Key Points
Check out what's new at Intruder in Q3 2024, including new subdomain and related domain discovery, integrations with Cloudflare, Microsoft Sentinel, and Okta, and how we're helping you better contextualize risk with the exploit prediction scoring system (EPSS). Get the latest updates from VP of Product, Andy Hornegold.
Released in Q3
Subdomain and related domain discovery
Asset discovery is a core component of managing an externally facing attack surface. Subdomain discovery has been released on our Premium plan, with related domain discovery coming very soon! Now you can find subdomains you didn't know were present or were not scanning, and importantly, figure out what's exposed on those subdomains. Read more about subdomain discovery.
.png)
Integrations with Cloudflare, Microsoft Sentinel and Okta
We've strengthened Intruder's list of integrations this quarter. Now you can:
- Connect Intruder with your Cloudflare environment, discovering and protecting more assets on your attack surface.
- Detect, investigate and remediate risk across your attack surface by combining Intruder with Microsoft Sentinel.
- Authenticate users in Intruder quickly and easily with Okta SSO.
Vulnerability and threat prioritization
We have added additional context on the likelihood of exploitation to our issues, enabling you to prioritize the most critical vulnerabilities that present the highest level of risk to your business.
Here's what we've added to the Intruder portal:
- Common Vulnerability Scoring System (CVSS) vector
- Exploit Prediction Scoring System (EPSS) score
- Known Exploited Vulnerabilities (KEV) list
Read more about the update here.
What's next on the roadmap?
In Q4, we will be adding some highly requested features, including:
- Configurable SLAs: You will be able to customize your SLAs based on the unique objectives of your business, while still having Intruder's best practice cyber hygiene score to benchmark and compare your security posture.
- Custom port/service alerting: Create alerts that automatically notify you if an undesired part of your attack surface becomes exposed to the internet, so you can take action and prevent any risk of it being exploited.
Keep an eye on your emails, we're releasing both features later this quarter.
Everything we have built in 2024
We have been working hard this year to build out our attack surface management offering, along with improving on our existing vulnerability management feature set. Check it out:
- Scan settings: Select the scan that best fits your business, choosing between quick and balanced.
- SPA scanning: Scan your single-page applications, and increase the likelihood of finding vulnerabilities.
- AWS Organizations: Sync your assets in AWS at the organization level, and automatically import any newly spun-up assets (Premium feature).
- Web app discovery: Identify when your web apps require an authentication to be fully scanned.
- API identification: Get better coverage and find more issues by identifying APIs in your AWS environment, and adding a schema to them.
- Access controls: Empower your team with advanced access controls and a new 'scan user' role (Premium feature).
- Attack surface view: Find exposed services across your attack surface (Premium feature).
- WAF detection: Find your targets that are blocked by a web application firewall (WAF) and make sure you're scanning them correctly in the process.
- Cloud connections: Discover more of your attack surface with Cloudflare.
Got some ideas?
Are you an existing customer or on a trial with us and have something you want us to add to the roadmap for 2025? Submit a feature request here.
Latest product tour and Q&A available on-demand
You can also watch our recent Office Hours: Product Tour and Q&A session that walks new users through the most important features available in the platform. Discover:
- Key features and how to get set up correctly.
- Tips to be as secure as possible.
- 1:1 Q&A with Support.
New to Intruder? We help 3,000 organizations stay safe every day. Try Intruder free for 14 days.
Andy has a long career in cyber security including a decade in threat simulation and consulting. Career highlights include being the Assurance Regional Lead at one of the UK's leading cyber security consultancies and helping critical national infrastructure providers stay secure. Most recently, Andy was the EU Red Team Operations Lead at Mandiant, building out and leading the security team to deliver high quality intelligence-led threat simulations.
