All Surface Monitoring users can configure Attack Surface Policies directly from the new Domains page, enabling various combinations of characteristics that were previously unavailable. Users are now alerted when policy breaches occur directly through their integrated tools, such as Slack and Jira.  Making attack surface data actionable Our users are responsible for the security of their digital products and services. We know it’s important for them to have the latest attack surface data enabling them to investigate exposures, set security policies, and respond quickly to vulnerabilities ..read more

We’ve recently announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring unprecedented control over attack surface data and enable organizations to seamlessly configure alerts for policy breaches based on their unique definition of risk, a feature unmatched by any other player in the EASM space. Read the full press release here. With the new Domains page and the major improvements to Attack Surface Policies, customers can benefit from: Their complete attack surface, at a glance: The new Domains page provide ..read more

We’re pleased to share that our External Attack Surface Management (EASM) solution is now available on AWS Marketplace through private offer. Our inclusion means that our customers can now more conveniently and easily purchase both Surface Monitoring and Application Scanning for comprehensive attack surface coverage. Making our products available on AWS Marketplace through a private offer simplifies the purchasing process and represents a significant step in helping customers continuously monitor their attack surfaces – Jonas Elmqvist, Detectify Head of Sales & CSM Jonas Elmqvist, Detect ..read more

Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures. Confidence in the latest attack surface data New assets, vulnerabilities, or human errors like server misconfigurations make a continuously updated overview of the attack surface a non-negotiable for organizations today. When our users come to che ..read more

This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties. January – March Improvements to Attack Surface Custom Policies (Surface Monitoring) Expanded coverage of Attack Surface Custom Policies to include fingerprinted technologies and enable users to set custom rules for various use cases. Expanded asset attribution (Surface Monitoring) Including several new data points, such as IPs. Detectify recognized in Forrester independent ..read more

It’s nearing the end of 2023, and we’ve recently published a report, “State of EASM 2023”, offering insights into the state of attack surfaces across a sample of our customer base. The report takes anonymous and aggregated Detectify data to explore the state of External Attack Surface Management within our customers. The data set includes: 235 companies & organizations, including large enterprises and mid-market companies from across a range of industries. 60% of our mid-market and enterprise customer base (excluding our self-service users). This data contains a sample of customers with ..read more

We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface. New data visible from your overview We know that getting the latest information about your attack surface helps your team stay in control by responding quickly to new vulnerabilities and exposures. Previously, users could get information about newly detected technologies, vulnerabilities by severity, and assets with the most vulnerabilities, to list a few data ..read more

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool. Latest vulnerabilities: CVE-2023-49103: OwnCloud Phpinfo Configuration CVE-2023-44150: ProfilePress Sensitive Information Exposure CVE-2023-43208: NextGen Healthcare Mirth Connect RCE CVE-2023-41339: Geoserver WMS SSR CVE-2023-40779: IceWarp Open Redirect CVE-2023-39700: IceWarp XSS CVE-2023-37728: IceWarp XSS CVE-2023-33160: Microsoft Sharepoint RCE CVE-202 ..read more

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place.  For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation. Additionally, they should be able to follow their security progress in a single tool or have all their security tools seamlessly ..read more

How do you see the current state of security in your organization when security is constantly evolving? New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable.  AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.  How to define “the current st ..read more