
Introducing Apex Discovery to secure every domain you actually own
Most tools will only test the domains you already know about. We’ve decided that’s not enough. TLDR: Detectify’s new Apex Discovery automatically identifies root domains …
Detectify

Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal Scanning, designed to bring our world-class vulnerability research directly into your private ecosystems. By deploying a lightweight agent within your infrastructure, you can now uncover vulnerabilities that were previously hidden behind your firewall, ensuring that your internal posture is just as resilient as your public-facing one.
How does internal scanning work in practice, and how quickly can you deploy it? In this webinar recap, our Senior Product Manager and resident product expert, Linus Kingfors, sat down to address questions from our customers and community about Internal Scanning and its capabilities, including deployment methods and data handling.
To deploy Internal Scanning in your environment, there are three primary methods, dependent on your environment:
Time to live, depends on many factors, specific to your environment. However, customers who have set up the Internal Scanner have been able to do so within a couple of minutes with the right people and right permissions in place. Similar to all other Detectify products, the setup is smooth.
The data sent back is primarily focused on the vulnerabilities themselves. To provide a clear finding for the user, Detectify requires:
Detectify’s high-fidelity findings, with an accuracy rate of 99.7%, are not just a rough estimate; they’re a calculation based on customer reporting.
We look at all findings produced across our different products and measure how many are reported as False Positives by customers. Because the same test beds are used across various Detectify products, the resulting accuracy calculation closely reflects real-world performance.
A finding is qualified as a true positive when it is organized by the user. Specifically, this includes findings that are:
Not at the moment. However, we are currently experimenting with this, so keep an eye out for it in the future. Sign up for our newsletter to get updates on our products.
Want to learn more about internal scanning?
For more details, check out our deployment documentation and agent specifications or rewatch the full webinar recording.

Most tools will only test the domains you already know about. We’ve decided that’s not enough. TLDR: Detectify’s new Apex Discovery automatically identifies root domains …

We are launching the Detectify MCP Server to deliver real-time vulnerability data and attack surface insights directly into your AI-powered workflows. Built for developers and …