Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Detectify

Major update to Attack Surface Custom Policies

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

7 things that your EASM platform should be able to do

Greetings, digital guardians. Today, we’ll be diving into the wonderful world of External Attack Surface Management (EASM) platforms. As the sun rises on another day in your cyber kingdom, you may find yourself wondering whether your EASM platform is really up to the task of protecting it. In this article, we’ll be your guiding light in the dark alleys of EASM uncertainty.

Detectify honored as Market Leader in Attack Surface Management in Global InfoSec Awards

Detectify is honored to start off the RSA 2023 Conference with the news that it has been recognized as the market leader in Attack Surface Management in Cyber Defense Magazine’s Global InfoSec Awards. This accolade demonstrates the effectiveness of Detectify’s approach to External Attack Surface Management (EASM), which is unique in the space because it tests environments with real payloads by using its crowdsourced community of ethical hackers.

Detectify's journey to an AWS multi-account strategy

In the past year, we’ve shifted our infrastructure from a single Amazon Web Services (AWS) account owned by our Platform team to multiple domain-specific accounts. For each product domain and environment, we have created AWS accounts, which has allowed us to improve stability and security by reducing the blast radius. This setup also provides excellent scalability with good cost observability across the organization.

Why incorporating web application scanning capabilities with asset monitoring makes a complete EASM solution

The increasing complexity of applications and networks means that it’s more important than ever to have comprehensive application scanning and attack surface management in one place. Any true and complete standalone EASM solutions should already have application scanning capabilities built into them. But how does this work exactly?

Automated certificate assessments now possible

We know that managing SSL/TLS certificates across hundreds – or even thousands – of Internet-facing assets is often a manual job for most security teams. Certificates that have expired, for example, offer an excellent opportunity for malicious actors to execute a variety of hacks (in some instances, even a MITM attack) and can also put sites at risk of becoming inaccessible. We’re excited to share that automated SSL/TLS certificate assessments are now a part of Surface Monitoring.

Here's how EASM is filling the gaps missed by AppSec testing solutions

We recently explored why developers have begun to ship more frequently to production, as well the relationship between more frequent releases and AppSec teams more effectively prioritizing and remediating threats. To further understand how AppSec teams evaluate tooling, we’ve recorded a collection of common questions that we’ve observed teams asking themselves.

Resolving prioritization issues faced by modern AppSec teams with EASM

At Detectify, we proudly maintain an AppSec perspective when it comes to how we handle security. But what does this mean exactly? In short, we think a lot about how both AppSec teams and developers will experience our platform and products. We know that today’s developers are feeling the pressure to get new code out to production to meet the demands of the business. These business demands have increased the need for AppSec tooling to leverage automation whenever possible.

Vulnerabilities page updates: Major improvements to accelerate remediation

We know that most security teams today handle a backlog of thousands of vulnerabilities. We also know that not all of these vulnerabilities pose a significant risk to your organization, whether or not they have a high severity score or are present on a business-critical asset. We’ve spoken with dozens of security teams over the last few months and have learned that filtering vulnerabilities across several factors is critical to accelerating remediation.