How does Offensity work?
You tell us your domain, for example: "example.com". We automatically find the systems belonging to this domain, such as name servers, mail servers, and subdomains, for example: "admin.example.com".
After your approval, we will start automated vulnerability scans. We find vulnerabilities and warn about faulty server configurations, highlight potential risks, and assess them. We warn about expiring security certificates and detect new vulnerabilities in real time.
In addition, we check whether your IP addresses or domains appear on blocklists, which allows you to identify availability problems at an early stage.
A dedicated monitoring system detects if email addresses or passwords are shared on relevant websites. These mainly originate from attacks on other websites where you or your employees have accounts.
What kind of scans do you perform?
We perform an array of security scans. We start with the search for new subdomains and perform full-port scans with service detection. Depending on the services found, we continue the scans with service-specific modules, such as testing weak usernames and passwords (e.g., for ssh, telnet, etc.), web vulnerabilities (such as SQL injections, XSS, etc.), or exploiting vulnerabilities in mail systems.
Additionally, we check other potential risks such as IP addresses and subdomains for blocklists, subdomain takeovers, data leaks, and more.
Do you also scan our internal infrastructure?
External systems are accessible to everyone 24/7. This poses an enormous risk if the systems are vulnerable. Following a risk-based approach, internal systems are currently not in the scope of our audits.
We perform penetration tests regularly. Do we need Offensity?
Manual penetration tests are essential when security requirements are high. Nevertheless, these represent only snapshots and are very expensive. Offensity offers the optimal complement for companies with its ongoing monitoring of emerging security vulnerabilities and easy-to-understand recommendations.
On average, more than 40 security vulnerabilities become known every day. Offensity Security Monitoring is your continuous control system that sounds the alarm when a new vulnerability appears.
For high-security requirements, our recommendation is to supplement Offensity with regular, manually performed security checks.
We have a vulnerability scanner in place. Do we need Offensity?
Standard vulnerability scanners work in a "system-centric" way. The operator defines the target (usually IP addresses), starts the scan manually, or defines a schedule for regular scans. Planning and executing the scans and interpreting the results are complex and require a wide range of expertise.
Our security monitoring solution focuses not on systems but companies. We regularly check whether domain names or IP addresses change or whether we can detect adjustments to email and name servers. Accordingly, we adapt our scanning configurations individually.
We perform incremental scans at short intervals. Therefore, finding new entry vectors within a short time.
Vulnerabilities, once discovered, will be rechecked regularly. You can permanently close issues as accepted risks or false positives.
Some vulnerability scanners help with specific use cases. For example, there are scanners for networks or web applications. This makes it necessary for companies that handle their vulnerability management to buy several products at a high price.
Security monitoring from Offensity combines different scanners. Furthermore, data leakage monitoring and blocklists complement our security scans.
Can our servers crash because of the vulnerability scan?
Vulnerability scanners always generate some server load. We try to achieve a good balance between fast scans and a reasonable workload on the target systems. For example, our full-port scan runs at an average of one SYN packet per second per IP address, which means that a full scan (UDP and TCP) takes about 1.5 days. In the web domain, our goal is to send a maximum of 10 packets per second per subdomain at any given time.
Our experience shows that most systems cope very well with the server load we generate.
Are you fixing vulnerabilities in my systems?
Fixing vulnerabilities is not included in our service. We give concrete recommendations on which vulnerabilities are serious and how you can fix them.
You are also welcome to contact us (firstname.lastname@example.org).