How do you see the current state of security in your organization when security is constantly evolving?
New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable.
AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.
How to define your team’s first Job-to-be-Done
Jobs-to-be-Done (JTBD) is a business framework we’re using to focus product development on aspects that will help our users achieve their goals through a set of ‘Jobs’ that need doing.
Our first Job-to-be-Done (JTBD), “See the current state of security and understand what is exposed and how it has evolved over time”, we know that security teams also need to be able to drill down into specific aspects of their attack surface, such as critical web apps and security policies.
What actions do me and my team need to take for this Job-to-be-Done?
We have outlined specific tasks and actions that we believe you and your team need to complete in order to be successful in achieving this job:
- Get an overview of specific vulnerabilities and exposures with corresponding impact on my attack surface.
- An overview that helps me identify exposures that are worth investigating.
- Access to specific data from vendors, such as Detectify.
- Discover what is exposed on the attack surface in an automated way.
- Know what to prioritize based on the vulnerabilities and exposures you’ve found (e.g. open ports)
Finding the best solution
Many tools in existence can help users achieve this first Job-to-be-Done. External Attack Surface Management (EASM) solutions can fill the gaps missed by DAST and several other tools in the AppSec tech stack and play a crucial role in securing the expanding attack surface.
To be successful with your first JTDB, a best-in-class EASM solution should be able to help you and your team take action on the following:
- What does security look like in my org?
- What is exposed on my attack surface?
- I can easily go from an overview of my attack surface to details about a specific vulnerability.
- If I spot something that needs more investigation, I can go deeper into them within a vendor UI or through a third-party tool.
- I can easily share relevant overviews with my stakeholders, for example, the enterprise security or GRC team.
- I can easily identify which assets are most vulnerable.
- I can see if scanning throughout my attack surface is working as expected.
- See all vulnerabilities and exposures on my apps, especially my critical apps.
- I can see all of the newest vulnerabilities and exposures across my attack surface.
- I know how security has changed across my attack surface to share with leadership.
- I know that we aren’t hosting in regions that aren’t allowed (GDPR, sanctioned countries).
- I know that we are only using approved hosting providers.
- I know that we don’t have SSL certs expiring, which would prevent access to my commercial sites.
What does a best-in-class EASM look like?
Here at Detectify, we believe that a best-in-class EASM solution should focus on aspects of the attack surface that users care about the most: recently discovered vulnerabilities, policy breaches, and assets most vulnerable to attackers.
Our overview page is the starting point for additional action, such as validating and triaging a vulnerability for the dev team to remediate.
Get an overview of your attack surface
The overview page shows:
1) Number of vulnerabilities by severity.
2) Assets with the most vulnerabilities.
3) Assets that have the most severe vulnerabilities.
4) Scans that require your attention.
5) Latest custom policy breaches.
These data can be viewed by “Groups” and by timeframe, such as the last 24 hours, last 7 days, etc.
Surface Monitoring, our product that offers continuous monitoring of known and unknown Internet-facing assets, runs payload based testing on all assets within 24 hours.
In addition to payload based testing, Surface Monitoring is also attributing characteristics like open ports, IPs, DNS record types, and technologies (including version numbers) for each asset.
Users can also drill down into IPs to understand which hosting providers they’re using and where data is being stored based on geography. The IP data can help these users spot potential risks, such as hosting data in a sanctioned country or even an unknown hosting provider.
Application Scanning, our product that runs in-depth and unlimited scans on web applications for deeper coverage, is also configurable to run as frequently as users prefer, making the overview a useful tool to know the state of security in their organization.
Spotting policy breaches with Attack Surface Custom Policies
Surface Monitoring and Application Scanning use our attribution data about an asset in different ways. Those attributes are what makes Attack Surface Custom Policies uniquely useful for the security team. This makes our overview page dynamic and actionable for AppSec teams.
This means that users can set a policy on a specific technology or port, a scope of domains, assign a severity and get alerts on those policy breaches from the overview page.
Helping you get the jobs that you need doing, done
We know that the scope and responsibilities of your role have likely changed over the last few years, but you still have a set of things you need to accomplish and get done that are the most important to you.
This first Jobs-to-be-Done article has examined how AppSec and ProdSec teams can see the current state of security in their organization understand what is exposed and how it has evolved over time, and how Detectify can help achieve this.
Why not try Detectify for yourself with a free 2-week trial, watch a short product demo, or talk to us about how we can help secure your expanding attack surface.