improved
Attack Surface Management
Creating more visibility of your attack surface
Earlier this year we implemented a new feature which would alert you when your web application firewall (WAF) was blocking our scanners from effectively scanning your targets. While this was great for alerting you to improve the WAF configuration, the target's WAF status was not maintained or kept visible over time.
With this release, we've expanded on this feature to now update the attack surface view to include the WAF status of your targets. This will show whether there is a WAF present, and where possible the WAF provider.
This enhancement to the attack surface view will allow you to:
- Drill down into individual targets, and assess why they are not protected by a WAF
- Check if your environment is experiencing configuration drift away from your expected deployment patterns
- See if critical assets do not have security controls in place (like those outlined in your security policies)