In November, we made several big updates that make it even easier to use TrustedSite Security and manage your attack surface.
Introducing Issues, an improved system for managing risks and vulnerabilities
To secure your attack surface, you need to ensure that all avenues leading to your data are sealed off to threat actors. It’s a huge challenge to keep track of every possible attack vector, especially if your organization has dozens of websites.
With our new Issues feature, we’ve made that task simpler by consolidating all vulnerabilities and risks into one section of the dashboard. If there’s anything on your attack surface that’s posing risk to your organization, it will be reported to you as an issue.
Managing issues is now even simpler, too. Any issue can be assigned to any member of your team so that you can keep track of who’s working on what. As an issue is worked on, its status can be updated, allowing your team to all be on the same page about what’s being done and what still needs to be accomplished.
In addition, we’ve expanded the ways you can create exceptions for issues. If you’re okay with an issue for now, you can set it as an expiring acceptable risk and get back to it later. Or, if you believe an issue is not a risk at all, you can mark it as a false positive. This can be done across your account or on specific targets.
You can make these changes on the newly redesigned issue detail page, which now makes it easier to get to the target-level or instance-level detail. The issue detail page also includes improved descriptions and solutions to help make remediation even easier.
To review all issues in your account at a glance, head to the new Issues overview page where you’ll see them broken down by severity, status, and assignee, along with a list of the highest risk issues.
Updates to the risk scoring system simplify and streamline how it works
We’ve simplified the risk scoring system to make it easier to understand and interpret your risk scores. Issues are now rated on a 0-5 severity scale, with each level adding a certain number of points to your risk score. Severity 0 issues are non-exploitable issues that were previously labeled as informational disclosures and equal 0 points, while severity 5 issues equal 600 points. We removed the time-based element from risk scores to simplify calculations. Additionally, we added a new issue detection when Cloudflare blocks our scanner from accessing your sites.
Here are a few more updates we made in November:
- We improved the Compare Scans reports to make it easier to see what changed between scans.
- You can now bulk select targets and apply that selection as a global filter.
- We've improved the current scans report to better monitor scans-in-progress.
Questions about this update? Want to suggest a new feature? Reach out to your account rep to let them know!