Detectify, a leading player in the EASM (Attack Surface Management) space, recently introduced a new Domains page along with significant enhancements to its existing capabilities for setting custom attack surface policies. These updates have been designed to provide organizations with greater control over their attack surface data and the ability to configure alerts for policy breaches based on their specific definition of risk, a feature that sets Detectify apart from its competitors.
The constantly evolving and expanding attack surfaces pose a significant challenge for organizations in obtaining and interpreting relevant insights from their attack surface data. Recognizing this growing complexity, leading analyst firms like Forrester have acknowledged the importance of Attack Surface Management solutions, with Detectify being featured in their recent report “The Attack Surface Management Solutions Landscape, Q2 2024.”
Security teams emphasize the need to identify and mitigate risks that are unique to their business context. This is evident from the fact that Detectify users experience an average of 300 breaches per set policy, with a significant focus on detecting risky open ports. Over 70% of active policies currently concentrate on identifying insecure open ports, with 60% specifically alerting on ports other than the commonly used 80 or 443. This underscores the importance of identifying and addressing vulnerabilities in the attack surface, such as open ports, for enhancing security.
Danwei Tran Luciani, VP of Product at Detectify, highlighted the significance of these updates, stating that the new features empower security teams with greater control over their attack surface data. Users can now create custom policies based on a range of new characteristics, such as being alerted when a specific cloud provider is present on a set of domains, thereby enhancing their ability to manage risks effectively.
With the introduction of the new Domains page and enhancements to Attack Surface Policies, Detectify customers can enjoy several benefits, including a comprehensive view of their complete attack surface, customizable attack surface data tailored to their workflows, and risk management that aligns with their unique business context. The Domains page provides a detailed overview of all monitored domains within the attack surface, along with relevant data such as IPs, cloud providers, and technologies used over time. This allows security teams to stay informed about their attack surface evolution and take proactive measures to address exposures.
By enabling customers to create customized policies for their attack surface data and set up alerts for potential breaches based on their specific risk definitions, Detectify is providing a unique capability that is not offered by other EASM products. This allows organizations to effectively manage their security posture and respond to threats in a timely manner.
The new Domains page and enhanced Attack Surface Policies are now available to all Surface Monitoring customers, with ongoing updates planned to further enhance the specificity of security policies. Additionally, teams will soon be able to integrate alerts into their existing workflows through the Detectify API and Integrations platform, further streamlining their security management processes.
In conclusion, Detectify’s latest updates underscore the company’s commitment to empowering organizations with advanced tools to manage their attack surface effectively and mitigate risks proactively. By offering tailored solutions that cater to the unique needs of each customer, Detectify is poised to remain a key player in the rapidly evolving EASM market.