Security is becoming very complex these days and there’s no way for a company or a sysadmin/devops team to keep up with everything that is changing. And even if you know what to look for you don’t always have time or the resources to do so and a platform that can monitor all this is very important to any company especially if it’s done right. Right being the key word here because there are solutions out there that offer a “sense of security” by scanning your website for past vulnerabilities or basic compliance but in our opinion this is in part -bad- because it creates a false sense of security. An attacker (be it a hacker or now days even state sponsored organizations) will try everything to get inside your network so you need the best protection there is. Of course, an automated system cannot protect you from everything but it can mitigate a big chunk of the attack vectors. If done right, protecting your intranet is a very big plus which can prevent your company data being made public on the internet or sold to the highest bidder. Most companies and sysadmin/devops teams only focus on protecting the front end internet facing servers, but we are making a strong case for protecting company intranets.

Usually the information you disclose to the world by public facing servers is what gets your systems compromised in more targeted attacks. By analyzing this data we can reduce the public footprint and mitigate a lot of attack vectors. Another important thing to note is that everybody can make mistakes and automated systems like this can detect if anything changed or is wrong with your security policy, for example, and it can alert the administrator(s) instantly. A system like this will also know when you can become vulnerable because if new flaws or attack vectors are being detected in the wild you can be informed ahead of time.