Detectify, the External Attack Surface Management platform powered by elite ethical hackers, today announced Custom Policies Overview, a new tool allowing organizations to quickly and easily enforce custom security policies across the entire attack surface, improving security postures at the speed of business.
Every organization has its own security workflows and different criteria for determining acceptable risk. Ensuring an organization’s external attack surface adheres to specific internal security policies however is a major challenge. Most attack surface management solutions use one-size-fits-all approaches, only triggering alerts if they identify publicly disclosed vulnerabilities with assigned CVE scores. Unfortunately, since many critical vulnerabilities never receive CVE scores, only testing for publicly disclosed vulnerabilities is an incomplete approach that leaves the business vulnerable.
Furthermore organizations often add assets or technologies to the attack surface without ever alerting the security team, eliminating any guarantee that the assets meet corporate security standards. This leads to policy breaches that can go undetected for days, months, or even years, representing massive risk to the business. “Shifting left,” and introducing security testing earlier, is a common solution that many DevSecOps teams attempt in an effort to catch vulnerabilities pre-production. However, Detectify research shows why this approach is not feasible for organizations with large, dynamic attack surfaces
“Security is not one-size fits all,” said Rickard Carlsson, CEO and Co-Founder, Detectify. “No one has an entirely linear development process, and every organization has a different definition of acceptable risk. Security teams need to apply their own unique security policies for corporate assets based upon business context. Doing this manually is time intensive and not scalable, leading to bottlenecks. Custom Policies Overview allows security teams to enforce security best practices without slowing down critical business operations.”
Using an “IF-THEN” structure, Detectify brings visibility back to security teams, providing real-time insight into anomalies in production before they become risks even if security was not part of the development process, allowing security to enforce security best practices without becoming gatekeepers. Custom Policies Overview is available now.
For further information visit detectify.com/attack-surface-custom-policies
Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com