Introduction

Note for Partners: When the Organization Selector is set to the partner view, the details presented on this page refer to your organization. When set to a specific client view, the details on this page refer to the client organization. Ensure that the Organization Selector is set to the appropriate client before continuing.

The Monitoring Profile (Administration section) is a section of the Service Profile Page, and it stores data about your organization’s IT infrastructure. This allows Field Effect, and our analysts, to better understand, contextualize, and characterize the activity being monitored.

Table of contents

• Video - The Monitoring Profile
• Overview
  • Examples that Leverage the Monitoring Profile
    • Using Domains to Detect Typo Squatting
    • Using Email Domains to Identify SEAS Submissions
    • Using Staff Locations to Identify Malicious User Logins

Video - The Monitoring Profile

Overview

It’s important to note that some of Field Effect’s features require that you fill out the Monitoring Profile. To enable the DNS Firewall, for example, your organization must add the public IP addresses of each gateway device(s) in your organization’s network(s).

This article outlines each section of the Monitoring Profile and provides some examples of how this data is used. To learn how to edit a Monitoring Profile, see Monitoring Profile: Editing & Updating.

The sections of a Monitoring Profile include:

• Domains: your organizational domains (ex: www.your_company.com). Field Effect uses this information to monitor for external threats and scan suspicious emails.
• Email Domains: the domain(s) used for used for organizational email accounts (example@your_comapny.com). This helps Field Effect match email domains to the appropriate email analysis reports for your organization.
• Public IPs: To enable the DNS Firewall, Field Effect needs to understand your organization’s connections. Providing public IP addresses for the gateway device(s) enables this functionality.
• Staff Locations: Field Effect uses this data to ensure that cloud account logins are coming from expected locations.

Examples that Leverage the Monitoring Profile

Using Domains to Detect Typo Squatting

Typo squatting is a common attack technique in which attackers leverage misspelled domain names. Using “www.fieldeffect.com” as an example, an attacker may register the domain “www.filedeffect.com” and try to drive traffic to this malicious site, misleading users into thinking they’re visiting the trusted Field Effect site.

Using Email Domains to Identify SEAS Submissions

The Suspicious Email Analysis Service (SEAS) is a service that allows users to submit any suspicious email they receive to the service. Once submitted, our analysts will evaluate the email and its contents, and provide a rating (Likely Safe, Suspicious, Malicious) along with their findings in the MDR Portal.

Adding work email domains to the Monitoring Profile helps Field Effect map email submissions to your organization. These email domains must be owned by your organization, and you must consent to them being monitored and analyzed by Field Effect and our analyst team.

Using Staff Locations to Identify Malicious User Logins

Once an attacker has a user’s credentials, they can log in from anywhere in the world. Adding your staff locations to the Monitoring Profile (Headquarters, branch offices, etc.) allows Field Effect to identify suspicious/malicious logins. 

If a user is logging in from Asia, for example, but you only have a North American presence, Field Effect MDR can identify the login as being potentially malicious and generate the appropriate ARO.