There is always the risk that sensitive data will be exposed during mergers and acquisitions. Throughout the M&A process, you’re adding new ways for hackers to enter your systems, enabling them to access sensitive customer information. This is because the merging of companies usually results in an increase in the attack surface, therefore, increasing the number of unknown security risks the acquiring company is unaware of. The numbers don’t lie.

In 2013, a group of ethical hackers started penetration testing to make the Internet a safer place. After hacking companies such as Google, Facebook among others, they realized they could automate their findings to help companies monitor their attack surface and founded Detectify. Fast forward a few years and Detectify’s Crowdsource network boasts of 400+ elite ethical hackers.

In a previous update, we highlighted the improved navigation to the attack surface. Improving the navigation to the attack surface ensures Surface Monitoring users can easily access critical information about their exposed assets, such as attack surface state, their DNS footprint, and open ports. When a user accesses the attack surface, they have the option to view their root assets (often the apex domains) via the Root Assets tab.

The cybersecurity industry can be one of the most demanding industries to work in. Employees are constantly under pressure to stay ahead of the latest threats. As a result, security professionals often operate in a state of high alert, which can take a toll on their physical and mental health. In addition, the industry is notoriously competitive, which can lead to employee burnout. There has been much talk about the ongoing ‘Great Resignation’ and what prompted it.

The web browser is probably the most used application on your computer. It’s used for basically everything from checking email, communicating via social media, video conferencing to shopping, banking, gaming, and much more. While we are moving toward a more app-based mobile lifestyle, we are far from getting rid of the traditional web browser.

Simple and intuitive design is at the core of how we design. That’s why we’ve improved the navigation of our tool so that users can easily access the attack surface and scan settings. Since launching the attack surface view earlier this year, we’ve heard from some users that finding the attack surface view isn’t very clear. This meant some users were missing out on insights across their expanding attack surface, such as open ports and DNS information.

The rapidly expanding attack surface often requires security teams to deep dive into their Internet-facing assets, such as root assets and associated subdomains. Conducting these reviews can be time-consuming for security experts, particularly if they have a large attack surface made up of hundreds – or even thousands! – of subdomains. We’ve now made it possible for users to filter their attack surface by a root asset.

While the attack needed for such a single-click account takeover would be complex, the research by Frans Rosén, Security Advisor at Detectify, discovered that some of the most popular consumer and business websites in the world currently are not following the OAuth specification best practices and thus are vulnerable to the attack chain. Rosén recently undertook extensive research on how OAuth tokens could be stolen.

Detectify has been recognized as a Momentum Leader in Website Security, a category for tools designed to protect business websites from internet-based threats. This recognition is awarded after factoring in social, web, employee, and review data that G2 has deemed influential in Detectify’s momentum. Besides ranking #1 on the Website Security podium, Detectify is also holding the first position in Alerting.