How do I protect my web application and my servers?
Most of the time, security experts are not available to development teams. As a result, development teams are often left behind to only occasionally hire external security consultants. However, Offensity helps you identify security issues early, so you can focus on developing your web application.
With Offensity’s security monitoring solution, your infrastructure is regularly tested and you are notified in case of security gaps and exploits – even before hackers can find and exploit them.
What is included in our cloud solution?
You only have to provide the domain you want us to monitor for you, for instance "example.com". We automatically find the systems that belong to this domain, such as name servers, mail servers and subdomains, for example "admin.example.com".
After your confirmation, we'll get started with automated vulnerability scans. We not only find vulnerabilities, but also warn you against incorrect server configurations, and identify and assess potential risks. Moreover, we warn against expiring security certificates and detect new vulnerabilities in real-time.
We also check whether customers' IP addresses or domains appear on block lists. This helps you identify problems concerning your infrastructure’s availability early on.
Our scraping system detects whether e-mail addresses or passwords are shared via hacker platforms. This data often originates from attacks on compromised websites where you or your employees are registered.
We conduct regular penetration tests. Do we need Offensity?
Manual penetration tests are indispensable for companies facing high security requirements. Nevertheless, these are only snapshots which are also very expensive. With our continuous monitoring of newly occurring security vulnerabilities and easy-to-understand recommendations, we offers the ideal complement for small and medium-sized enterprises.
On average, more than 40 new security vulnerabilities emerge each day. Offensity security monitoring is your continuous control system that raises the alarm when a new vulnerability occurs.
However, if your company faces high security requirements, our recommendation is to complement your annual security checks with Offensity’s continuous security monitoring.
We already use vulnerability scanners. Do we need Offensity?
Vulnerability scanners work "host-centered". This means the user adds the destination (usually IP addresses) and starts the scan manually, or schedules periodic scans. Planning and execution of the scans, as well as the interpretation of the results are complex and require a broad set of skills.
Our security monitoring solution does not focus on hosts alone, but on companies. It will continuously check whether domain names or their corresponding IP addresses change or whether servers are added. Accordingly, we customize our scanning configurations individually.
We perform incremental scans in short intervals so that new entry vectors are detected within a short period of time.
We also facilitate the management of vulnerabilities: emerging vulnerabilities are regularly reviewed. They can be permanently closed as accepted risk or as false positives.
Vulnerability scanners usually also have a narrow scope. There are scanners for networks or for web applications. This makes it necessary for companies to manage their vulnerability management and buy multiple expensive products.
Security monitoring by Offensity combines different types of scanners on a uniform security platform at competitive pricing. Our scans are supplemented by the monitoring of data leaks and block lists.
Are you fixing vulnerabilities in my systems?
Fixing vulnerabilities is not included in our service. We give concrete recommendations on which weaknesses are serious and how they can be remedied. In this way, we help resolve these vulnerabilities as soon as possible by you or one of your external IT service providers.
Feel free to contact us (firstname.lastname@example.org).
How much does Offensity cost?
As a startup, our system is not yet generally available. We currently work with selected companies.