Improving domain discovery with new connectors


Our new domain connector simplifies and expands support for organizations integrating cloud providers to Detectify. Security teams can now have even greater confidence in the security posture of their attack surface, with increased visibility into the identification, inventorying, and continuous monitoring of the latest vulnerabilities and exposures.

Confidence in the latest attack surface data

New assets, vulnerabilities, or human errors like server misconfigurations make a continuously updated overview of the attack surface a non-negotiable for organizations today. When our users come to check the state of their attack surface, they want to know that all their externally exposed assets are covered so that they can trust their systems are secure.

Detectify users previously had multiple methods for importing their domain data into the platform, which we complemented with subdomain discovery.  

Today, we’re excited to launch our new domain connector that will improve existing support for several use cases for our users, such as integrating several cloud providers and automating the discovery of new assets. Users can begin using the new domain connector by following these instructions and contacting their account manager (for enterprise customers).

Most organizations use two or more cloud providers

It’s no surprise that a recent report found that 33% of organizations surveyed are using two or more cloud providers, something that we regularly see with our customers. One of the challenges our customers face when using multiple cloud vendors is that they aren’t always confident that they know when a new asset has become exposed and if it is vulnerable. For example, e-commerce businesses launch time-sensitive marketing campaigns with unique subdomains that remain reachable after their campaign has ended. We also frequently hear from large technology companies that they’re concerned about visibility into what their subsidiaries expose with their existing tools. That’s why having a continuously updated overview of the attack surface has become essential for companies across most industries. 

In both use cases mentioned above, users rely on Detectify to continuously monitor their attack surface for newly exposed assets for vulnerabilities and exposures, like subdomain takeovers. Detectify has observed thousands of unique instances of potential subdomain takeovers over the last few months, reflecting only a fraction of what may be vulnerable for our users’ assets. We are excited to see customers cover more of their attack surface with our new domain connector, and we expect to see a rise in domain-related vulnerabilities like subdomain takeovers and server misconfigurations.

Detectify has observed thousands of unique instances of potential subdomain takeovers over the last few months, reflecting only a fraction of what may be vulnerable for our users’ assets

Covering known and unknown assets

With the new domain connector, users can directly integrate Alibaba Cloud, Azure, Cloudflare, DigitalOcean and Google Public Cloud. We’ve also expanded our support for AWS Route53 by supporting integrations through credentials and role-based. Users can still upload zone files or manually add domains, which may suit some smaller organizations.

We’re ensuring the latest coverage of your attack surface by updating your domains several times a day. However, as with any new feature, we’re listening closely to our users and will increase the frequency soon in response to how dynamic the modern attack surface has become. Users can access their inventory of domains through the UI and get the latest vulnerabilities discovered on their attack surface via the API or through our robust integrations platform.

Try it out

Are you using Detectify today? If so, consider trying our new domain connector by logging into the platform and selecting “Connectors” from the configurations menu. If you’re an enterprise customer or have questions about the latest release to domain connectors, contact our support team ([email protected]) to try it out. 

Stay updated with our latest product updates via our blog or our changelog



Source link