TL/DR: Users now get additional insights on what is discovered on the attack surface. This includes information such as when an asset was last seen and to what extent an asset is exposed online, and much more.
The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed.
Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.
Of course, discovering what is on your attack surface is important, however, understanding to what extent your attack surface is exposed is doubly important. Surface Monitoring users can now view the state of their attack surface. This helps them know whether a particular domain has open ports, has reachable IPs but no open ports, or whether there’s just a resolving DNS record.
The attack surface is shown in the following states:
- Inactive: Subdomain hasn’t been seen within the last 14 days
- Seen: Was last seen by a variety of methods within 14 days
- Reachable: Reachable within the last 3 days
- Open: Has open ports that were last seen within 3 days
Autodiscovery helps customers identify all of their publicly available subdomains. This is particularly useful whether users want to discover legacy systems to a forgotten marketing landing page to potential subdomain takeovers. Sometimes, users would like to run autodiscovery manually for various reasons. Until recently, that has not been possible.
Now, all users can manually trigger autodiscovery on root assets which means users never have to worry if an asset is missing from their attack surface.
Occasionally, you might need to manually add a subdomain. Previously, that wasn’t possible, which meant some corners of the attack surfaces weren’t covered. We’ve now made it possible for customers to manually add subdomains to a root asset.
Adding a subdomain for verified root assets:
- Select the “Add asset” button at the top right-hand side of the screen
- Select “Add subdomain”
- Enter domain name
- Select the “Add domain” button
Users can add a subdomain to an unverified root asset which will create a separate root asset that will automatically convert to a sub asset once the actual root is verified. You can read more about verifying assets on our knowledge base.
- Improvements to port discovery and scanning. We are reducing false positives by referencing both Masscan and nMap in port discovery and scanning of ~8500 TCP ports. We do this by first scanning all ports with Masscan followed by referencing what we discovered with nMap to refine those results. This will ensure users get access to accurate information about open ports on their attack surface.
- Filter attack surface by open ports. Surface Monitoring users can now filter their attack surface view by open ports, such as port 80 or 443.
To keep up with today’s evolving security challenges, you need continuous coverage of the attack surface. Login to check your assets. Go hack yourself!