AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

We’re excited to announce that Detectify has been included in the 2023 Gartner Competitive Landscape for External Attack Surface Management report. This report is an important resource for External Attack Surface Management (EASM) vendors and potential customers alike, as it provides the most up-to-date insights on the EASM landscape and how various vendors are approaching attack surface management.

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

Greetings, digital guardians. Today, we’ll be diving into the wonderful world of External Attack Surface Management (EASM) platforms. As the sun rises on another day in your cyber kingdom, you may find yourself wondering whether your EASM platform is really up to the task of protecting it. In this article, we’ll be your guiding light in the dark alleys of EASM uncertainty.

Detectify is honored to start off the RSA 2023 Conference with the news that it has been recognized as the market leader in Attack Surface Management in Cyber Defense Magazine’s Global InfoSec Awards. This accolade demonstrates the effectiveness of Detectify’s approach to External Attack Surface Management (EASM), which is unique in the space because it tests environments with real payloads by using its crowdsourced community of ethical hackers.

In the past year, we’ve shifted our infrastructure from a single Amazon Web Services (AWS) account owned by our Platform team to multiple domain-specific accounts. For each product domain and environment, we have created AWS accounts, which has allowed us to improve stability and security by reducing the blast radius. This setup also provides excellent scalability with good cost observability across the organization.

The increasing complexity of applications and networks means that it’s more important than ever to have comprehensive application scanning and attack surface management in one place. Any true and complete standalone EASM solutions should already have application scanning capabilities built into them. But how does this work exactly?

We know that managing SSL/TLS certificates across hundreds – or even thousands – of Internet-facing assets is often a manual job for most security teams. Certificates that have expired, for example, offer an excellent opportunity for malicious actors to execute a variety of hacks (in some instances, even a MITM attack) and can also put sites at risk of becoming inaccessible. We’re excited to share that automated SSL/TLS certificate assessments are now a part of Surface Monitoring.

We recently explored why developers have begun to ship more frequently to production, as well the relationship between more frequent releases and AppSec teams more effectively prioritizing and remediating threats. To further understand how AppSec teams evaluate tooling, we’ve recorded a collection of common questions that we’ve observed teams asking themselves.

At Detectify, we proudly maintain an AppSec perspective when it comes to how we handle security. But what does this mean exactly? In short, we think a lot about how both AppSec teams and developers will experience our platform and products. We know that today’s developers are feeling the pressure to get new code out to production to meet the demands of the business. These business demands have increased the need for AppSec tooling to leverage automation whenever possible.