - Published: 2014-02-04 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/game-on/ - Categories: Brand Top-Level Domains After several years of planning, policy making, strategy formation and more than a $1-billion invested (some suggest it’s more like $2-billion and growing), the mainstream media has started to shine the spotlight on the great domain name space expansion as the first TLDs begin to hit retail shelves. In simple terms, the Internet will see hundreds of new domain names that will change how brands approach their online marketing and selling activities. Rather than using . com, for example, a company such as Nike could establish a strong digital and brand presence by using . nike. Think of the possibilities for new ideas and innovation, as well as the opportunities to outflank competitors. Truth be told, the domain space often gets a sullied name as nefarious players take advantage of unsuspecting Internet users by duping them into thinking they are on trusted brand sites. In other cases, domain squatters grab expired in error names and then attempt to sell them back to original registrants for massive profits. It is too bad but such is the ‘World Wild Web. ’ Buyer beware. Consider how the name domain space expansion will alleviate some of these issues. First, due to the limited stock on popular extensions such as . com and . net, the supply and demand equation does not favour new or evolving businesses seeking short, memorable and relevant Internet addresses for their business initiatives. This scarcity creates imbalance and favours the savvy that can outmaneuver rivals and businesses. Let’s be clear,... --- - Published: 2013-12-24 - Modified: 2020-02-04 - URL: https://authenticweb.com/brand-top-level-domains/authentic-web-comments-on-spec-13/ - Categories: Brand Top-Level Domains December 24, 2013 Internet Corporation of Assigned Names and Numbers (ICANN) 12025 Waterfront Drive, Suite 300 Los Angeles, California 90094-2536 Dear ICANN, Please accept these comments from Authentic Web Inc. with respect to Specification 13 proposal, dated Dec 6th. whether it is appropriate to classify certain TLDs as “. Brand TLDs”; It is absolutely appropriate to have a specific classification of certain TLDs as . Brand TLDs. One of the greatest benefits of the name space expansion and the public interest is to allow major and aspiring brands the ability to own and innovate engagement on a proprietary TLD registry structure. Innovation in the name space expansion will be dependent upon . Brand TLDs. These entities have the marketing power, reach and the incentive to create experiences that are new, better and different, driven by their universal motivation to improve the value of the services they deliver to customers directly and through partners and channels. A . Brand TLD offers brands many new capabilities including; control, authenticity, security among others, many of which will relate to technologies yet to be invented, upon which brands will develop innovative use cases to support their business goals, if and only if they are provided a reasonable and predictable ICANN policy and operational framework. The emergence of closed . Brand registries will foster a period of technological advancement where entrepreneurs, service providers and brands themselves will conceive of and deploy advanced technologies building upon the unique attributes of a . Brand registry. The expansion... --- - Published: 2013-11-14 - Modified: 2022-09-14 - URL: https://authenticweb.com/brand-top-level-domains/first-tlds-go-live/ - Categories: Brand Top-Level Domains November 2013: Mark this month, the FIRST that saw new TLDs (top-level-domains) delegated to the Internet root. The FIRST of ±1,300 of the FIRST round. This month will forever be known as the month the taxonomy of the Internet changed. For participants who have worked in their corner of the expansion, it is a welcomed milestone. You can hear the collective sigh – IT’S HERE, FINALLY! From ICANN staff to TLD applicants, incumbent registries, registrars, policy specialists, technologists, lawyers, consultants, government representatives and entrepreneurs, all have over the past years measured the new gTLD program on milestones marked by ICANN meeting numbers and locations. Each meeting formed its own legacy of what it represented. Next week we head to Buenos Aires. I think I know its legacy. TLDs GO LIVE! It happened between Durban #47 and Buenos Aires #48. The online world changed. You cannot tell yet, but it did and some outside the space are starting to ask; “We’ve had name expansion before. Why is this so different? ” What is different is the SCALE OF THE EXPANSION. From 22 generics to over 700, plus 600+ brands and this is round one. It is the SCALE that flips the paradigm, creating opportunities to build new and innovate existing business models, content engagement, rethink distribution of content and services, develop new branding techniques on . ANYNAME. No one really knows how it will play out. My view is like broadband and mobile before, registries bring new capabilities and capabilities foster innovation.... --- - Published: 2013-09-23 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/did-hilton-make-a-big-mistake/ - Categories: Brand Top-Level Domains Last week, Hilton executives made the decision to withdraw their TLD application for . HILTON. Did they make a mistake? Are they losing an opportunity to differentiate? Yes and yes. Why and what impact is the decision likely to have as the . BRAND registry era begins? It's unclear but two competitors are happier this week. Hyatt and Marriott are moving forward, while other hotel brands will likely apply in Round 2. We must assume Hilton didn't see how the registry could improve the guest experiences at their 540 locations and drive advocacy into social. They just didn't see the innovation potential of the beachfront property with their brand's name on it. "FUNWEEKEND. HILTON" Not to be. Hyatt and Marriott are now alone. They have the opportunity to innovate and create differentiated service experiences based on an authentic, secure, controlled and effective . hyatt or . marriott registries. If you think about the business problems facing a large respected hotel brand, you can imagine how a registry can be applied to address and differentiate. Let's take simple but challenging guest acquisition performance. Think of a direct response campaign that drives traffic to website. "GUEST. HYATT" is more memorable than www. hyatt. com/guest. It's interesting and different too. If the response rate increases due to a memorable and curiously differentiated URL, would that justify the cost of a registry? You bet it would, and this is just the simple beginning. What's really interesting are the opportunities to enhance the stay experience... --- - Published: 2013-09-23 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/new-gtld-market-strategies/ - Categories: Brand Top-Level Domains The optimistic view and the one I choose is that new gTLDs will create innovations enabling Internet users to contribute, create and consume experiences in new ways. Valuable content and applications will migrate to the most relevant strings. Users and search engines will favour authoritative strings driving increasing efficacy in search, use and, as a result, the value the registry delivers a virtuous cycle of success. There are conditions for this to come true. Successful registries will at a minimum:Ensure integrity of their registrant baseSet conditions for services and experiences to flourish in string relevant uses and benefitsDeliver web services to drive domain string adoption and ongoing use, andExecute effectively and continually adjust as their market needs evolve. The registries that meet these conditions will exist 10 years from now. The remaining will be aggregated by the successful and either fall into decline or be reinvented under a new vision and strategy. This is all good; it is a time of change where the valuable and well operated will survive. It is an exciting time with untold opportunities to innovate, create value and accelerate the evolution of our interconnected online society. In brief; Brand strings will seek to enhance awareness, extend and educate their brand promise and provide new experiences to attract target customers and deliver more value in customer relationships. Geographic strings will create geocentric experiences to deliver user value centered on local communities, creating new opportunities for geocentric entities and interests to flourish. Niche strings will innovate to... --- - Published: 2013-09-23 - Modified: 2018-04-28 - URL: https://authenticweb.com/brand-top-level-domains/brand-registries-3-initiatives/ - Categories: Brand Top-Level Domains Opportunity Premise New TLDs offer brands the ability to innovate their online presence to build better relationships with current customers and attract new ones. Brands seek the following growth objectives. Acquire customers organically through effective marketing and sales channels Increase loyalty, retention and customer referrals Increase average order value Define brand identity and drive awareness Imperative for Action and Risk of Inaction Brands that effectively launch a closed registry will control their future web space. This is transformational stuff on how we will use and value web addresses and networks. Innovators will create online environments exclusive to their brand. They will capture a larger share of market in competitive search and reference. The fantastic news is that by owning the registry and nurturing a presence, brands will, over time, be largely released from the damaging menace of cyber squatters who divert market attention through bad faith practices. Innovative brands will seize the opportunity and make the registry addresses authoritative destinations and engines of growth. Brands who do not move, risk becoming less relevant as the approximate 1,200 new TLDs come to market. They risk losing competitive position and they will miss the opportunity to be a category leader. It is a whole new web space. Those who do not occupy and innovate will be left behind. "HELLO ... . BRANDS – DO YOU SEE IT? " If not, you are in trouble. Developing and Executing a Plan How do you bring a TLD registry to market? The process is simple... --- - Published: 2013-09-23 - Modified: 2022-09-13 - URL: https://authenticweb.com/brand-top-level-domains/the-brand-registry-a-ceos-vantage/ - Categories: Brand Top-Level Domains . BRAND registries prepare to innovate their online presence. How it really happens. Q1: 2011: I am Bob, Brand CEO. Today, our senior council advised us to secure our . brand in ICANN’s gTLD program. “Why? ”, I asked. He explained it like this: Defensive – Trademark Uncertainty – High Impact Risks – Innovation Potential. “I get it – approved! ” Next agenda item... Q4 2012: “There is a $500,000 line item in G&A expense for year end 2012 related to . brand. Why was it not allocated to marketing, brand, IT or public relations? Should it be? Who owns it? Who has a plan? How do we use it to innovate, define and drive brand awareness, connect with our customers, channels and partners? How will we use this thing to bring life to our brand and gain market share? ” Silence... everyone looks at Joyce, our CMO. I comment further; “Come on guys – it cannot just be a cost. Council advises we will have it mid-2013 and could launch programs as early as late 2013. Joyce, give me something, what are you thinking? What’s going on out there? What’s the plan? ” I can tell she foresaw the question, she hands me a diagram and is preparing to respond. She is a clear thinker, this will be good and her creative energy is on full throttle. (I love it) “Bob, we are at the starting line in a race without a clear route, nor a known finish line.... --- --- ## Whitepapers - Published: 2024-12-03 - Modified: 2025-05-09 - URL: https://authenticweb.com/whitepapers/dns-security-and-compliance-in-the-retail-sector/ Retail consistently ranks among the top five most cyber-attacked industries. This paper uncovers external DNS management as a critical vulnerability, highlights retailers’ gaps in adherence to IT security frameworks, and shares best practices for mitigation. It also introduces our first-ever 2024 Retail DNS Security Benchmark Report. Purpose of this paper We examine external DNS management as a known, and under-addressed vulnerability among retail enterprises. Our observations are: The DNS is a principal threat vector, enabling cyber-attackers. Compliance standards for external DNS management are inconsistently followed. DNS management best practices can mitigate retail sector cyber-risk. The State of Threats and Compliance in Retail Few sectors are as focused on IT security compliance as retail. It’s a virtual goldmine of sensitive consumer data intersecting with payment authorities, supply chain partners, and other stakeholders. Retail ranks among the 5
most cyber-attacked sectors Retail consistently ranks among the top five “most cyber-attacked” sectors with one ranking it the most cyber-attacked sector in 2019. According to Fortinet, 24% of cyberattacks target retailers. “Given the wealth of payment information retailers have access to, it is no surprise that nearly a quarter, 24%, of all cyberattacks (target) retailers. Retailers often have varying levels of security, leaving them exposed to cyber criminals. ” IT security compliance standards in retail Despite the many security framework standards followed by retail organizations, they remain a perennial target to cybercriminals, who are regularly succeeding in ransomware scams, data exfiltration, phishing exploits, and more. We observe two reasons for this: --- - Published: 2024-05-08 - Modified: 2025-02-14 - URL: https://authenticweb.com/whitepapers/dns-security-in-the-healthcare-sector/ Healthcare became the most cyber-attacked industry in 2023, overtaking banking. This paper highlights external DNS management as a critical yet overlooked vulnerability, explores gaps in adherence to IT security frameworks, and offers actionable best practices. It also features our first-ever 2024 Healthcare DNS Security Benchmark Report. Purpose of this paper We examine external DNS management as a known, and under-addressed vulnerability among healthcare providers. Our observations are: The DNS is a principal threat vector, enabling cyber-attackers in healthcare. Compliance standards for external DNS management are inconsistently followed by healthcare providers. DNS management best practices can mitigate healthcare cyber-risk. The analysis follows four discussion areas and related DNS best practices. The Current State of IT Security Threats and Compliance in Healthcare Few sectors are as focused on IT security compliance as healthcare. It’s a nexus of sensitive patient data intersecting with payment authorities, insurance companies and other stakeholders. Healthcare is the most attacked sector Healthcare providers are collectively the most cyber-attacked sector in North America, recently surpassing Banking & Finance. “... 34. 9% of cyberattacks occurred in health care, ... , making it the most attacked sector for the second year in a row—most likely due to the heavy regulations surrounding Personal Health Information (PHI) that have only attracted more attention from hackers. The report also highlighted a lack of budget, outdated software, and the ability to remotely share personal data between patients and hospital systems as avenues for hackers to gain access to sensitive data. ” Dozens of other public reports corroborate the state of cyber compromises faced by the healthcare sector.   --- - Published: 2023-05-11 - Modified: 2024-04-29 - URL: https://authenticweb.com/whitepapers/ma-guide-to-assess-and-consolidate-domain-assets-and-dns-networks/ Assessing and consolidating domains and DNS providers are crucial “pre” and “post” M&A deal priorities. In corporate acquisitions, you’re not only buying a company’s assets – you’re also buying their cyber security risk. In this paper we discuss how due diligence teams can maximize deal value and mitigate post-close risk and cost. Assessing and consolidating domains and DNS providers are crucial “pre” and “post” M&A deal priorities. You are not only buying the valuable assets, you are also buying the cyber security risk. In this paper we discuss:  How to maximize deal value and mitigate post-close risks and costs The background problems: Hidden risks and network complexity Pre-deal due diligence assessment and planning Post-deal consolidation and integration execution M&A Best Practices: A Modern Approach to Empower Teams Introduction How due diligence teams can maximize deal value and mitigate post-close risk and cost. There are many blogs, webinars, and how-to guides about acquiring domain assets – mostly centered on ownership rights, title, and brand protection during the M&A process. They are mainly useful to legal counsel, finance, and marketing but overlook a gaping area of risk and cost containment. We’re talking about enterprise security and the network operations functions tasked with managing the DNS networks, mitigating risk, and managing integration costs after the deal closes. In this paper, we’ll discuss the known security and operations problems in acquiring domain and DNS assets, and effective ways to solve them. We’ll present a modern, best practices approach for companies active in M&A from pre-deal audit and assessment to post-deal consolidation. Executive Summary You are not just buying the assets - you are acquiring cyber security risk. M&A teams face operational and IT risk when acquiring domain assets and the related DNS networks. The acquirer has a limited time frame to assume ownership of the domains... --- - Published: 2022-01-04 - Modified: 2024-04-29 - URL: https://authenticweb.com/whitepapers/a-ciso-brief-why-your-enterprise-is-exposed-on-the-dns/ Lack of functional ownership over domain and external DNS security, combined with a lack of unified control systems to enforce DNS security policies are the top factors that expose your company and customers to external DNS vulnerabilities. Lack of functional ownership over domain and external DNS security, combined with a lack of unified control systems to enforce DNS security policies are the top factors that expose your company and customers to external DNS vulnerabilities. In this paper we discuss:  Introduction: DNS Threat Vectors  Domain & External DNS Network Management Risk  Why Your Enterprise is Exposed | What will Happen  Business and Customer Impacts and Costs  DNS Research: Frequency & Business Impacts  CONCLUSION | THE CISO DIRECTIVE Introduction: DNS Threat Vectors First let’s clarify the focus of this brief. DNS threat vectors exist in two primary buckets. Inbound DNS Threats to Internal Networks Threats related to inbound DNS traffic are designed to attack the business through data exfiltration, establish command and control, compromise systems or make DNS inoperable. These threats can be addressed by various types of blocking and traffic analysis services to identify abnormal traffic patterns in the DNS and then prevent traffic from penetrating andcompromising internal systems. External DNS Network Threats and Causes Threats related to an organization’s external DNS network can include DNS hijacking, social engineering, or phishing as first strike vectors to execute any sequence of subsequent cybercrimes. These threats exist due to management gaps in DNS system change controls and security policy enforcement. It persists due to a lack of visibility, controls, and automation to ensureDNS hygiene. These threats can be mitigated by service providers who provide control systems to empower IT to Get and Keep control In this brief, we discuss the... --- - Published: 2021-04-01 - Modified: 2024-04-29 - URL: https://authenticweb.com/whitepapers/how-to-implement-and-manage-dnssec/ DNSSEC was the DNS industry’s response to solve an inherent vulnerability in the DNS query/answer integrity gap. Learn how to protect your brand and keep your customers and audiences safe. DNSSEC was the DNS industry’s response to solve an inherent vulnerability in the DNS query/answer integrity gap. In this paper, we discuss: What is DNSSEC How it DNSSEC works What can happen without DNSSEC How to know if DNSSEC is working How to implement and manage in four steps Why systems automation is the only practical approach. Learn how to protect your brand, keep your customers and audiences safe. The Need for Comprehensive DNS Security In a digital world, organizations and individuals rely on the internet daily for a limitless number of essential tasks. Internet users count on organizations to maintain online service availability and to protect their data privacy. Users need to be able to trust that digital brands are authentic i. e. , that a brand web presence is who they say they are. Unfortunately, digital brand trust is increasingly threatened by vulnerabilities in the internet’s very foundation: The Domain Name System, or DNS. Every single online action starts with the DNS. Whether for shopping, banking, paying a tax bill, or connecting with an enterprise service delivery system — any browsing purpose at all — the DNS directs requests to the online destinations, content and applications sought by users. The DNS is central to the internet and how it operates. It is this very criticality that has made the DNS vulnerable to abuse. Hijacking, spoofing, man-in-the middle attacks, and other threats that can disrupt an organization’s online operations with disastrous consequences for brand reputations and user security. There... --- - Published: 2019-11-04 - Modified: 2024-06-27 - URL: https://authenticweb.com/whitepapers/9-tls-and-dns-risks-to-enterprise-security-and-compliance/ Eliminate known DNS and TLS problems that put your security and compliance at risk. Multiple, known weaknesses in the internet chain of trust put enterprise data security at risk. This white paper identifies nine issues with DNS and TLS that organizations must understand and address to ensure data is secure and customers are protected. Eliminate known DNS and TLS problems that put your security and compliance at risk. Multiple, known weaknesses in the internet chain of trust put enterprise data security at risk. This white paper identifies 9 issues with DNS and TLS that organizations need to understand and address to ensure data is secure and customers are protected. The Digital Chain of Trust is Broken Digital transformation is driving unprecedented expansion of the enterprise digital attack surface. The number of network endpoints is growing exponentially. Deloitte cites the World Economic Forum Global Risks Report, 2017, saying: Digital technologies and innovation are growing exponentially, accelerating cyber risks, new attack vectors, and greatly expanding the attack surface that organizations must patrol and defend. Deloitte, Take the lead on cyber risk. 2017 → The explosion of data volume and endpoints is creating significant challenges for enterprise network IT teams. Enterprise reliance on DNS and TLS integrity is critical as attack vectors proliferate. Security experts agree: “BGP and DNS are the soft underbelly of the web,” says Alan Woodward, Professor of computer science, University of Surrey. Network endpoints are where proprietary enterprise and customer datais captured, processed and set in motion. For enterprise, data-in-motion security relies on flawless implementation and monitoring of DNS and TLS protocols to ensure the Chain of Trust is maintained. Digital business services run on the Domain Name System (DNS), which is the network foundation for all digital communications, customer engagement and digital service delivery. Enterprises must secure it, or they will be... --- - Published: 2019-09-04 - Modified: 2024-04-29 - URL: https://authenticweb.com/whitepapers/the-ssl-certificate-imperative/ We take website encryption for granted as seen by the “little green padlock icon” on company homepages. The problem is, organizations have vast amounts of content that is not HTTPS encrypted, despite appearing to be. This white paper tells you how to address and remediate this common security risk. We take website encryption for granted because most organizations have adopted it as seen by the “little green padlock icon” on company homepages. The problem is, organizations have vast amounts of content that is not HTTPS encrypted, despite appearing to be. Our white paper, THE SSL CERTIFICATE IMPERATIVE tells you everything you need to know to fully protect your online customers and brand. --- - Published: 2018-11-08 - Modified: 2024-04-29 - URL: https://authenticweb.com/whitepapers/6-domain-name-system-problems/ Recent audits of dozens of companies’ domain/DNS systems spanning over 40,000 domains reveal common security and compliance problems. Learn what the top six issues are and how to correct them in your organization. The Domain Name System (DNS) underpins every enterprise digital service. Yet, domain and DNS audits reveal compliance gaps in security policy enforcement. Manual change management processes will not work in the digitally transformed enterprise. Recent audits of dozens of companies' domain/DNS systems spanning over 20,000 domains reveal common security and compliance problems. --- - Published: 2018-01-10 - Modified: 2022-09-13 - URL: https://authenticweb.com/whitepapers/your-domains-and-dns-are-exposed-to-risks/ Domain and DNS risks are real. Large enterprises are dependent on their mission-critical digital footprint and increasingly vulnerable to breaches, errors and omissions. Discover the operational errors that cost IBM, Microsoft and Dell millions in avoidable downtime. --- - Published: 2017-09-07 - Modified: 2022-09-13 - URL: https://authenticweb.com/whitepapers/your-corporate-domain-portfolio-seven-best-practices-for-success/ Fact Over 75% of all IT directors surveyed say that managing domains is “a total pain. ” Other corporate stakeholders like marketing, brand management and domain admins aren’t much happier. This paper offers seven implementable best practices to set you and your domain portfolio on a happier course. --- --- ## Webinars - Published: 2025-02-10 - Modified: 2025-05-09 - URL: https://authenticweb.com/webinars/how-to-mature-from-a-reactive-to-proactive-dns-and-email-security-posture/ - Webinar Topic: Domains, DNS, and TLS Certificates What is the webinar about? Cybersecurity shouldn’t be a response to incidents – it should be a proactive strategy. Yet, many organizations only prioritize security after facing financial loss, data breaches, or brand impersonation. But how can businesses stay ahead of threats instead of reacting to them? In this webinar, we will explore how to shift from a reactive approach to a proactive email security posture, ensuring your domain, brand, and recipients are protected before an attack occurs. Join EasyDMARC and Authentic Web experts to learn more about the hidden risks that leave organizations vulnerable when left undetected and unmanaged. Get practical tips on where to start, what to look for, and how to build a proactive security strategy. What we’ll talk about Proactive vs. Reactive Cybersecurity DNS Hijacking: Insights, Vulnerabilities & Hidden Risks How to Discover and Solve The Hidden Risks Through DNS Audit? Email Security Vulnerabilities and The Role of DMARC --- - Published: 2024-09-05 - Modified: 2024-09-19 - URL: https://authenticweb.com/webinars/healthcare-dns-security-vulnerabilities-discovered-and-solved/ The high value of healthcare data, combined with legacy systems and siloed operations, makes managing infrastructure a formidable challenge. Ensuring compliance with various security frameworks over critical IT infrastructure, including external DNS, is essential. The external DNS underpins all digital operations. In 2023, healthcare was the most targeted sector for cyberattacks. The high value of healthcare data, combined with legacy systems and siloed operations, makes managing infrastructure a formidable challenge. Ensuring compliance with various security frameworks over critical IT infrastructure, including external DNS, is essential. The external DNS underpins all digital operations. Unmanaged DNS changes and a history of legacy providers make achieving security and compliance a daunting task. At Authentic Web, we've conducted an industry-wide DNS security audit and prepared a comprehensive report to help healthcare operators understand the risks and impacts. View Our Webinar to Learn: How the DNS is exploited in nearly all cyber compromises. The top DNS vulnerabilities you need to know. Key insights from the 2024 DNS Security Benchmark Report and their significance. Practical steps your healthcare organization can take in 2025 to mitigate DNS risks. --- - Published: 2023-01-17 - Modified: 2024-04-19 - URL: https://authenticweb.com/webinars/it-director-pain-compliance-risk/ - Webinar Topic: Domains, DNS, and TLS Certificates Join us to learn how your IT Director peers view and solve these problems. In this webinar, Authentic Web CEO Peter LaMantia will share what he's learned from enterprise IT Directors and their teams. Managing domains, DNS, and certificates in a large company is painful and irritating. Getting it right and identifying change management compliance gaps that expose a business to hidden vulnerabilities is important. There is always that uncertainty if a key domain needed to run a critical system or if a certificate are about to expire. But no one knows until the fire drill begins. Sound familiar? Join us to learn how your IT Director peers view and solve these problems. Agenda In this webinar, Authentic Web CEO Peter LaMantia will share what he's learned from enterprise IT Directors and their teams. What’s happening inside the enterprise Domain, DNS, and certificate change management compliance gaps Domain and DNS security vulnerability risks Enterprise DNS audit results evidence A two-step process for discovering DNS security vulnerabilities, complying with DNS change control and reducing work effort. --- - Published: 2022-11-01 - Modified: 2023-03-15 - URL: https://authenticweb.com/webinars/external-dns-vulnerabilities-risk-and-mitigation/ Peter will discuss the common problems that enterprise IT and InfoSec teams face to manage, secure, and ensure that change management compliance controls are in place over domains, DNS, and certificates. Join Peter LaMantia, CEO of Authentic Web for a webinar on External DNS Vulnerabilities Risk and Mitigation. Peter will discuss the common problems that enterprise IT and InfoSec teams face to manage, secure, and ensure that change management compliance controls are in place over domains, DNS, and certificates. This problem is so challenging to solve systemically, it simply persists. Webinar Agenda The problem blocking enterprise IT from addressing external DNS hygiene What’s happening inside the enterprise What are the specific domain and DNS hygiene risks What will happen and what are the business impacts if not addressed How other enterprises have acted to put systems in place to Get and Keep control Who Should Attend Enterprise leaders responsible for Brand, IT, Infrastructure, InfoSec, and DevOps. Enterprises leaders active in M&A who need to get control and visibility systems in place. --- - Published: 2022-03-30 - Modified: 2023-03-15 - URL: https://authenticweb.com/webinars/dns-security-exposures-visibility/ - Webinar Topic: Domains, DNS, and TLS Certificates Join us to learn about common DNS security exposures. Learn what will happen if these exposures are not addressed, what a DNS pen test looks like to bring visibility to these security gaps, how they can be addressed and then verified. What are they? What will happen if not addressed? How to see and solve the problem? Join us to learn about common DNS security exposures. Learn what will happen if these exposures are not addressed, what a DNS pen test looks like to bring visibility to these security gaps, how they can be addressed and then verified. Peter LaMantia, CEO of Authentic Web will walk through observed DNS security gaps that malicious actors actively target. Peter will then share how DNS Inspector™ automates DNS inspections to bring visibility to empower your team. The DNS underpins every digital interaction made by your customers, audiences, partners and is the publicly available network technology that every digital business relies upon. Yet, the DNS is insecure by design. Keeping your customers and enterprise safe necessitates first, the definition of DNS security policies and then systems to empower teams to enforce those policies.   Discovering DNS security gaps is complicated, laborious, and time-consuming work requiring highly technical, specialized DNS expertise to fully enumerate DNS security gaps. As such, it is not done very often, fully or if at all. DNS security gaps are not that difficult to resolve once you know where to look but it you cannot even see the open kitchen door, anyone who targets your enterprise can just walk right in, take, or compromise your cookies.   Agenda DNS security gaps explained Why these gaps are difficult to discover, resolve and keep under control  What will happen if they are not addressed... --- - Published: 2021-12-13 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/a-cisos-briefing/ - Webinar Topic: Domains, DNS, and TLS Certificates As a CISO SVP, or VP responsible for the overall security posture of your enterprise, this webinar is for you. Join us to learn how essentially all large organizations are exposed on the external DNS. The CISO Directive As a CISO SVP, or VP responsible for the overall security posture of your enterprise, this webinar is for you. Join us to learn how essentially all large organizations are exposed on the external DNS. Peter LaMantia, CEO of Authentic Web Inc. will discuss the problem drivers centered on lack of internal ownership combined with legacy and siloed systems that make it impossible for your teams to ensure compliance with security policies. Peter will share compromise types, what will happen if not addressed, what will be the business customer impacts and provide a view on what to prioritize and action as THE CISO DIRECTIVE to avoid these impacts. SUMMARY AGENDA Introduction: DNS Threat Vectors The ownership and system silo problem Why you are exposed What will happen if not addressed Business Impacts and Costs THE CISO DIRECTIVE --- - Published: 2021-10-08 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/dns-security-the-zone-mess/ - Webinar Topic: Domains, DNS, and TLS Certificates Are you an IT, Network Manager or Director struggling to get a handle on domains, DNS, and certificates? You are not alone. About this talk Are you an IT Manager or Director struggling to get a handle on domains and DNS zone files? You are not alone. In this webinar, we will share how your IT peers struggle with domains, DNS, and certificate management, and what forward thinking IT leaders are doing to solve the problem. Peter LaMantia, CEO of Authentic Web will discuss the state of the DNS zone file mess, why DNS hygiene matters, how legacy management practices and siloed systems make getting and keeping control a tough and painful task.   The implications of poor domain and DNS hygiene exposes the business to increasing cyber risk, compliance control gaps and poor digital performance. Internally, it is a productivity killer. That’s the problem. There is a modern way to gain visibility, control, and make it easy for teams. Join us to learn what your peers are doing, why it matters, and discover a systems-based solution to make it EASY for IT teams to Get and Keep control. Agenda DNS Zones are a Mess Why DNS Hygiene Matters? Implications of Poor DNS Hygiene How it Got this Way How to Make it Easy for IT: Control | Visibility | Automation --- - Published: 2021-09-20 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/enterprise-dns-audit-results-revealed-the-state-of-dns-security-and-compliance/ - Webinar Topic: Domains, DNS, and TLS Certificates Peter LaMantia, CEO of Authentic Web Inc. will share results from enterprise DNS network audits that expose the business and its customers to cyber risk. The State of DNS Security and Compliance About this talk Join us for a live webinar to learn what DNS security audits and incidents reveal about the state enterprise DNS network security. Peter LaMantia, CEO of Authentic Web Inc. shares results from enterprise DNS audits that expose the business and its customers to cyber risk. Over the last few years enterprises are increasingly prioritizing DNS security programs. This shift is being driven by the increasing frequency and the rising business impacts and costs related to these incidents. Enterprise network and security teams are learning the hard way that DNS hygiene matters. Failure to address it is one of the leading causes of DNS related cyber-attack incidents. In this webinar, Peter will share the data revealed from enterprise DNS audits, learnings from third party research on DNS security incidents, why it is so difficult for IT to get and keep control and how prioritizing this activity with a proactive program will mitigate the risk from DNS cyber incidents. Summary Agenda DNS Security Research: Incident and Costs Increasing Enterprise DNS Audit Results Revealed | What They Mean Best Practices with: SPF | DMARC | DNSSEC | SECONDARY DNS | SECURE REDIRECTS Why it is so difficult to Get and Keep Control How to Solve: Control | Visibility | Automation --- - Published: 2020-09-25 - Modified: 2024-04-11 - URL: https://authenticweb.com/webinars/do-we-understand-the-risks-on-the-dns-interview/ - Webinar Topic: Domains, DNS, and TLS Certificates Peter and Bashir discuss the challenges for enterprise IT and leadership to understand the security exposures and compliance gaps in how enterprise manage their DNS infrastructure. Our CEO Peter LaMantia sat down with Bashir Fancy, President and Founder of BizTek. org in a question and answer interview. They discuss the challenges for enterprise IT and leadership to understand the security exposures and compliance gaps in how enterprise manage their DNS infrastructure. Learn about the exposures, why the problem persists, what to do about it and an introduction to the future state where brands will own and operate in SECURE, TRUSTED AND AUTHENTIC Brand Top Level Domain. --- - Published: 2020-07-23 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/jump-the-curve-part-1-a-brand-tld-business-case/ - Webinar Topic: Brand Top-Level Domains Brand Top-Level Domain innovation is an opportunity to JUMP THE CURVE. You can build a better, more efficient, and brand trusted digital ecosystem that is owned, scalable, secure and trusted. Building a Brand Top-Level Domain Business Case Our CEO Peter LaMantia in collaboration with the Brand Registry Group delivered an educational webinar for business, digital and IT leaders. In this webinar Peter ran through a methodology to create a Business Case to support investment decisions to JUMP THE CURVE to an authentic, secure, controlled and TRUSTED Brand Top-Level domain space. BRIEF Brand Top-Level Domain innovation is an opportunity to JUMP THE CURVE. You can build a better, more efficient, and brand trusted digital ecosystem that is owned, scalable, secure and trusted. Brand Top-Level Domain business case costs and benefits can be difficult to understand and quantify for leaders contemplating the value of applying, owning and deploying a Brand Top-Level Domain strategy. Peter solves the complexity for you with a model to quantify the current and increasing Total Cost of Ownership (TCO) of managing domains, DNS, Transport Layer Security (TLS) certificates and Brand Protection cost centres. He will then share how these status quo operating costs can be significantly reduced over 5 and 10-year timelines. The model also shows how innovation opportunities can be quantified to generate top line growth and contribution margin improvements. welcome to uh our second webinar of the 2020 dot brand vision series this is brought to you by the brand registry group or brg for short my name is martin sutton the executive director of the brg which is a trade association for brands that operate their own top level domain or intend to apply at... --- - Published: 2020-07-22 - Modified: 2024-06-27 - URL: https://authenticweb.com/webinars/building-and-executing-a-brand-top-level-domain-strategy/ - Webinar Topic: Brand Top-Level Domains Peter followed up from the first webinar, JUMP THE CURVE PART 1: Building a Brand TLD Business Case, walking attendees through a practical methodology to build and execute a Brand TLD Strategy. JUMP THE CURVE: Part 2: Our CEO Peter LaMantia in collaboration with the Brand Registry Group delivered two educational webinars for business, digital and IT leaders. In this latest webinar, Peter followed up from the first webinar, JUMP THE CURVE PART 1: Building a Brand TLD Business Case, walking attendees through a practical methodology to build and execute a Brand TLD Strategy. We hope you will find it valuable to help empower your organization JUMP THE CURVE to an authentic, secure, controlled, and TRUSTED Brand Top-Level domain space. BRIEF The status quo is a stubborn thing. Yet, challenging it with new ways of thinking is the only way companies can innovate and remain relevant over the medium and long term. Challenging it requires courage, persistence and unwavering conviction to inquiry and learning. We are reminded by thinkers and business leaders why challenging the status quo is both difficult and essential. First, you need a vision and sponsorship permission to innovate from leadership. That can be achieved by the Business Case and a peer aligned vision statement. Once you have the ‘permission to innovate’, you need a proven Product Introduction Process to align stakeholders to advance teams through; Ideation, Strategy, Planning and Go-To-Market while addressing and mitigating risks. In this webinar, we share a facilitation methodology you can use to guide your organization to align on vision, build your strategy and execution plan that will create a competitive differentiator, as your company, “Jumps The Curve” to a TRUSTED and SECURE Brand... --- - Published: 2019-07-15 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/domain-and-dns-risk-modernization/ - Webinar Topic: Domains, DNS, and TLS Certificates Peter LaMantia, CEO of Authentic Web explains why enterprise Domain and DNS security issues persist in creating risks for organizations. Get a step-by-step analysis of common DNS vulnerabilities with recommended solutions in this short video. Peter LaMantia explains in this short video why enterprise Domain and DNS security issues persist and what to do about it. The punch line is simple. Organizations manage domains and DNS manually with siloed disconnected systems first implemented 20 years ago. The lack of modern digital control systems to manage change with control, visibiilty and automation leaves you and your customers exposed. --- - Published: 2016-12-06 - Modified: 2023-02-03 - URL: https://authenticweb.com/webinars/brand-top-level-domains-why-what-how/ - Webinar Topic: Brand Top-Level Domains We're biased, but perhaps the best concise video overview of the new dot Brand Top-Level Domains (Brand TLDs). We're biased, but perhaps the best concise video overview of the new dot Brand Top-Level Domains (Brand TLDs). Peter LaMantia, our CEO explains why brands applied to get a brand TLD, what they can do with it, and how to go about executing a best practice strategy for launch. --- --- ## Case Studies - Published: 2017-06-22 - Modified: 2021-05-27 - URL: https://authenticweb.com/case-studies/major-global-bank-confidential/ - Study Type: Domain/Brand TLD Strategy The Bank did not apply for their Brand TLD in ICANN’s 1st round. They lacked insights into strategies and business applications for a Brand TLD extension. They sought strategic guidance from subject matter experts and competitive intelligence related to use of domains. They also sought to establish best practices for domain policies & procedures. The Bank's senior digital marketing executives wanted to benchmark their digital strategy for domain names vis-a-vis their competitors and have a clear idea of business application use cases for the new Brand TLDs. With this exercise they also wanted to establish internal best practices for their current domain usage policies and procedures. BUSINESS CHALLENGES Following an initial internal self-assessment, the Bank’s Digital Brand team recognized their lack of strategy in considering acquiring their own Brand TLD. Speciically, they felt they lacked: An appreciation of their competitor(s) positioning with respect to use of domains; Awareness and understanding of use cases in the financial sector; Understanding of Line of Business stakeholders’ contribution to a domain strategy; Unclear and out-dated policies and procedures governing domain usage SOLUTION AND OUTCOMES The Bank engaged Authentic Web to guide stakeholders to an improved state of strategic readiness. The process kicked off with a stakeholder discovery and diagnosis session. Authentic Web advisors gathered current process information, stakeholder views and sentiments regarding the new TLD(s). From these inputs, the following Professional Services deliverables were: First To define new Policies and Procedures governing the Bank’s end-to-end information flows to support domain registrations, edits, renewals and expiries. Also included were: Process workflows Information requirements Owners, roles and actions Approval decision points Provisioning notifications (and other details) The resulting documented policies included a domain nomenclature frame of reference and defined terms for recommended URL types that mapped to digital use cases to ensure logical consistency for various domain types and uses.... --- - Published: 2017-06-09 - Modified: 2020-09-29 - URL: https://authenticweb.com/case-studies/global-business-services-company-confidential/ - Study Type: Domain or DNS Migration Managing hundreds of domains using a large, incumbent corporate registrar, The Company felt they lacked management control over this important digital asset – and costs were high. Stakeholders in Marketing and IT had overlapping but different needs and preferred to manage domains themselves, assuming they could find the right system. Company owns a corporate domain portfolio of several hundred domains. A large, incumbent corporate registrar provided their domain management and registry services. Company also used several retail registrars from legacy relationships acquired over the years by IT, digital marketing and as a result of M&A activity. Business Challenges In 2016, Company domain management stakeholders in IT and marketing experienced a number of challenges managing their domain assets. With multiple service vendors, their domain management costs were excessive and several vendors presented control and management problems. Internal processes for ordering, managing and tracking domains were inefficient, requiring manual steps and administrative workarounds. Domain asset management and support was dependent upon time-consuming staff processes combined with external professional services. The rapid expansion of generic top-level domains (gTLDs) made it apparent to Company leadership that domain management was becoming more complex and total cost of ownership was increasing, in part due to having multiple vendors. Company also recognized that slow, manual and non-integrated domain management processes were impeding business objectives such as brand innovation and customer digital experience. They determined to find a solution that would offer: Vendor consolidation for greater operational efficiency; Cost reduction (internal and vendor cost); Enhanced business intelligence (to gain competitive advantage in the market. ) Solution and Outcomes Company’s brand and IT management decided to consolidate their domain portfolio on a single, integrated digital asset management platform that would meet the needs of internal stakeholders: digital marketing, brand management, IT, finance, and IP legal (intellectual property) teams. Company... --- - Published: 2017-06-09 - Modified: 2020-06-30 - URL: https://authenticweb.com/case-studies/g-adventures-inc/ - Study Type: Domain or DNS Migration, Registrar Consolidation G Adventures owns a corporate portfolio of several hundred domain names, growing via acquisition. They’ve accumulated domains over the years. IT, digital marketing and business leadership registered domains without processes or systems. This led to a fragmented, hard-to-manage list of domains spread over numerous registrar vendors. It was time to clean up the mess. G Adventures owns a corporate domain portfolio of several hundred domain names with expectations to increase the portfolio over time. G Adventures like many growing enterprises accumulated domains using retail registrars acquired over the years by IT, digital marketing, business leadership who registered without defined enterprise policies and procedures and as a result of M&A activity. Business Challenges In 2016, as a large and growing organization, the IT team struggled to get control over their domain and DNS infrastructure. While retail registrars were a good fit in the early years as a low cost vehicle to accumulate domain names, managing an accumulated portfolio of business critical digital assets at over ten retail registrars created control, visibility, management efficiency and cost problems. In addition, the company utilized many Managed DNS services mostly due to defaults at retail registrars. The company had already selected an enterprise level Managed DNS provider for flagship properties but it had not yet transitioned over 90% of the domain portfolio, due to IT human resource priorities and related time constraints. With multiple domain registrars and DNS providers, IT cycles were increasingly being spent managing multiple systems. Retail registrar email noise, irrelevant for enterprise needs created efficiency issues as each email needed review to ensure no domains were lost. All of this was not only an IT headache but an inefficient use of expensive IT human resource time as well as a security and change management blind spot that needed to be addressed. Lastly, the company had no... --- - Published: 2017-06-09 - Modified: 2020-06-30 - URL: https://authenticweb.com/case-studies/the-canadian-broadcasting-corporation/ - Study Type: Cost Reduction, Domain or DNS Migration The CBC owns a corporate portfolio of several hundred domain names. They held their domains with a large corporate registrar and were looking for increased domain management capabilities, features and value. They also wanted to consolidate several DNS services both on legacy internal DNS systems and third party Managed DNS services. The CBC owns a corporate domain portfolio of several hundred domain names. The CBC held their domains with a large corporate registrar and was not satisfied with the service and value they were receiving. In addition, they utilized several DNS services both on legacy internal DNS systems and third party Managed DNS services. Business Challenges In 2015, CBC began an exercise to explore alternate corporate domain registrar and DNS service providers. They were driven by a need to reduce cost and improve control over and visibility into their domain portfolio performance. Over the years, their domain portfolio had become bloated, adding unnecessary cost to the organization. IT, digital and administrative teams were challenged to gain a full view of their portfolio and DNS infrastructure. Internal domain ownership was not clearly identified which caused continued bloating as more domains were registered and few allowed to expire. On the DNS side, the CBC utilized a variety of DNS services both in house and through third party providers largely due to legacy service set ups. for which a reasonable alternative to consolidate had not been identified. The result of various DNS services and dissatisfaction with the incumbent domain registrar, IT and administrative teams were spending too many cycles managing assets without a clear view of the entire portfolio. It was expensive and not easy to manage, requiring excessive internal cycles to maintain digital operations. The corporation sought to put in place change management approval workflow, ability to allocate costs to associated operating entities... --- ---