Introduction
January — the month when things are supposed to calm down after the Christmas hustle and bustle? Not for us.
Alongside Hexiosec ASM’s new features we’re excited to share this month, we’ve also welcomed a film crew into the office for a behind-the-scenes look at Hexiosec. Stay tuned for upcoming videos where you’ll get insights into our environment and meet members of the team, including our Engineering Team Lead, Lauren Palmer.
We’re also proud to announce that Hexiosec has been selected as one of 13 companies to work with the UK government’s Department for Science, Innovation and Technology (DSIT) as part of the Software Security Ambassadors Scheme — alongside organisations including including Cisco, Sage, Accenture, NCC Group, and Nexor.
For us, secure design and development has always been fundamental to our SaaS products, including ASM. We’re committed to building software with security embedded from day one. We’re proud to have been selected in recognition of our track record, and we look forward to helping drive adoption of the Software Security Code of Practice and raising standards across the industry.
This month’s ASM updates include:
- Additional MTA-STS privacy checks for email configuration
- Cloud Connector support is now available across AWS, Azure and GCP
- Expanded Web Presence screenshots for improved visibility
- Clearer visibility on a risk’s Explore page into which assets each risk applies to
Additional MTA-STS email privacy checks
ASM now includes an extra check when analysing your email configuration, in addition to SPF, DKIM, and DMARC. These existing protocols verify that emails sent from your domain are legitimate and help prevent email spoofing.
The new MTA-STS check ensures that emails sent to your domain are transmitted securely over TLS, protecting them from interception or downgrade attacks during delivery.
On your scan’s Overview page, the checks widget now shows whether your MTA-STS configuration is set up correctly under Mail Configuration.
Many public sector organisations have relied on the National Cyber Security Centre’s (NCSC) Mail Check tool for monitoring their email security. However, this service is due to be decommissioned on 31 March 2026. As the service draws to a close, the NCSC is urging organisations to adopt commercial External Attack Surface Management (EASM) solutions. Hexiosec has been working with the NCSC on its Active Cyber Defence 2.0 programme, ensuring that Hexiosec ASM not only provides a comprehensive alternative but also delivers broader protection for your online infrastructure.
Look at our feature focused Privacy Checks for Email Configuration in Hexiosec ASM blog for more information.
Cloud Connector: Now supporting GCP and Azure
In November, we shared that Hexiosec ASM Cloud Connector was released for AWS integration. We’re now delighted to announce that it can also integrate with GCP and Microsoft Azure.
Hexiosec ASM Cloud Connector scans your cloud instances for resources exposed to the internet and adds them to your ASM scans, giving you visibility of assets that might otherwise go unnoticed.
To illustrate its importance, consider a real-world scenario: a large cloud infrastructure company employed contractors who were creating resources the IT team wasn’t aware of. One contractor left a VM running Android debug software with multiple open ports. For months, neither the IT team nor the contractors realised it was actively being accessed by third parties. Fortunately, in this case, no sensitive information was exposed and it wasn’t connected to other systems — but what if it had been?
Hexiosec ASM Cloud Connector would have detected this VM and included it in the scan results, giving the IT team and contractors the visibility needed to act quickly. It finds resources that aren’t directly attributed to you, like a random EC2 instance’s public IP, helping prevent incidents like this before they escalate.
Hexiosec ASM Cloud Connector is fully open-source and available on GitHub. Explore the code, review the documentation, and start integrating it into your environment today.
View our Cloud Connector on GitHub
Web Presence expanded screenshots
A scan’s Web Presence page shows screenshots of the URLs ASM detects across your infrastructure.
You can now expand any screenshot with a single click to view it on the entire page. This makes it easier to analyse pages in detail and quickly spot issues.
Risk Explore page description
You can view your scan’s risks on the Risks page, which lists all instances of a risk along with the assets they affect.
To focus on a single risk in more detail, you can open its Explore page. This page shows detailed information about the risk, and as you scroll down, you can see which assets are affected and how they relate to your seed.
To make it clearer that a risk’s Explore page can apply to multiple assets, there is now a description at the top of the page indicating the number of affected assets. For example: “The risk relates to 67 services.”
Coming soon
As always, we have many more exciting features in the works, including:
-
Security.txt checks- Hexiosec ASM will check for the presence of ‘security.txt’ and ‘robots.txt’ files, which are recommended to help security researchers report issues.
-
Tags- When a scan produces a large number of results, it can be challenging to manage them all. Hexiosec ASM will allow users to add tags to results, making it easier to filter and focus on the most important items.
-
Adding more context to risk descriptions- Hexiosec will provide additional context in risk descriptions, tailored to the specific asset the risk has been raised on.
If there are other features you’d love to see in Hexiosec ASM, or Hexiosec Transfer (our true end-to-end encrypted file transfer app), please let us know.
Related Posts
