Customers often tell us of instances where someone in their team spins up a new machine that isn’t using an approved geolocation, or that they see an unexpected spike in hosting from a particular country. These anomalies can put an organization at risk, especially since they are difficult to spot in an automated way.
Our new IP view offers another point of view on the expanding attack surface
It’s not uncommon that we hear from customers that someone spins up a new machine that isn’t using an approved geolocation or even a sudden spike in hosting from an approved country. These sorts of anomalies can put an organization at risk, especially since they are difficult to spot in an automated way. Therefore, having an easy way to keep track of them is critical.
How does this help security teams?
- You have a large attack surface and realize an asset in your organization is being hosted by Rackspace, which isn’t an approved vendor. Detectify’s IP view shows you all service providers that you’re using in a single view, which can help you determine if there are providers that aren’t approved.
- Your organization operates in a highly regulated environment, making it critical to know where certain customer data is hosted. With this new feature, you can see which assets are hosting data in what countries.
30% of our customers are leveraging more than 5 service providers
With Detectify’s new IP view, customers can now see a complete list of all IPs they are pointing to across their entire attack surface. For each IP, we show what 1) hosting provider is used, 2) which country they are located, and 3) the ASN they have.
In addition to the above, we will also show both IPv4 and IPv6 addresses. In fact, we’ve learned that 73% of our customers are using Ipv6 addresses which reflects how quickly our customers’ digital footprint is expanding.
In order to help security teams spot anomalies quickly and communicate the state of their attack surface efficiently, we will include charts on the IP page that visualize key details about the state of your attack surface.
Additional product updates:
- We’ve improved the performance of the “All assets” view so that assets load faster. We’ve made this possible by archiving assets that have seen no activity within the last 30 days.
- To ensure that customers’ systems recognize HTTP requests from Detectify during monitoring and testing, they can now add custom headers in their Surface Monitoring settings. This will also make it possible for customers that previously were unable to recognize Detectify requests to allow them and be monitored.
- The “Endpoint” column on the Application Scanning page has been renamed to “Asset” to reduce confusion in the tool. Now, when you click on the “Asset,” you will be taken to the “Asset Details” page that gives you more information about the asset.
Recently added crowdsourced vulnerabilities
Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.
- CVE-2021-44138: Caucho Resin Path Traversal
- CVE-2022-4057: Autoptimize Information Disclosure
- CVE-2023-27482: Home Assistant Authentication Bypass
- CVE-2023-29298: Adobe ColdFusion Improper Access Control
- CVE-2023-33568: Dolibarr Unauthenticated Database Access
- CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass
- Grav CMS Install Exposure
- Nuxt.js Dev Mode Path Traversal
- OpenMediaVault Default Credentials