Domain Security Monitoring
Your domains are the foundation of your online presence and a primary target for attackers. DriftAlarm continuously monitors your domains for subdomain takeover vulnerabilities, DNS misconfigurations, certificate expirations, and emerging security risks, alerting you to changes before they become incidents.
Why Monitor Your Domains for Security Risks
Domains are more than just addresses for your websites. They are the trust anchors of your digital identity. Customers, partners, and employees trust your domains to be legitimate and secure. When a subdomain is hijacked, a certificate expires, or DNS records are manipulated, that trust is broken and the consequences range from service outages to data theft and brand damage. Domain-related security issues are among the most undermonitored risks in most organizations.
Subdomain takeover is one of the most prevalent and growing domain security threats. When a subdomain points to a cloud service (an Azure App Service, an AWS S3 bucket, a Heroku app, a GitHub Pages site) that has been deprovisioned, an attacker can claim that service and serve their own content on your subdomain. This creates a trusted phishing platform under your domain name, bypasses email security controls, and can be used to steal cookies and session tokens. Organizations with hundreds or thousands of subdomains are particularly vulnerable because tracking which subdomains point to active versus deprovisioned services is nearly impossible without automation.
Beyond subdomain takeover, domain security encompasses SSL/TLS certificate management, DNS configuration integrity, domain registration monitoring, and the security posture of every service running on your subdomains. A single expired certificate can block access to critical services. A misconfigured DNS record can redirect email to an attacker-controlled server. A forgotten subdomain running an outdated CMS can provide a foothold into your internal network. Continuous monitoring catches these issues as they develop, rather than after they are exploited.
How DriftAlarm Monitors Your Domains
DriftAlarm uses Amass to perform recursive subdomain enumeration against your root domains. This combines passive sources, including certificate transparency logs, DNS aggregation services, and web archives, with active DNS brute-forcing and resolution to build a comprehensive subdomain inventory. The discovery process regularly finds subdomains that are not in your DNS management console because they were created through cloud service provisioning, third-party integrations, or historical configurations that were never cleaned up.
Every discovered domain and subdomain undergoes DNS analysis to catalog A records, CNAME records, MX records, TXT records, NS records, and DNSSEC configuration. RDAP lookups retrieve domain registration details including registrar, registration and expiration dates, nameserver configuration, and registrant information. This data is monitored for changes that could indicate domain hijacking, misconfiguration, or approaching expiration.
DriftAlarm checks the SSL/TLS certificate on every HTTPS service, verifying the certificate chain, expiration date, subject alternative names, issuer, key strength, and protocol configuration. Certificates approaching expiration trigger drift alerts with configurable lead times, giving you days or weeks of advance warning to renew before an outage occurs.
Using httpx, DriftAlarm probes every subdomain for HTTP and HTTPS services, capturing response codes, page titles, server headers, technology fingerprints, and redirect chains. This identifies active web services, reveals what technology each subdomain is running, and detects subdomains that return unexpected responses (such as cloud provider default pages that indicate potential subdomain takeover vulnerability).
All domain and subdomain data is tracked over time using DriftAlarm's 32 built-in drift detection rules. New subdomains, DNS record changes, certificate expirations, technology changes, new security headers, and service modifications all generate drift events with Slack and email notifications. Custom rules let you define additional monitoring criteria specific to your domain management policies.
What You Get
Complete Subdomain Inventory
Automated subdomain enumeration using Amass discovers your full subdomain footprint, including subdomains created by cloud services, third-party vendors, and historical configurations. The inventory is updated weekly, with each new subdomain generating a drift event notification.
Subdomain Takeover Detection
DriftAlarm identifies dangling DNS records that point to deprovisioned cloud services, a condition that enables subdomain takeover attacks. When a CNAME record points to an unclaimed Azure, AWS, GitHub, Heroku, or other cloud service endpoint, the finding is flagged with specific remediation steps to either reclaim the service or remove the DNS record.
Certificate Expiration Monitoring
Every SSL/TLS certificate across your domain portfolio is tracked for expiration. Drift alerts notify you when certificates approach expiration with configurable lead times. The monitoring also detects certificate mismatches, weak key sizes, deprecated protocol versions, and incomplete certificate chains.
DNS Change Detection
Changes to DNS records, including A, CNAME, MX, TXT, and NS records, are detected and reported as drift events. This catches unauthorized DNS modifications, misconfigured records, and changes that could redirect traffic or email to unintended destinations.
Domain Registration Monitoring
RDAP-based domain registration monitoring tracks registrar, nameserver, and expiration date changes. You receive advance warning when domains approach expiration so you can renew before a lapse creates an opportunity for domain squatters or attackers to register your expired domain.
Technology Fingerprinting per Subdomain
Every subdomain is fingerprinted to identify the technology stack: web server, application framework, CMS, JavaScript libraries, and hosting provider. This per-subdomain technology inventory helps you identify forgotten services running outdated software, unauthorized deployments, and inconsistent security configurations across your domain portfolio.
See Your Attack Surface — Start Free Trial
Who Uses This
Security Teams Managing Domain Sprawl
Organizations with dozens to hundreds of domains and thousands of subdomains struggle to maintain visibility across their entire domain portfolio. DriftAlarm automates the discovery and monitoring of every subdomain, detecting dangling DNS records, expiring certificates, and unauthorized services. Security teams use DriftAlarm to enforce domain security policies across the entire portfolio without manually auditing DNS zones.
IT Operations Teams
IT teams responsible for DNS management, certificate lifecycle, and domain registration use DriftAlarm as an external validation layer. Even with internal DNS management tools and certificate automation, misconfigurations happen. DriftAlarm monitors from the outside, catching issues that internal tools may miss because they only see the intended configuration, not the actual external-facing reality.
DevOps Teams Deploying to Cloud
DevOps teams frequently create and destroy cloud resources that are mapped to subdomains. When a cloud resource is torn down but the DNS record remains, a subdomain takeover vulnerability is created. DriftAlarm detects these dangling records automatically, alerting the team to clean up DNS records that point to deprovisioned services before an attacker claims them.
Frequently Asked Questions
Discover Every Subdomain and Secure Your Domain Portfolio
30-day free trial. No credit card required. Results in 90 seconds.