Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Improving domain discovery with new connectors

Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures.

EASM in 2023 - shortcomings with CVE-overreliance and flaws in security scoring systems

For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.

Job-to-be-Done: Understand what is being continuously tested and monitored across my attack surface

In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.

Job-to-be-Done: Quickly resolve exposures and vulnerabilities

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.

Jobs-to-be-Done: See the current state of security and understand what is exposed and how it has evolved over time

New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.

Introducing Jobs-to-be-Done: a way to help our users achieve their goals

As a security practitioner, the scope and responsibilities of your role have likely changed over the last few years. This is likely an accumulation of: But what hasn’t changed? Regardless of any new scope or responsibilities, you still have a set of things you need to accomplish and get done that are the most important to you.