Back to Website
  1. Knowledge Base
  2. How to use Detectify
  3. Attack Surface Policies

Attack Surface Policies

Alexander Matsson
Modified on: Fri, 30 Aug, 2024 at 1:10 PM

Introduction

Not everything on the attack surface is an outright vulnerability. Each organization has their own security workflows and criteria on what is an acceptable risk in their business context. The challenge for many security teams is: how do you ensure that your attack surface is adhering to these internal policies? This is doubly challenging as the attack surface is messy and constantly evolving.


Security teams in today’s organizations are enablers, not gatekeepers. New assets and technologies added to an organization’s attack surface get there without the security team ever being aware. However, they are still accountable for ensuring these assets are secured. This lack of insight creates many policy breaches that go unnoticed for months, sometimes even years. This is why our customers use Attack Surface Policies to bring visibility back to the security team and alert them as soon as an asset does not comply.


How to create your first policy

Policies are designed to fit right into your normal Detectify workflow. When you are applying filters to the Domains table, you can immediately create a policy to keep track of all observations in the currently applied filter. We call these observations policy breaches. More importantly, any new breaches will be monitored and visible to you. This allows you to ensure that, as soon as you find something on the Domains page that you want to monitor going forward, create a policy for it and be sure that you stay up to date on what happens with the current breaches, as well as any future breaches.



When you have found a filter that shows instances of findings that you think are breaching a particular policy (or is something you want to ensure that you monitor going forward), click the "Create policy" button at the top of your page just below the filters you have applied. You can monitor policies even if there are no breaches currently on your attack surface. Like the case below where the RDP port 3389 is currently not open anywhere on the attack surface but you want to monitor if that changes in the future.



Examples of what types of policies can be created

We have collected some guides for and examples of what types of policies can be created. Only your imagination is the limit but here are some things to get you started:






© 2024 detectify | Go hack yourself.