This year, we had plenty of exciting updates and new features for you to explore. And we're still going. Here’s a message from our VP of Product, Andy Hornegold to kick off the best of our 2023 roundup:

“Our ongoing goal at Intruder is to ensure that our customers are secure. Over the last year we’ve seen some of the most proficient ransomware affiliates targeting small and medium sized businesses, and we’ve seen them be successful. We’re dedicated to giving you, the Intruder community, the greatest chance possible of staying ahead of this growing, skilled and dedicated criminal enterprise.

Over 2023, our users have added three-quarters of a million targets to Intruder, and over a thousand cloud accounts, showing a growing confidence in Intruder to protect a larger attack surface. Many of our users are making use of Intruder’s reactive attack surface scanning, which means their assets are scanned as soon as a change in their attack surface is detected - effectively reducing the window of opportunity for malicious actors to exploit vulnerabilities in that attack surface.

On top of this we’ve seen our users fix critical internet-facing vulnerabilities 45% faster than they were at the beginning of the year. I have confidence that in 2024 we’ll continue to make it harder for threat actors, and easier for you to defend against them.”

What we've achieved together in 2023

• 771,000 internet-facing assets added to Intruder
• 1,000 cloud accounts added. 40% automatically scanned when new targets are added.
• 2x faster scanning than in 2022
• 190,000 automated assessments reaching 18,000 a month
• 54,761 critical internet-facing vulnerabilities discovered
• Time to fix a critical vulnerability improved by 40% down from 30 → 17 days
• 200+ companies automating compliance integrations

Check out our biggest highlights from 2023, including enhanced analytics to learn how it can help you optimize your security posture in 2024.

Do more with Intruder than ever before

Protect your attack surface with continuous network scanning and more…

More than ever before, our customers are looking to reduce their attack surface. Enter Intruder’s Premium plan. Focused on streamlining processes, increasing visibility and minimizing exposure time, Premium customers benefit from automation that drives reactive and proactive attack surface protection. Meaning, you're scanned not only when Intruder notices changes in your attack surface, but also when the threat landscape changes. 

Plus if you want to take your security a step further, our bug hunting service is available to Premium customers to book by the day. Acting as a form of continuous penetration testing throughout the year, the service finds high and critical impact weaknesses that scanners alone can’t find, so you have even greater visibility over your attack surface.

If you want more information about bug hunting or the other features available with our Premium plan, book a quick chat with us and we can talk you through it. 

Keep your APIs secure with vulnerability scanning

With the launch of API vulnerability scanning in May 2023, it's now even easier for you to protect your APIs. Customers can create an inventory of all their API endpoints, detect common API vulnerabilities and proactively test APIs before they go into production.

Want to understand more about how an attacker exploits APIs? Check out our API security webinar here with Andy Hornegold to explore recent high-profile breaches caused by simple failings and gain our top tips for API security.

Dive deeper into your analytics

When Intruder first released our reporting functionality, we focused on the results of your scans and the current state of your attack surface. This was great for prioritizing your immediate work, but made it hard to take a step back and see the impact. 

You can now track your progress over time with our reporting and analytics tab and dive deeper into your cyber security posture, including: 

1. Filter data by time, tag, or target
2. Prioritize issues by severity
3. Track open, new, and fixed issues - and see how long it takes to resolve them
4. Monitor your cyber hygiene score
5. Find new vulnerabilities as they emerge with emerging threat scans (ETS)
6. Manage your attack surface as it expands or contracts

Curious about the kinds of metrics you can see in analytics? Read our blog on vulnerability management metrics.

Join 200+ companies who are using Intruder’s integrations to automate compliance

We’ve made some big steps in 2023 to help customers make vulnerability management for compliance easier. Teaming up with Drata and Vanta, customers can set up their scans to automatically send evidence of good cyber hygiene from Intruder to the compliance platforms. 

‍

Available on Pro, Premium and Vanguard plans, head into the portal and set up your Drata and Vanta integrations following these simple steps.

Check fixes 65% faster with remediation scans

Running an entire scan to check your fix on one vulnerability isn't efficient. That's why we introduced remediation scans. Running an average of 65% faster than a full scan, remediation scans look at a specific vulnerability on associated targets to understand whether you've successfully closed the gap in your security and gives you immediate feedback on remediation efforts. Find out more about our most requested feature release for 2023 here.

Sleek improvements to make scanning easier

Set up authentications easily

We heard from you that adding an authentication to a web app could be challenging. So we’ve made the process better. Now when you add an authentication to a web app in Intruder, there is a verification step where we test the login details you provide to make sure the authentication has been successful. Watch this video on how the process works end-to-end.

Add an authentication through a recorded login

Bringing it a step further, we’ve also created another easy way to add an authentication to your web app! Now, you can use Google Chrome Dev Tools to record yourself logging into a target and then upload the file to Intruder to set up your authentication seamlessly. Check out how to add a recorded login here.

Bring your scans closer to home with location-scanning

You can now run all your scans from the region of your choice and minimize the number of IPs whitelisted. Learn how to adjust your location settings here.

New and improved tag management and filtering

We’ve made it even easier to use the tag function in the portal to organize and group targets. Plus, we’ve even gone a step further to improve the look and filtering capabilities for tables across the platform - including the ability to filter by host status, target type, tag or license type. 

Introducing Bits: Intruder’s design evolution

We adopted our own design system - Bits - earlier this year and embarked on a transformative journey to enhance the user experience for our customers and teams. In this blog post, Nika Vizintin Prinz, our Senior Product Designer, explains why we switched to this system and our lessons learned along the way.

It’s holiday season, so why not give the gift of security 

You may take a break over the holidays, but your security shouldn't. We even wrote this blog about what to look out for! 

Help protect your friends and pocket a reward for yourself in the process. Refer a friend to Intruder and you’ll both receive $150 when they sign up. Find out more here.

Your top rated content from 2023 

• ‍Vulnerability management metrics: how to measure success: Discover the metrics you need to measure to track the state of your vulnerability management program. Get ahead of the curve with insights from Intruder's VP Product.
• We hacked ourselves with DNS rebinding: Intruder's Security Research Engineer, Daniel Thatcher, demonstrates a DNS rebinding exploit against our own platform which allowed him to extract low-privileged AWS credentials.
• Why you need continuous network monitoring: Your network is always changing. Continuous monitoring provides real-time visibility into vulnerabilities so you can fix them faster.
• What is attack surface management? Attack surfaces are growing faster than security teams can keep up. We look at why it’s growing and how to monitor and manage it properly with tools like Intruder.
• SOC 2 compliance: an essential guide: Simplify the complex and tedious process of becoming SOC 2 certified with our essential guide.

Thank you for joining us on the journey

Intruder made the Deloitte Tech Fast 50 2023 list - we were the fastest-growing cybersecurity company in the UK! Thank you to all our customers who helped us win this fantastic recognition. 

‍“It was a pleasure to meet one of our customers at the awards, Kate Jillings of ToucanTech, building an all-in-one community management platform, who snapped up an award for being a top fast growing female founded business. 

‍The recognition is a great celebration of what we've been building at Intruder, without raising a ton of money, we've quietly been helping more than 2,500 customers like Kate to effortlessly solve their cyber security problems, while they crack on building great businesses.

‍It's a great look back at how far we've come, and makes me very excited about our next stages of growth, and those who will come on the journey with us, both as customers and on our team.” – Chris Wallis, Founder at Intruder

What’s coming in 2024

Enhanced vulnerability scanning with Nuclei

One of our core strengths at Intruder is continuous vulnerability scanning. That's why we're excited to share that we're augmenting Intruder with Nuclei, another scanner that packs a punch and is our next step to providing the best vulnerability management platform on the market.

Nuclei is a fast, customizable vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms and networks. Tenable and Nuclei will be working side-by-side to make sure you’re getting as much attack surface coverage as possible. And don’t worry, Intruder will still filter out the noise so that you can work on what matters to you most. More updates to come in January! 

Support for Single Page Application Scanning

You've asked and we listened! The ability to effectively scan Single Page Applications (SPAs) has been a long requested feature, and you will soon have it! 

With this release, we’ll add to the recently launched Recorded Logins feature, by implementing enhanced spidering. This will allow you to scan more than just traditional multi-page applications such as your single page apps too.

We’d love to hear what you think!

Are the stats what you expected? Should we be building more into the product somewhere else? Let us know! Click here to request/vote for new features or book a quick chat with a member of our product team.

See you in the new year 👋🏼

‍