Detectify Launches New Custom Policies Overview for Improved External Attack Surface Management

Detectify Launches New Custom Policies Overview for Improved External Attack Surface Management

Detectify, the External Attack Surface Management platform powered by elite ethical hackers, announced Custom Policies Overview, a new tool allowing organizations to quickly and easily enforce custom security policies across the entire attack surface, improving security postures at the speed of business. The automated solution enables organizations to set customizable policies for every asset based on various business conditions, discovering violations of corporate policies and remediating critical vulnerabilities before they become exploitable.

Every organization has its own security workflows and different criteria for determining acceptable risk. Ensuring an organization’s external attack surface adheres to specific internal security policies however is a major challenge. Most attack surface management solutions use one-size-fits-all approaches, only triggering alerts if they identify publicly disclosed vulnerabilities with assigned CVE scores. Unfortunately, since many critical vulnerabilities never receive CVE scores, only testing for publicly disclosed vulnerabilities is an incomplete approach that leaves the business vulnerable. Furthermore organizations often add assets or technologies to the attack surface without ever alerting the security team, eliminating any guarantee that the assets meet corporate security standards. This leads to policy breaches that can go undetected for days, months, or even years, representing massive risk to the business.

Marketing Technology News: MarTech Interview with Bogdan Carlescu, VP of Marketing at Creatopy

“Shifting left,” and introducing security testing earlier, is a common solution that many DevSecOps teams attempt in an effort to catch vulnerabilities pre-production. However, Detectify research shows why this approach is not feasible for organizations with large, dynamic attack surfaces:

  • It assumes a linear development process which few companies have – 41% of companies surveyed believe shifting left is not feasible and a further 58% believe it can only be applied in specific instances.
  • While shift left only introduces minutes into the development process, it can take hours to resolve severe vulnerabilities in production, thereby increasing the risk associated with the vulnerabilities that make it through development.
  • It forces organizations to rely upon public rating systems and disclosure processes (e.g. CVSS and CVE)  for prioritization. However 35% of the vulnerabilities reviewed by Detectify’s private network of ethical hackers did not have a CVE assigned.

Custom Policies Overview gives security teams the ability to create customizable policies that automatically identify violations of corporate policies as soon as they are brought online. Many security companies offer rigid solutions, forcing customers to choose from a menu of pre-set conditions that often do not apply to their business. Detectify is the only vendor that allows security teams to run policies on security headers at scale, automatically identify open ports that, according to company policy, should be closed, and more. Custom Policies Overview is truly custom, built upon rules that customers define for themselves based upon their own business context.

“Security is not one-size fits all,” said Rickard Carlsson, CEO and Co-Founder, Detectify. “No one has an entirely linear development process, and every organization has a different definition of acceptable risk. Security teams need to apply their own unique security policies for corporate assets based upon business context. Doing this manually is time intensive and not scalable, leading to bottlenecks. Custom Policies Overview allows security teams to enforce security best practices without slowing down critical business operations.”

Using an “IF-THEN” structure, Detectify brings visibility back to security teams, providing real-time insight into anomalies in production before they become risks even if security was not part of the development process, allowing security to enforce security best practices without becoming gatekeepers.

Marketing Technology News: Privacy Regulation Calls for Industry Collaboration and Establishing Standards

Picture of PRNewswire

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to- end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You Might Also Like