2022年11月17日,

美通社斯德哥爾摩,2022年11月17日,Detectify,從外部攻擊表麵管理平台由精英道德黑客,今天宣布自定義政策概述,一個新工具允許組織快速、輕鬆地執行自定義安全策略在整個攻擊表麵,改善安全姿勢的速度。自動化解決方案使得組織能夠為所有資產可定製的政策根據各種業務條件,發現違反公司政策和修正這些關鍵的漏洞之前,他們變得可利用的。廣告廣告每個組織都有自己的安全工作流和不同的標準來確定可接受的風險。確保一個組織的外部攻擊表麵堅持特定的內部安全政策不過是一個重大的挑戰。大多數攻擊表麵管理解決方案使用放之四海而皆準的方法,隻觸發警報,如果他們確定公開披露與分配CVE漏洞的分數。不幸的是,由於許多關鍵漏洞從來沒有接受CVE分數,隻有測試公開披露漏洞是一個不完整的方法,使業務脆弱。此外組織經常添加資產或技術攻擊表麵沒有提醒安全團隊,消除任何保證資產符合公司安全標準。這導致政策漏洞,可以去未被發現的幾天,幾個月,甚至幾年,代表巨大的業務風險。“轉移”,引入安全測試前,是一種常見的解決方案,許多DevSecOps團隊嚐試為了抓住漏洞預生產。然而,Detectify研究表明為什麼這種方法不可行的組織與大,動態攻擊表麵:它假設一個線性開發過程很少有公司——41%的受訪企業認為將離開是不可行的,另有58%的人認為它隻能應用於特定的實例。 While shift left only introduces minutes into the development process, it can take hours to resolve severe vulnerabilities in production, thereby increasing the risk associated with the vulnerabilities that make it through development. It forces organizations to rely upon public rating systems and disclosure processes (e.g. CVSS and CVE) for prioritization. However 35% of the vulnerabilities reviewed by Detectify's private network of ethical hackers did not have a CVE assigned. Custom Policies Overview gives security teams the ability to create customizable policies that automatically identify violations of corporate policies as soon as they are brought online. Many security companies offer rigid solutions, forcing customers to choose from a menu of pre-set conditions that often do not apply to their business. Detectify is the only vendor that allows security teams to run policies on security headers at scale, automatically identify open ports that, according to company policy, should be closed, and more. Custom Policies Overview is truly custom, built upon rules that customers define for themselves based upon their own business context. AD AD "Security is not one-size fits all," said Rickard Carlsson, CEO and Co-Founder, Detectify. "No one has an entirely linear development process, and every organization has a different definition of acceptable risk. Security teams need to apply their own unique security policies for corporate assets based upon business context. Doing this manually is time intensive and not scalable, leading to bottlenecks. Custom Policies Overview allows security teams to enforce security best practices without slowing down critical business operations." Using an "IF-THEN" structure, Detectify brings visibility back to security teams, providing real-time insight into anomalies in production before they become risks even if security was not part of the development process, allowing security to enforce security best practices without becoming gatekeepers. Custom Policies Overview is available now. For further information visit detectify.com/attack-surface-custom-policies About Detectify Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it's too late. Go hack yourself: detectify.com Media Contact