This blog summarizes how the Detectify tool has evolved over 2023, alongside other significant highlights, such as analyst mentions and major developments to Detectify.com, Detectify Blog, and Detectify Labs properties.
January – March
Improvements to Attack Surface Custom Policies (Surface Monitoring)
Expanded coverage of Attack Surface Custom Policies to include fingerprinted technologies and enable users to set custom rules for various use cases.
Expanded asset attribution (Surface Monitoring)
Including several new data points, such as IPs.
Detectify recognized in Forrester independent research
Included in Forrester’s “External Attack Surface Management Landscape, Q1 2023” report.
April – June
Detectify Recognized as a Sample Vendor in Gartner® research
Included in the 2023 Gartner “Competitive Landscape for External Attack Surface Management” report. Also identified as an External Attack Surface Management (EASM) Sample Vendor in 2023 Gartner “Emerging Tech Impact Radar: Security” and “Emerging Tech Impact Radar: Security in Manufacturing” reports.
More certificate assessments (Surface Monitoring)
Expanded into covering various certificate assessments (expired, weak cipher suites, etc.) and SSL/TLS assessments (BEAST, POODLE, etc.)
Improved vulnerabilities page (Application Scanning)
More intelligent filtering, such as grouping by a particular class of assets.
Improving how users manage their scans (Application Scanning)
Overview of scan history for a particular scan profile with warnings for failed scans so users can proactively address failed scanning, alongside various refinements into scan settings for simpler onboarding and ongoing maintenance.
Significant improvements to the Detectify.com website navigation
An entire redesign and rebuild of the header and footer on our .com property, allowing users to navigate to more content from the header, and improved UX.
July – August
Revamp and redesign of the Detectify Blog
We launched an entirely revamped and redesigned blog.detectify.com, allowing for more straightforward navigation of content by category, double menus, and a better display of images, videos, and code snippets.
New integrations platform (Surface Monitoring & Application Scanning)
A new integrations platform with over 300 possible connections that allow for a high degree of customization.
Improving how users work with their attack surfaces (Surface Monitoring)
The new overview highlights several data points from newly discovered technologies, IPs, and your most vulnerable assets.
Better crawling (Application Scanning)
Allows faster scans and improved coverage, resulting in more vulnerability findings.
Combining vulnerability data with the attack surface (Surface Monitoring)
Connecting vulnerabilities to the attack surface (“Which assets of mine are affected by these vulnerabilities?”)
October to December
More control of how the attack surface is tested (Surface Monitoring)
Additional user settings to customize the types of assessments and discovery methods to run on their attack surface.
New IP page (Surface Monitoring)
See which countries IP addresses are in or which hosting providers they use.
New Technologies page (Surface Monitoring)
Powerful filtering, new groups, and timestamps that allow users to better understand how the software composition on their attack surface is evolving.
New Ports page (Surface Monitoring)
A new way of seeing which ports are open across the attack surface and how it is changing over time.
More robust API (Surface Monitoring & Application Scanning)
Updates to API that allows users to fetch technologies and IP information.
Launched changes.detectify.com
A way for users of Detectify to get notified directly about product updates to the tool, as soon as they’re delivered.
Revamp and redesign of Detectify Labs
We launched an entirely revamped and redesigned Labs.Detectify.com, which allows for easier navigation of content by category, double menus, and a better display of images, videos, and code snippets.
Crowdsourced vulnerabilities
Modules added from Crowdsource in September and November.
Detectify research: State of EASM in 2023
New and original research from Detectify that offers insights into the attack surfaces of a sample of our customer base.
Top 5 most read blog content published in 2023
How does EASM differ from CAASM and DRPS?
Hakluke dives into the detailed differences between EASM, CAASM, and DRPS tools. These three technologies have the same goal — protecting assets — but go about it in three distinct ways.
How Detectify embraces the best of both DAST and EASM
How both Dynamic Application Security Testing as a methodology and DAST as a tool relate to what we do at Detectify.
The trouble with CVEs and vulnerability management in modern tech stacks
An editorial from Detectify CEO Rickard Carlsson argues that there are pitfalls in traditional scoring systems like CVSS, which don’t reflect the true risk a CVE represents.
Should your team really run DAST in staging environments?
Rickard Carlsson on how uncovering bugs in the DevSecOps cycle isn’t applicable to DAST in modern environments.
Detectify’s journey to an AWS multi-account strategy
Haris Kabiljagic, Head of Developer Services at Detectify, discusses how the Detectify Engineering team introduced a multi-account set-up at AWS, resulting in a scalable and cost-effective set-up.
New eBooks published in 2023
Deep dive: How EASM is outpacing DAST for AppSec teams
During the past few decades, DAST has been a valuable methodology combining several application security capabilities, such as crawling and fuzzing complex custom-built web applications. However, critical capabilities are missing from DAST (and similar tooling), and Application Security teams feel the pinch as their tech stacks and development methodologies continue to evolve.
Comparing EASM and Pen Testing: Scope, Objectives, Capabilities
External Attack Surface Management and Penetration Testing both enhance an organization’s cybersecurity posture but in different ways. This e-Book compares EASM and Pen Testing by exploring each methodology’s scope, objectives, and capabilities.
Public Sector early to adopt External Attack Surface Management (EASM)
A look at what organizations can learn from manufacturing, higher education, and government agencies in their adoption of External Attack Surface Management.
Here’s to more continuous product updates and other significant developments in 2024. Happy new year from all of us at Detectify!