This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties.
For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.
We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
We’ve made several improvements to how users can interact with their fingerprinted technologies data, grouping IP data by several parameters, and viewing the latest changes to their expanding attack surface.
It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.
New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.
As a security practitioner, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things you need to accomplish and get done that are the most important to you.
We know how frustrating it can be to discover new assets that don’t follow your internal security policies, such as using a geolocation that isn’t allowed or even a sudden spike in hosting from an approved country. These exposures can put your organization at risk, especially since they often go undetected and are challenging to split with automation. That’s why we’re excited to see so many of our customers use our new IP page.
