Brand Protection
Common misspellings (cloudfalre.com
) and concatenation of services (cloudflare-okta.com
) are often registered by attackers to trick unsuspecting victims into submitting private information such as passwords. Brand Protection gives you the ability to search for new domains that may be attempting to impersonate your brand. Our system allows you to save search queries that run continuously and alert you if any new domains match those queries.
Domain search
To start searching for new domains that might be trying to impersonate your brand:
Log in to your Cloudflare dashboard and select your account.
Go to Security Center > Brand Protection.
Provide a name for your query.
In Match against, write the name of the domain that you want the query to match. You have the ability to add multiple brand phrases on the same query, and the results will generate matches for all of those.
In the Max distance dropdown, select from
0-3
the number of characters the results can differ from your domain.Select Apply. This will create a preview of the most recent results matching your query.
You can select Save query to monitor it in the future and perform other actions, such as delete, clone and set up alerts, according to your paid plan limits.
In the section Monitored queries, you can check all the queries that you selected to monitor. You can delete, clone, or create notifications for a query. Refer to Brand Protection Alerts to set up notifications.
Logo queries
To set up a new logo query:
- Go to Security Center > Monitor Images and select Add logo.
- Add a name for your query and upload your logo. Only the
.png
,.jpeg
, and.jpg
file extensions are supported. - Select Save logo.
The browser will return to the Monitor Images overview page, where you can access your query and configure notifications.
Investigate a query
To investigate a query:
- Go to the Monitored strings or Monitor Logos section to view all your queries.
- Select a monitored query to inspect all the domains that matched your query.
- Next to the domain, select Domain or URL. This will trigger a search on the Investigate section in a separate tab.
- In this section, you have the Domain overview, the WHOIS section that provides details about the date the domain was created, registrant and nameservers, and the Domain history that provides information on the domain category and when it was last changed. Refer to Investigate threats for more details.
Brand Protection Alerts
Brand Protection works with Cloudflare’s ANS (Alerts Notification Service) to provide configurable alerts when new domains are detected.
Any matches that are found during the new domain search are then inserted into an internal alerts table which triggers an alert for the user. This allows you to receive real-time notifications and take immediate action to investigate and potentially block any suspicious domains that may be attempting to impersonate your brand.
To set a Brand Protection Alert:
Go to the Monitored queries section and select the three dots in front of the query for which you would like to create notifications.
From the dropdown, select Create notification to receive an immediate notification once Cloudflare detects that a newly registered domain matches your query, or Create digest notification to run your query every 24 hours.
You will be taken to the Notifications section in the sidebar, to configure your Brand Protection Alert.
Create a notification name, add a description (optional), add a Webhook, and enter a notification email. You can add multiple email addresses.
Select Save.
Manage your notifications in the All notifications tab. You can disable, edit, delete, or test them.
Limitations
- While this product is in beta, all Enterprise customers and Cloudforce One subscribers have access to Brand Protection. Enterprise customers are entitled to one saved query per Enterprise zone on their account.
- You may only use the Brand Protection search tools to search for domains that may be attempting to impersonate your brand or a brand that has authorized you to conduct such search on its behalf.