EU Regulating InfoSec: How Detectify helps achieving NIS 2 and DORA compliance
**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …
Charlotte Kerridge
How do you see the current state of security in your organization when security is constantly evolving?
New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable.
AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.
Jobs-to-be-Done (JTBD) is a business framework we’re using to focus product development on aspects that will help our users achieve their goals through a set of ‘Jobs’ that need doing.
With the Job-to-be-Done (JTBD), “See the current state of security and understand what is exposed and how it has evolved over time”, we know that security teams also need to be able to drill down into specific aspects of their attack surface, such as critical web apps and security policies.
We have outlined specific tasks and actions that we believe you and your team need to complete in order to be successful in achieving this job:
Many tools in existence can help users achieve this Job-to-be-Done. External Attack Surface Management (EASM) solutions can fill the gaps missed by DAST and several other tools in the AppSec tech stack and play a crucial role in securing the expanding attack surface.
To be successful with this JTDB, a best-in-class EASM solution should be able to help you and your team take action on the following:
Here at Detectify, we believe that a best-in-class EASM solution should focus on aspects of the attack surface that users care about the most: recently discovered vulnerabilities, policy breaches, and assets most vulnerable to attackers.
Our overview page is the starting point for additional action, such as validating and triaging a vulnerability for the dev team to remediate.
The overview page shows:
1) Number of vulnerabilities by severity.
2) Assets with the most vulnerabilities.
3) Assets that have the most severe vulnerabilities.
4) Scans that require your attention.
5) Latest custom policy breaches.
These data can be viewed by “Groups” and by timeframe, such as the last 24 hours, last 7 days, etc.
Surface Monitoring, our product that offers continuous monitoring of known and unknown Internet-facing assets, runs payload based testing on all assets within 24 hours.
In addition to payload based testing, Surface Monitoring is also attributing characteristics like open ports, IPs, DNS record types, and technologies (including version numbers) for each asset.
Users can also drill down into IPs to understand which hosting providers they’re using and where data is being stored based on geography. The IP data can help these users spot potential risks, such as hosting data in a sanctioned country or even an unknown hosting provider.
Application Scanning, our product that runs in-depth and unlimited scans on web applications for deeper coverage, is also configurable to run as frequently as users prefer, making the overview a useful tool to know the state of security in their organization.
Surface Monitoring and Application Scanning use our attribution data about an asset in different ways. Those attributes are what makes Attack Surface Custom Policies uniquely useful for the security team. This makes our overview page dynamic and actionable for AppSec teams.
This means that users can set a policy on a specific technology or port, a scope of domains, assign a severity and get alerts on those policy breaches from the overview page.
We know that the scope and responsibilities of your role have likely changed over the last few years, but you still have a set of things you need to accomplish and get done that are the most important to you.
This Jobs-to-be-Done article has examined how AppSec and ProdSec teams can see the current state of security in their organization understand what is exposed and how it has evolved over time, and how Detectify can help achieve this.
Why not try Detectify for yourself with a free 2-week trial, watch a short product demo, or talk to us about how we can help secure your expanding attack surface.
**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …
TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify …