Introduction
With the festive season now upon us, our Hexmas elves have been at it again putting together another bumper packed stocking full of improvements to the Hexiosec ASM platform, ready for you to merrily unwrap, including:
- A cloud connector to ensure complete coverage of your latest cloud assets in Hexiosec ASM.
- Details about who sent an invite to join your organisation, and when.
- Information about when services were last observed.
- Clarification about when services and components you remove will disappear from your scan results in future scans.
- Better visibility of scan usage across an organisation’s scan groups for admins.
In addition to these improvements, there have also been exciting developments over on ASM’s sibling product Hexiosec Transfer, taking the secure transfer of sensitive data to the next level, you can read about these upcoming features in our recent blog. Take a look and discover additional ways you can enhance the layers of security around your organisation, with Hexiosec Transfer to help secure your day-to-day operations alongside Hexiosec ASM to understand your online perimeter and the associated risks found.
Cloud Connector for AWS released
We’re excited to announce the release of the Hexiosec ASM Cloud Connector for AWS. This new integration brings automated visibility of your cloud assets directly in your ASM scan. Support for other major cloud providers is also in development with Google Cloud (GCP) coming in early December and Microsoft Azure following soon after.
Why is direct visibility of cloud assets important?
Your cloud environment changes every day. New services spin up, configurations shift, and unintentional public exposures appear without warning. The Hexiosec ASM Cloud Connector extends ASM’s outside-in discovery with an inside-out view of your cloud assets, by securely enumerating your cloud infrastructure, it identifies external-facing resources - such as domains and IP addresses - and adds them as seeds to your ASM scan. Hexiosec ASM can then fully evaluate these as it would any other discovered asset.
How to integrate with Cloud Connector?
The AWS cloud connector is fully open-source and available now on GitHub. Explore the code, review the documentation, and start integrating it into your environment today:
View our Cloud Connector on GitHub
See who creates invites - and when
With use of Hexiosec ASM always growing amongst teams, and new members being invited to join ASM by their colleagues to view and contribute to scan results, it is sometimes useful for account admins and owners to identify which team members are actively inviting their colleagues to join ASM.
As a result of feedback from our users, we have added additional columns to the organisation’s Invites page so account admins and owners can see who raised or updated a pending invite, and when it was created or updated.
Services now show their last observed date
When you view a service on the Services page, a new column will indicate when that service was Last Observed against the specific domain or IP address. For many services this will be when your scan last ran and Hexiosec ASM observed the service.
We do also use external sources to gather infrastructure details, especially for services running on IP addresses and non-standard web ports. In this instance the value will indicate when the external source Last Observed the service, which may be a date prior to the latest scan. This is helpful to indicate why a change you’ve made may not yet be reflected in your scan results, for more on that, see the next section…
Clarification of service and component removal
If you have removed an insecure service or component from you infrastructure, its removal may not be reflected as an immediate de-listing from your scan results the next time your scan runs, as history of that item will exist for a while at our external sources. These can usually be identified via an older last observed date than the latest run of your scan.
To help with this, we have added clarification to these results to the relevant service and component explore pages, with the addition of the exact date in the future they will be removed from your scan results if they continue to not be observed in future runs of your scan.
We have also updated associated risk descriptions to further clarify how Hexiosec ASM uses external sources of data in the identification of the given risk. This helps identify and understand which risks may still be shown during this observation period.
View of all scans in usage page
Finally, one for the Hexiosec ASM administrators amongst you.
Many of our users have multiple members of their team, creating and managing the creation of their scans within a single Hexiosec ASM account. It usually isn’t necessary for administrators to have direct access to or notifications of all these scan groups, but it can be helpful to have a single view of all account activity.
The Hexiosec ASM app already includes a Usage view for your account, which includes information such as scan and rescan credit usage, scan limits, and seeds used. We’ve now updated the Usage page to include a ‘Scans’ view, which provides a list of all the scans within your account. This list includes the detail of who created the scan, which group it is in, as well as other key information.
We hope this will help our users manage their scans usage and provide better overall account visibility.
Coming soon
As always, we have many more great features in the works, including:
- Mail security checks: We’re working on some improvements to our mail security checks, including MTA-STS checks.
- Security.txt checks- Hexiosec ASM will check for the existence of ‘security.txt’ files, which are recommended to help security researches report issues.
If there are other features you’d love to see in Hexiosec ASM, or Hexiosec Transfer (our true end-to-end encrypted file transfer app), please let us know.
Related Posts
