The cybersecurity industry can be one of the most demanding industries to work in. Employees are constantly under pressure to stay ahead of the latest threats. As a result, security professionals often operate in a state of high alert, which can take a toll on their physical and mental health. In addition, the industry is notoriously competitive, which can lead to employee burnout. There has been much talk about the ongoing ‘Great Resignation’ and what prompted it.

The web browser is probably the most used application on your computer. It’s used for basically everything from checking email, communicating via social media, video conferencing to shopping, banking, gaming, and much more. While we are moving toward a more app-based mobile lifestyle, we are far from getting rid of the traditional web browser.

Simple and intuitive design is at the core of how we design. That’s why we’ve improved the navigation of our tool so that users can easily access the attack surface and scan settings. Since launching the attack surface view earlier this year, we’ve heard from some users that finding the attack surface view isn’t very clear. This meant some users were missing out on insights across their expanding attack surface, such as open ports and DNS information.

The rapidly expanding attack surface often requires security teams to deep dive into their Internet-facing assets, such as root assets and associated subdomains. Conducting these reviews can be time-consuming for security experts, particularly if they have a large attack surface made up of hundreds – or even thousands! – of subdomains. We’ve now made it possible for users to filter their attack surface by a root asset.

While the attack needed for such a single-click account takeover would be complex, the research by Frans Rosén, Security Advisor at Detectify, discovered that some of the most popular consumer and business websites in the world currently are not following the OAuth specification best practices and thus are vulnerable to the attack chain. Rosén recently undertook extensive research on how OAuth tokens could be stolen.

Detectify has been recognized as a Momentum Leader in Website Security, a category for tools designed to protect business websites from internet-based threats. This recognition is awarded after factoring in social, web, employee, and review data that G2 has deemed influential in Detectify’s momentum. Besides ranking #1 on the Website Security podium, Detectify is also holding the first position in Alerting.

The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface. Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs.

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.

Getting a complete overview of the growing attack surface is difficult. Regardless of how security is organised in your organisation, knowing what Internet-facing assets are exposed and if those assets are vulnerable across many different teams is no simple task. This is doubly true for security teams with dozens – or even hundreds! – of dev teams. We’ve now made it possible for customers on the Enterprise Plan to create and manage subteams through the Detectify API.

Getting the freshest insights on what vulnerabilities you have is essential for any vulnerability management program. Until recently, it wasn’t very clear when Application Scanning would execute a scan on an asset. This introduced unnecessary complexity for some users, particularly those with a large attack surface. Now, Application Scanning users can easily view all of the upcoming scans on a single page.