AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

Greetings, digital guardians. Today, we’ll be diving into the wonderful world of External Attack Surface Management (EASM) platforms. As the sun rises on another day in your cyber kingdom, you may find yourself wondering whether your EASM platform is really up to the task of protecting it. In this article, we’ll be your guiding light in the dark alleys of EASM uncertainty.

Detectify is honored to start off the RSA 2023 Conference with the news that it has been recognized as the market leader in Attack Surface Management in Cyber Defense Magazine’s Global InfoSec Awards. This accolade demonstrates the effectiveness of Detectify’s approach to External Attack Surface Management (EASM), which is unique in the space because it tests environments with real payloads by using its crowdsourced community of ethical hackers.

In the past year, we’ve shifted our infrastructure from a single Amazon Web Services (AWS) account owned by our Platform team to multiple domain-specific accounts. For each product domain and environment, we have created AWS accounts, which has allowed us to improve stability and security by reducing the blast radius. This setup also provides excellent scalability with good cost observability across the organization.

The increasing complexity of applications and networks means that it’s more important than ever to have comprehensive application scanning and attack surface management in one place. Any true and complete standalone EASM solutions should already have application scanning capabilities built into them. But how does this work exactly?

We know that managing SSL/TLS certificates across hundreds – or even thousands – of Internet-facing assets is often a manual job for most security teams. Certificates that have expired, for example, offer an excellent opportunity for malicious actors to execute a variety of hacks (in some instances, even a MITM attack) and can also put sites at risk of becoming inaccessible. We’re excited to share that automated SSL/TLS certificate assessments are now a part of Surface Monitoring.