Certificate Transparency (CT) is an open framework, defined in RFC 6962, that requires Certificate Authorities to publish every TLS certificate they issue to public, append-only logs. Browsers require certificates to appear in these logs to be trusted, so issuance is effectively impossible to hide.
For brand protection, CT is an early-warning signal. Attackers standing up a phishing site usually obtain a TLS certificate — often a free one — so the padlock appears, and that issuance is logged within minutes, frequently before the site is weaponized or any phishing is sent.
Monitoring tools such as crt.sh and Certstream let you search or stream CT logs for your brand keywords and lookalike permutations. The challenge is suppressing the large volume of benign matches. See the guide on detecting brand impersonation with CT logs.