Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Detectify

Introducing Jobs-to-be-Done: a way to help our users achieve their goals

As a security practitioner, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things you need to accomplish and get done that are the most important to you.

Improvements to the IP page - more flexibility and new methods to interact with data

We know how frustrating it can be to discover new assets that don’t follow your internal security policies, such as using a geolocation that isn’t allowed or even a sudden spike in hosting from an approved country. These exposures can put your organization at risk, especially since they often go undetected and are challenging to split with automation. That’s why we’re excited to see so many of our customers use our new IP page.

Spot risks with our new IP view

Customers often tell us of instances where someone in their team spins up a new machine that isn’t using an approved geolocation, or that they see an unexpected spike in hosting from a particular country. These anomalies can put an organization at risk, especially since they are difficult to spot in an automated way.

Here's how External Attack Surface Management and Penetration Testing compare

“How does Detectify’s External Attack Surface Management platform compare to Penetration testing” or “What I’m really looking for is Penetration testing” are two statements we often hear when talking to prospects. We know that many of you are keen to understand how EASM compares with Penetration testing (Pen testing), so we’re exploring these two methodologies side-by-side.

Challenges when implementing an AWS multi-account strategy

Implementing an AWS multi-account strategy is a popular approach that helps organizations to manage their cloud resources efficiently. In my previous post, I discussed our reasons for implementing an AWS multi-account strategy, our journey, and some of the benefits we gained as an organization. However, implementing this strategy can come with its fair share of challenges.

View vulnerabilities on the Attack Surface page, new Overview, and update to Attack Surface Custom Policies

The attack surface is where you can understand what you have exposed and whether you should take action on it. Previously, users couldn’t see which assets were vulnerable from the Attack Surface view – it was only possible to view vulnerable assets from the Vulnerabilities page, which required more time. Viewing vulnerabilities on the Attack Surface page will help you better prioritize which assets you need to take action on.

Major improvements to integrations

Resolving vulnerabilities quickly depends on several factors, not least how effectively security and product development teams collaborate. Modern security teams rely on several tools to discover, analyze, and triage vulnerability findings on to product development teams for remediation. This process sounds straightforward, but it rarely is. Detectify users manage the security of large scale products and services owned by dozens – if not hundreds – of product development teams.

Assign severity ratings on Attack Surface Custom Policies

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

Detectify's approach to asset discovery is at the forefront of the security landscape

We’re excited to announce that Detectify has been included in the 2023 Gartner Competitive Landscape for External Attack Surface Management report. This report is an important resource for External Attack Surface Management (EASM) vendors and potential customers alike, as it provides the most up-to-date insights on the EASM landscape and how various vendors are approaching attack surface management.