Resolve exposures and vulnerabilities – Blog Detectify


It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. 

For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation. Additionally, they should be able to follow their security progress in a single tool or have all their security tools seamlessly connect to third-party tools.

An External Attack Surface Management solution should help solve most of the following actions around resolving exposures and vulnerabilities that AppSec and ProdSec teams likely face daily: 

  • Integrating all vulnerability testing tools into a single Vulnerability Management (VM) platform.
  • Coordinating with each vendor to ensure they can integrate into your chosen VM platform.
  • A place to view all vulnerabilities easily if no VM platform is in use. 
  • Avoiding duplication of vulnerabilities in a VM platform.
  • Using an API or webhook to get vulnerability data in a VM platform if necessary.
  • Prioritizing vulnerabilities according to risk tolerance.
  • Validating a vulnerability exists and researching how to fix it before sending it to dev.
  • Following up with developers to ensure a vulnerability can be fixed.
  • If it’s a critical vulnerability, developers have a clear timeline for when they can fix it.
  • Ensuring all scans are running correctly.
  • Resolving any situations where scans aren’t running properly.
  • Knowing when certain assets have a specific vulnerability type and severity rating.
  • Verifying that a vulnerability is allowed per internal security policies.
  • Knowing a vulnerability is fixed and not present in any other systems.

Easily integrate vulnerability data in your preferred VM tools

Here at Detectify, we believe that a best-in-class EASM solution helps users achieve this by easily integrating vulnerability data with dozens of vulnerability management tools and our robust API.

That’s why the Detectify tool is built with flexibility in mind. Our users can connect existing sources of DNS data to Detectify from tools like AWS and GPC through integrations, SDKs, and APIs.

Detectify will also automatically discover assets that might belong to your organization. Every 24 hours, we will test each asset for vulnerabilities and make those findings available through our extensive Integrations platform.

Detectify can also consume DNS data from AWS, GPC, and Azure. We have an integration built for AWS, but we can also support users setting up custom integrations with GPC, Azure, and other tools. This allows us to attribute additional data (e.gIPs, open ports, etc.) and test more of their attack surface with our products, Surface Monitoring and Application Scanning.

Detectify’s integration platform means you can get vulnerability data from our platform into the vast majority of vulnerability management tools, like Tenable and Vulcan (as well as orchestration tools like Jira or ServiceNow).

We also enable teams to manage the tool entirely through our API or execute certain functions via webhooks, like getting updates on vulnerabilities and exposures on a specific asset.

Accelerating vulnerability remediation

Accelerating vulnerability remediation requires AppSec and Prodsec to rigorously assess if a vulnerability is present. Once they can replicate the vulnerability, they must provide developers with actionable remediation guidance.

Detectify reduces the time spent validating and collecting remediation guidance through payload-based testing and gathering tips to resolve vulnerabilities from leading ethical hackers and security researchers.

Resolve exposures and vulnerabilities - Blog Detectify

Detectify tests for CVE’s by sending payloads

Detectify relies heavily on payload-based testing, which means we’re already taking steps to reduce false positives for our users instead of relying on versions (e.g., You are running X version of Y technology, so you might have Z vulnerability). We also provide valuable remediation guidance to our customers so they can reduce friction and accelerate the time it takes to validate and triage a vulnerability finding to developers.

Vulnerability findings include helpful information about how 1) we discovered the vulnerability and 2) guidance on how to remediate the vulnerability. Most vulnerabilities will consist of details such as the request we sent and the response we got, which is a valuable starting point for security teams to validate if a vulnerability is present. Our users can often immediately create tickets for developers to fix due to our accuracy.

The vulnerability view in our UI is immensely customizable to reflect the priorities of your organization. Users can filter their vulnerabilities by vulnerability type, severity score, status, and which asset it affects. A filter can be saved and each saved filter can be exported to make it easier for users to manage remediation with their developer teams.

Resolve exposures and vulnerabilities - Blog Detectify

Prevent vulnerability information overload

These days, security teams can find themselves overloaded with vulnerability information. However, most vulnerabilities are not exploitable or are resolvable through effective patch management.

Detectify makes it possible for users to customize how they work with vulnerability data so they can prioritize the threats that affect their organizations the most.

Detectify crowdsources the latest vulnerabilities from its community of elite ethical hackers and in-house security research team. When a new vulnerability that affects web applications is known online, Detectify can quickly make a test available to its customers, often within hours. 

Resolve exposures and vulnerabilities - Blog Detectify

For the recent Cisco 0-day vulnerability, we quickly released a module for detecting the implant thanks to our in-house security research team

An exposure, such as an unapproved technology or a new hosting provider from a sanctioned geography, can be challenging to spot with existing AppSec tools. Detectify continuously monitors a user’s attack surface and will present recent changes to their attack surface from its in-tool dashboard, such as a new hosting provider that isn’t approved for use.

Detectify replaces the need for users to manually update their attack surface (often through several open-source tools) by enabling users to connect their DNS data to Detectify through AWS Route 53, zone files, SDKs, and an API. Users can also get vulnerability data from custom-built integrations to popular VM and workflow tools.

Helping you get the jobs that you need doing, done

Many existing tools can help users achieve this Job-to-be-Done, but External Attack Surface Management (EASM) solutions can fill the gaps missed by DAST and several other tools in the AppSec tech stack and play a crucial role in securing the expanding attack surface

This Jobs-to-be-Done article has examined how AppSec and ProdSec teams quickly resolve exposures and vulnerabilities that matter the most to them and how Detectify as an EASM solution can help users achieve this job successfully. 

Why not try Detectify with a free 2-week trial, watch a short product demo, or talk to us about how we can help secure your expanding attack surface.

Resolve exposures and vulnerabilities - Blog Detectify



Source link