White shape | Hexiosec Logo

New ASM Features and Improvements | May 2023

Nicola Chapman
1 June 2023
|
4 min Read
|
Nicola Chapman

Introduction

May has been another busy month for the Hexiosec ASM team, with lots of new features and improvements being delivered.

This includes a new report type with more detail on your actions, risks and assets, and “Checks” showing you details of what Hexiosec ASM is checking for.

See what Hexiosec ASM is checking for

One of the reasons companies invest in attack surface management tools is to have peace of mind that their company is being monitored for vulnerabilities.

Hexiosec ASM’s new Checks widget gives you visibility of all the checks that are being carried out against your online assets each time a scan is run.

Checks condensed UI

Against each check, any remediation actions your need to take are listed, helping to highlight the key areas of security you need to improve to reduce your risks. Related checks are grouped together, and the groups can be expanded to list all the checks included.

Checks expanded UI

The expanded view of the checks has also been included in the summary report. This is particularly useful if you’re running scans on behalf of others (e.g. Managed Service Providers), as you can easily provide evidence of what the scan has checked for when sharing the results.

Risks and Actions report

Hexiosec ASM has a new Risks & Actions report type.

The report includes details of all the risks identified in your scan, and the actions that need to be taken to remediate these risks. In addition, it includes lists of all the domains & IP addresses identified by Hexiosec ASM, and the number of Critical, High, Medium and Low risks identified against each one.

This report comes in the form of an Excel spreadsheet, meaning you can format and filter the data in a way that suits you.

Reports download UI

The risks & actions report is available to Premium plan users and above.

Manage the users in your organisation

You can now invite new users to your organisation and remove old users’ access, allowing you to get the most out of the user allocation in your Hexiosec plan.

Invitations can be sent to new users via the “invites” option in your organisation actions menu.

Invite users UI

Simply enter the email addresses for the user(s) you wish to invite, and they will be sent an email inviting them to create a Hexiosec account and join your organisation.

Invites are valid for 7 days, but if your team member doesn’t accept the invite in this period you can simply send them a new invite.

If you create an invite by mistake, you can delete a pending invite.

You can also view your user allocation usage to see how many more user accounts you can create.

Invite screen UI

Once the user has accepted the invite, you will need to add them into the scan groups you wish for them to access.

If an individual has left your business and you want to revoke their access, you can do this using the “x” next to the user in the users menu.

Remove user UI Organisation members with admin or owner roles can create invites and remove users.

Delete seed domains/IPs from a scan

There are a few reasons you may wish to remove a seed domain or IP from a scan, for example:

  • You made a typo or spelling mistake.
  • You want to split up a scan to separate results for different business areas.
  • You accidentally added a domain to the wrong scan.
  • The company being scanned has changed the domain they operate under.

On the Scan Scope widget on the scan overview page, you can remove a seed from a scan. This will remove all data from the scan that relates back to that seed, and its history.

Note if you remove a seed, the given domain or IP could still be found by the scan if it relates back to a seed that is still present.

Scan seed deletion UI

When a seed is deleted, all other history for the remaining scan scope will be retained.

Other improvements

  • We’ve made it clearer what the DKIM checks are checking for and when DKIM risks might not be valid on a scan.
  • When you choose to exclude IP risks from your results or mark a domain as a CDN, Hexiosec will no longer exclude any associated countries from your results.
  • When you create a new scan group, you can now go directly to add users to it, making the process simpler and faster.

New group UI

Coming soon

  • Creating scans via the Hexiosec public API.
  • Improved services and third-party component detection.
About Nicola Chapman
Nicola is the Product Manager for Hexiosec, working closely with the ASM engineers to represent our customers' and users' needs. She has over 10 years product management experience building products to help solve real world problems for businesses.
Nicola Chapman