Changelog

Follow up on the latest improvements and updates.

RSS

image
We’ve just launched Cloud Security for AWS. Cloud Security is our agentless exposure detection feature for AWS. It allows anyone with an AWS account on our Pro and Premium plans to continuously find and fix misconfigurations, insecure permissions, exposed secrets, and other vulnerabilities in their AWS accounts and organizations before attackers can exploit them. So you can stop incidents before they start.
Cloud Security uses our existing AWS integrations, so there is no need to install any agents. If you already have an AWS integration with Intruder you will need to update permissions to take advantage of the new functionality. You can enable it in under 5 minutes and start receiving insights immediately.
With the increasing number of attacks on cloud environments, and a constant stream of headline incidents, it is more important than ever for organizations to have a comprehensive security solution in place. Cloud Security expands the coverage that Intruder provides to help you protect your critical assets.
To get started:
  • Go to the Targets page
  • Click
    + Add target
    and choose
    Cloud asset sync
  • Choose
    AWS
    and then either
    Add account
    or
    Add organisation
  • Either use the Cloudformation script to add an AWS IAM role or create one manually (using our step-by-step guide)
  • Once you're complete make sure you tick the
    Run Cloud Security scans
    check box
image
As soon as you enable Cloud Security scans we'll kick-off a scan against your account, and you'll receive your results on your issues page, which you can filter to just display cloud account issues.
image
Previously we only supported finding open ports/services and vulnerabilities on assets that are exposed to the internet in your AWS accounts. The new functionality we've released allows you to find misconfigurations and weaknesses in the AWS account itself. We use the AWS APIs to find weaknesses in things like:
  • Whether people are logging into your AWS root account
  • Users (including admin users) which do not have MFA enabled
  • User accounts which have too many permissions
  • If S3 buckets that are exposed to the internet and are publicly accessible
  • If your AWS Lambda's have hardcoded secrets, or environment variables contain sensitive information
image
Other companies would refer to this as Cloud Security Posture Management (CSPM) but when combined with our continuous asset discovery and active scanning we're calling it Cloud Security.
Managing a cyber security programme is time consuming, with the amount of manual tasks seemingly continuously increasing. One task we noticed our users were handling was logging into the Intruder portal to monitor any unwanted changes in their attack surface by painstakingly reviewing the attack surface page.
To help improve this experience, we've implemented custom attack surface alerts. This feature will enable you to write rules on what matters for you and your team, with an alert being emailed to you if the rule is ever met. For example, you could set up an alert for 'Unwanted opened ports' and have it apply to all targets, with a list of ports applied. If any of your targets are found to have one of those ports open, you and your team will be notified by email.
Create attack surface alert
If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.
Intruder's cyber hygiene score has been a core feature of the portal for years, allowing you to quickly identify whether your team was remediating vulnerabilities within a reasonable timeframe. However, the way this was configured was tied to set of goals preset by Intruder, meaning that you had to fix your critical issues within 7 days, your highs within 30 days, and so on. These goals are based off industry best standards, and we strongly believe in them (honestly, we think everyone should be fixing critical issues quicker than 7 days but we wanted to be reasonable).
Over time we've had many customers request the ability to customise their cyber hygiene goals, perhaps to be a bit more lenient for a smaller team, or stricter for larger teams. With today's release, you can now head to the team settings page and update your goals easily.
Cyber hygiene score settings
If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

improved

Attack Surface Management

Creating more visibility of your attack surface

Earlier this year we implemented a new feature which would alert you when your web application firewall (WAF) was blocking our scanners from effectively scanning your targets. While this was great for alerting you to improve the WAF configuration, the target's WAF status was not maintained or kept visible over time.
With this release, we've expanded on this feature to now update the attack surface view to include the WAF status of your targets. This will show whether there is a WAF present, and where possible the WAF provider.
This enhancement to the attack surface view will allow you to:
  • Drill down into individual targets, and assess why they are not protected by a WAF
  • Check if your environment is experiencing configuration drift away from your expected deployment patterns
  • See if critical assets do not have security controls in place (like those outlined in your security policies)
We've spent a significant amount of time over the past year building up new discovery features to help you keep on top of your ever changing attack surface. As we added new discovery methods, we heard from customers that they needed a quick way of seeing everything in one place.
With this release, we've updated our Discovery page to have new areas for immediate access to:
  • Login detection
  • API detection
This is in combination with dedicated pages for these features, showing the history of login pages and APIs that we have detected for you, and whether they have been acted upon yet.
Discovery 2024
If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.
At Intruder one of our key principles has always been removing distractions and allowing our customers to focus on the things that matter most - much like the way we filter out informational findings as 'Noise', so you're not flooded with vulnerabilities that don't present a security risk.
However, feedback from customers has often been that our scan email can feel a little 'noisy'. Previously, you only had the option to either receive emails when a vulnerability scan completed or not.
With this update, we've changed our scan emails to be more granular. This means you can choose to only receive emails about scans that detect your specified severity level and above. For example, in the below image I have chosen to only receive alerts when a scan completes and detects a high severity issue or above. This is a user specific setting, so you can change your preference without impacting other members of your team.
Email notifications
If you’d like to discuss this update with a member of the product team, or give some feedback, you can do so here.
Last month, we added additional context on the likelihood of exploitation with CVSS, EPSS, and KEV data. With this release we're making it possible to use this data when filtering and prioritizing the Issues list.
image
As part of this change, we've also re-designed the issue page layout to ensure key information is more visible for both issues and occurrences.
With these changes, it will be faster and easier to triage your current issues, providing you with deeper context on the real world risk of a vulnerability in order to determine which issues pose the greatest risk to your business.
If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

new

Premium feature

Attack Surface Management

Securing more of your attack surface through domain discovery

Earlier this year we released our subdomain discovery feature, which allows you to identify subdomains of your existing domains so you can choose whether they should be added as targets and scanned, or potentially taken offline. This feature is fantastic for drilling into your existing target base, but it can't find new domains.
We've expanded on this to now include domain discovery, which will run every time you add a new apex domain to the portal. In the diagram below, we use intruder.io as an example of an apex domain. With domain discovery, we would expect to find domains such as intrudercareers.io rather than just subdomains such as careers.intruder.io.
image
To explore our expanded attack surface discovery feature set, head over to portal.intruder.io/targets/discovery.
Screenshot 2024-10-29 at 08
Intruder's attack surface management features are only available on the Premium plan. If you'd like to trial this plan, please reach out to the team here.
If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.
Premium customers can now use Okta to manage user access to Intruder.
image
Tracking access for all your users across your myriad of SaaS solutions can be a headache. Ensuring that new employees have access to all the tools they need can be a protracted process. Offboarding employees from those same solutions doesn't always happen in a timely manner leaving access open to individuals who are no longer in the company.
You can now use Okta to onboard users to Intruder, to manage their access levels in Intruder, and offboard them quickly and efficiently. Users can also access Intruder directly from your Okta workspace.
image
To get started visit the Integrations page in Intruder, and have a read through our step-by-step guide to get setup.
The Okta integration is currently marked as in beta while we gather user feedback. If you have any feedback please feed it back to our support team using the chat bubble. If you want us to support other authentication providers or have other feature requests click the chat bubble and then "add your voice here".
image

new

Vulnerability Prioritization

Prioritize vulnerabilities with exploit data

When prioritising vulnerabilities, it's important to know which ones are most likely to be exploited by an attacker.
So, we're adding additional context on the likelihood of exploitation to our issues, enabling you to prioritize the
most critical vulnerabilities
that present the
highest level of risk
to your business.
We've added more accurate & valuable vulnerability exploit information to aid your prioritisation efforts, namely:
  1. Common Vulnerability Scoring System (CVSS) vector
  2. Exploit Prediction Scoring System (EPSS) score
  3. Known Exploited Vulnerabilities (KEV) list
Intruder - additional scoring
With these changes, you'll be better equipped when identifying and prioritizing risk across your attack surface. Read about the changes in more detail here.
If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.
Load More