Introduction
This month we’ve added improvements to Hexiosec ASM, to help you gain more insights into scan results, and to check the security of your own Hexiosec ASM users.
In this blog we’ll describe how you can now see which of your Hexiosec ASM user accounts have MFA enabled, and how an update to the certificates widget allows you to list which certificates have expired.
Visibility of certificate expiry
An expired TLS certificate or one nearing expiry can impact the security of the domains it is securing, and to protect people browsing the web, most modern browsers will stop users accessing websites which have expired certificates.
Hexiosec ASM will already find and extract details on TLS certificates found in scan results. This includes the validation dates, when a certificate is valid from and when it is valid to. Hexiosec ASM already raises a risk for any discovered certificates which have expired.
To make it even easier to identify all the expired certificates or those which are nearing expiry, we’ve made a change to the Certificates widget on the Overview page. This widget now includes the expiry date for all found certificates, which you can sort on, allowing you to quickly see those certificates which may be at risk.
User MFA status
When following any guidance on securing online user accounts, enabling MFA is always at the top of the list, and for this reason we’ve supported MFA in Hexiosec ASM from day zero. To help you audit which of your users have MFA enabled, we’ve updated the user management page, to clearly show which users have MFA enabled, and which don’t. Allowing you to take any steps to follow your own security practices.
User MFA status is available to any user in the organisation roles, Owner, Admin or Manager, those which are used to manage user access and which can view an organisation’s users page.
You can also filter the user list of MFA status, allowing you to quickly see all users without MFA enabled.
Coming soon
- Increased visibility and control over Apache risks, which may have been resolved by backports