Managing a cyber security programme is time consuming, with the amount of manual tasks seemingly continuously increasing. One task we noticed our users were handling was logging into the Intruder portal to monitor any unwanted changes in their attack surface by painstakingly reviewing the attack surface page.

To help improve this experience, we've implemented custom attack surface alerts. This feature will enable you to write rules on what matters for you and your team, with an alert being emailed to you if the rule is ever met. For example, you could set up an alert for 'Unwanted opened ports' and have it apply to all targets, with a list of ports applied. If any of your targets are found to have one of those ports open, you and your team will be notified by email.

If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

Intruder's cyber hygiene score has been a core feature of the portal for years, allowing you to quickly identify whether your team was remediating vulnerabilities within a reasonable timeframe. However, the way this was configured was tied to set of goals preset by Intruder, meaning that you had to fix your critical issues within 7 days, your highs within 30 days, and so on. These goals are based off industry best standards, and we strongly believe in them (honestly, we think everyone should be fixing critical issues quicker than 7 days but we wanted to be reasonable).

Over time we've had many customers request the ability to customise their cyber hygiene goals, perhaps to be a bit more lenient for a smaller team, or stricter for larger teams. With today's release, you can now head to the team settings page and update your goals easily.

If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

Earlier this year we implemented a new feature which would alert you when your web application firewall (WAF) was blocking our scanners from effectively scanning your targets. While this was great for alerting you to improve the WAF configuration, the target's WAF status was not maintained or kept visible over time.

With this release, we've expanded on this feature to now update the attack surface view to include the WAF status of your targets. This will show whether there is a WAF present, and where possible the WAF provider.

This enhancement to the attack surface view will allow you to:

We've spent a significant amount of time over the past year building up new discovery features to help you keep on top of your ever changing attack surface. As we added new discovery methods, we heard from customers that they needed a quick way of seeing everything in one place.

With this release, we've updated our Discovery page to have new areas for immediate access to:

This is in combination with dedicated pages for these features, showing the history of login pages and APIs that we have detected for you, and whether they have been acted upon yet.

If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

At Intruder one of our key principles has always been removing distractions and allowing our customers to focus on the things that matter most - much like the way we filter out informational findings as 'Noise', so you're not flooded with vulnerabilities that don't present a security risk.

However, feedback from customers has often been that our scan email can feel a little 'noisy'. Previously, you only had the option to either receive emails when a vulnerability scan completed or not.

With this update, we've changed our scan emails to be more granular. This means you can choose to only receive emails about scans that detect your specified severity level and above. For example, in the below image I have chosen to only receive alerts when a scan completes and detects a high severity issue or above. This is a user specific setting, so you can change your preference without impacting other members of your team.

If you’d like to discuss this update with a member of the product team, or give some feedback, you can do so here.

Last month, we added additional context on the likelihood of exploitation with CVSS, EPSS, and KEV data. With this release we're making it possible to use this data when filtering and prioritizing the Issues list.

As part of this change, we've also re-designed the issue page layout to ensure key information is more visible for both issues and occurrences.

With these changes, it will be faster and easier to triage your current issues, providing you with deeper context on the real world risk of a vulnerability in order to determine which issues pose the greatest risk to your business.

If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

Earlier this year we released our subdomain discovery feature, which allows you to identify subdomains of your existing domains so you can choose whether they should be added as targets and scanned, or potentially taken offline. This feature is fantastic for drilling into your existing target base, but it can't find new domains.

We've expanded on this to now include domain discovery, which will run every time you add a new apex domain to the portal. In the diagram below, we use intruder.io as an example of an apex domain. With domain discovery, we would expect to find domains such as intrudercareers.io rather than just subdomains such as careers.intruder.io.

To explore our expanded attack surface discovery feature set, head over to portal.intruder.io/targets/discovery.

Intruder's attack surface management features are only available on the Premium plan. If you'd like to trial this plan, please reach out to the team here.

If you’d like to discuss this feature with a member of the product team, or give some feedback, you can do so here.

Premium customers can now use Okta to manage user access to Intruder.

Tracking access for all your users across your myriad of SaaS solutions can be a headache. Ensuring that new employees have access to all the tools they need can be a protracted process. Offboarding employees from those same solutions doesn't always happen in a timely manner leaving access open to individuals who are no longer in the company.

You can now use Okta to onboard users to Intruder, to manage their access levels in Intruder, and offboard them quickly and efficiently. Users can also access Intruder directly from your Okta workspace.

To get started visit the Integrations page in Intruder, and have a read through our step-by-step guide to get setup.

The Okta integration is currently marked as in beta while we gather user feedback. If you have any feedback please feed it back to our support team using the chat bubble. If you want us to support other authentication providers or have other feature requests click the chat bubble and then "add your voice here".

When prioritising vulnerabilities, it's important to know which ones are most likely to be exploited by an attacker.

So, we're adding additional context on the likelihood of exploitation to our issues, enabling you to prioritize the that present the to your business.

We've added more accurate & valuable vulnerability exploit information to aid your prioritisation efforts, namely:

With these changes, you'll be better equipped when identifying and prioritizing risk across your attack surface. Read about the changes in more detail here.

If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.

We’ve just released the most requested integration for a security information and event management (SIEM) solution that we have received; Microsoft Sentinel.

By combining Intruder with Microsoft Sentinel you can more effectively detect, investigate and remediate risk that appears across your attack surface. Combined with our cloud sync and auto-scanning functionality, you’ll never miss a beat. When your attack surface changes - you’ll be informed of any risks immediately.

Enrich your Sentinel activities, alerts and automations, using vulnerability information from Intruder.

If you’d like to discuss this further with a member of the product team, or give some feedback, you can do so here.