We’re pleased to share that our External Attack Surface Management (EASM) solution is now available on AWS Marketplace through private offer. Our inclusion means that our customers can now more conveniently and easily purchase both Surface Monitoring and Application Scanning for comprehensive attack surface coverage.

The new attack surface overview puts the changes and potential risky exposures to your attack surface front and center. But that’s not all we’ve shipped in February. We’ve improved our Azure domain connector, simplifying onboarding for those users, and sent dozens of new vulnerability tests, such as CVE-2024-27199: TeamCity Authentication Bypass and CVE-2024-21893: Ivanti Connect Secure, Policy Secure SSRF.

Navigating the complex and ever-changing compliance landscape is difficult for many companies and organizations. With many regulations, selecting the appropriate security tooling that aligns with the compliance needs of your business becomes a significant challenge.

Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures.

This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties.

For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.

We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.

In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface are being continuously monitored and scanned, such as where, when, what, and how. This can include, but is not limited to.