Blog
Product

Celebrating the best of Intruder from 2023

Courtney De Winter
Author
Courtney De Winter
Head of Product Marketing

Key Points

This year, we had plenty of exciting updates and new features for you to explore. And we're still going. Here’s a message from our VP of Product, Andy Hornegold to kick off the best of our 2023 roundup:

“Our ongoing goal at Intruder is to ensure that our customers are secure. Over the last year we’ve seen some of the most proficient ransomware affiliates targeting small and medium sized businesses, and we’ve seen them be successful. We’re dedicated to giving you, the Intruder community, the greatest chance possible of staying ahead of this growing, skilled and dedicated criminal enterprise.

Over 2023, our users have added three-quarters of a million targets to Intruder, and over a thousand cloud accounts, showing a growing confidence in Intruder to protect a larger attack surface. Many of our users are making use of Intruder’s reactive attack surface scanning, which means their assets are scanned as soon as a change in their attack surface is detected - effectively reducing the window of opportunity for malicious actors to exploit vulnerabilities in that attack surface.

On top of this we’ve seen our users fix critical internet-facing vulnerabilities 45% faster than they were at the beginning of the year. I have confidence that in 2024 we’ll continue to make it harder for threat actors, and easier for you to defend against them.”

What we've achieved together in 2023

  • 771,000 internet-facing assets added to Intruder
  • 1,000 cloud accounts added. 40% automatically scanned when new targets are added.
  • 2x faster scanning than in 2022
  • 190,000 automated assessments reaching 18,000 a month
  • 54,761 critical internet-facing vulnerabilities discovered
  • Time to fix a critical vulnerability improved by 40% down from 30 → 17 days
  • 200+ companies automating compliance integrations

Check out our biggest highlights from 2023, including enhanced analytics to learn how it can help you optimize your security posture in 2024.

Do more with Intruder than ever before

Protect your attack surface with continuous network scanning and more…

More than ever before, our customers are looking to reduce their attack surface. Enter Intruder’s Premium plan. Focused on streamlining processes, increasing visibility and minimizing exposure time, Premium customers benefit from automation that drives reactive and proactive attack surface protection. Meaning, you're scanned not only when Intruder notices changes in your attack surface, but also when the threat landscape changes. 

Plus if you want to take your security a step further, our continuous penetration testing service is available to Premium customers to book by the day. Acting as a form of continuous penetration testing throughout the year, the service finds high and critical impact weaknesses that scanners alone can’t find, so you have even greater visibility over your attack surface.

If you want more information about continuous penetration testing or the other features available with our Premium plan, book a quick chat with us and we can talk you through it. 

Keep your APIs secure with vulnerability scanning

With the launch of API vulnerability scanning in May 2023, it's now even easier for you to protect your APIs. Customers can create an inventory of all their API endpoints, detect common API vulnerabilities and proactively test APIs before they go into production.

Want to understand more about how an attacker exploits APIs? Check out our API security webinar here with Andy Hornegold to explore recent high-profile breaches caused by simple failings and gain our top tips for API security.

Dive deeper into your analytics

When Intruder first released our reporting functionality, we focused on the results of your scans and the current state of your attack surface. This was great for prioritizing your immediate work, but made it hard to take a step back and see the impact. 

You can now track your progress over time with our reporting and analytics tab and dive deeper into your cyber security posture, including: 

  1. Filter data by time, tag, or target
  2. Prioritize issues by severity
  3. Track open, new, and fixed issues - and see how long it takes to resolve them
  4. Monitor your cyber hygiene score
  5. Find new vulnerabilities as they emerge with emerging threat scans (ETS)
  6. Manage your attack surface as it expands or contracts

Curious about the kinds of metrics you can see in analytics? Read our blog on vulnerability management metrics.

Join 200+ companies who are using Intruder’s integrations to automate compliance

We’ve made some big steps in 2023 to help customers make vulnerability management for compliance easier. Teaming up with Drata and Vanta, customers can set up their scans to automatically send evidence of good cyber hygiene from Intruder to the compliance platforms. 

Available on Pro, Premium and Vanguard plans, head into the portal and set up your Drata and Vanta integrations following these simple steps.

Check fixes 65% faster with remediation scans

Running an entire scan to check your fix on one vulnerability isn't efficient. That's why we introduced remediation scans. Running an average of 65% faster than a full scan, remediation scans look at a specific vulnerability on associated targets to understand whether you've successfully closed the gap in your security and gives you immediate feedback on remediation efforts. Find out more about our most requested feature release for 2023 here.

Sleek improvements to make scanning easier

Set up authentications easily

We heard from you that adding an authentication to a web app could be challenging. So we’ve made the process better. Now when you add an authentication to a web app in Intruder, there is a verification step where we test the login details you provide to make sure the authentication has been successful. Watch this video on how the process works end-to-end.

Add an authentication through a recorded login

Bringing it a step further, we’ve also created another easy way to add an authentication to your web app! Now, you can use Google Chrome Dev Tools to record yourself logging into a target and then upload the file to Intruder to set up your authentication seamlessly. Check out how to add a recorded login here.

Bring your scans closer to home with location-scanning

You can now run all your scans from the region of your choice and minimize the number of IPs whitelisted. Learn how to adjust your location settings here.

New and improved tag management and filtering

We’ve made it even easier to use the tag function in the portal to organize and group targets. Plus, we’ve even gone a step further to improve the look and filtering capabilities for tables across the platform - including the ability to filter by host status, target type, tag or license type. 

Introducing Bits: Intruder’s design evolution

We adopted our own design system - Bits - earlier this year and embarked on a transformative journey to enhance the user experience for our customers and teams. In this blog post, Nika Vizintin Prinz, our Senior Product Designer, explains why we switched to this system and our lessons learned along the way.

It’s holiday season, so why not give the gift of security 

You may take a break over the holidays, but your security shouldn't. We even wrote this blog about what to look out for! 

Help protect your friends and pocket a reward for yourself in the process. Refer a friend to Intruder and you’ll both receive $150 when they sign up. Find out more here.

Your top rated content from 2023 

Thank you for joining us on the journey

Intruder made the Deloitte Tech Fast 50 2023 list - we were the fastest-growing cybersecurity company in the UK! Thank you to all our customers who helped us win this fantastic recognition. 

“It was a pleasure to meet one of our customers at the awards, Kate Jillings of ToucanTech, building an all-in-one community management platform, who snapped up an award for being a top fast growing female founded business. 

The recognition is a great celebration of what we've been building at Intruder, without raising a ton of money, we've quietly been helping more than 2,500 customers like Kate to effortlessly solve their cyber security problems, while they crack on building great businesses.

It's a great look back at how far we've come, and makes me very excited about our next stages of growth, and those who will come on the journey with us, both as customers and on our team.” – Chris Wallis, Founder at Intruder

Patrick Craston, Intruder's CTO (left), Chris Wallis, Intruder's CEO and Founder (right)

What’s coming in 2024

Enhanced vulnerability scanning with Nuclei

One of our core strengths at Intruder is continuous vulnerability scanning. That's why we're excited to share that we're augmenting Intruder with Nuclei, another scanner that packs a punch and is our next step to providing the best vulnerability management platform on the market.

Nuclei is a fast, customizable vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms and networks. Tenable and Nuclei will be working side-by-side to make sure you’re getting as much attack surface coverage as possible. And don’t worry, Intruder will still filter out the noise so that you can work on what matters to you most. More updates to come in January! 

Support for Single Page Application Scanning

You've asked and we listened! The ability to effectively scan Single Page Applications (SPAs) has been a long requested feature, and you will soon have it! 

With this release, we’ll add to the recently launched Recorded Logins feature, by implementing enhanced spidering. This will allow you to scan more than just traditional multi-page applications such as your single page apps too.

We’d love to hear what you think!

Are the stats what you expected? Should we be building more into the product somewhere else? Let us know! Click here to request/vote for new features or book a quick chat with a member of our product team.

See you in the new year 👋🏼

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Sign up for your free 14-day trial

7 days free trial
Faster scanning. Improved time to fix. Lots of new features. Check out our biggest highlights from 2023.
back to BLOG

Celebrating the best of Intruder from 2023

Courtney De Winter

This year, we had plenty of exciting updates and new features for you to explore. And we're still going. Here’s a message from our VP of Product, Andy Hornegold to kick off the best of our 2023 roundup:

“Our ongoing goal at Intruder is to ensure that our customers are secure. Over the last year we’ve seen some of the most proficient ransomware affiliates targeting small and medium sized businesses, and we’ve seen them be successful. We’re dedicated to giving you, the Intruder community, the greatest chance possible of staying ahead of this growing, skilled and dedicated criminal enterprise.

Over 2023, our users have added three-quarters of a million targets to Intruder, and over a thousand cloud accounts, showing a growing confidence in Intruder to protect a larger attack surface. Many of our users are making use of Intruder’s reactive attack surface scanning, which means their assets are scanned as soon as a change in their attack surface is detected - effectively reducing the window of opportunity for malicious actors to exploit vulnerabilities in that attack surface.

On top of this we’ve seen our users fix critical internet-facing vulnerabilities 45% faster than they were at the beginning of the year. I have confidence that in 2024 we’ll continue to make it harder for threat actors, and easier for you to defend against them.”

What we've achieved together in 2023

  • 771,000 internet-facing assets added to Intruder
  • 1,000 cloud accounts added. 40% automatically scanned when new targets are added.
  • 2x faster scanning than in 2022
  • 190,000 automated assessments reaching 18,000 a month
  • 54,761 critical internet-facing vulnerabilities discovered
  • Time to fix a critical vulnerability improved by 40% down from 30 → 17 days
  • 200+ companies automating compliance integrations

Check out our biggest highlights from 2023, including enhanced analytics to learn how it can help you optimize your security posture in 2024.

Do more with Intruder than ever before

Protect your attack surface with continuous network scanning and more…

More than ever before, our customers are looking to reduce their attack surface. Enter Intruder’s Premium plan. Focused on streamlining processes, increasing visibility and minimizing exposure time, Premium customers benefit from automation that drives reactive and proactive attack surface protection. Meaning, you're scanned not only when Intruder notices changes in your attack surface, but also when the threat landscape changes. 

Plus if you want to take your security a step further, our continuous penetration testing service is available to Premium customers to book by the day. Acting as a form of continuous penetration testing throughout the year, the service finds high and critical impact weaknesses that scanners alone can’t find, so you have even greater visibility over your attack surface.

If you want more information about continuous penetration testing or the other features available with our Premium plan, book a quick chat with us and we can talk you through it. 

Keep your APIs secure with vulnerability scanning

With the launch of API vulnerability scanning in May 2023, it's now even easier for you to protect your APIs. Customers can create an inventory of all their API endpoints, detect common API vulnerabilities and proactively test APIs before they go into production.

Want to understand more about how an attacker exploits APIs? Check out our API security webinar here with Andy Hornegold to explore recent high-profile breaches caused by simple failings and gain our top tips for API security.

Dive deeper into your analytics

When Intruder first released our reporting functionality, we focused on the results of your scans and the current state of your attack surface. This was great for prioritizing your immediate work, but made it hard to take a step back and see the impact. 

You can now track your progress over time with our reporting and analytics tab and dive deeper into your cyber security posture, including: 

  1. Filter data by time, tag, or target
  2. Prioritize issues by severity
  3. Track open, new, and fixed issues - and see how long it takes to resolve them
  4. Monitor your cyber hygiene score
  5. Find new vulnerabilities as they emerge with emerging threat scans (ETS)
  6. Manage your attack surface as it expands or contracts

Curious about the kinds of metrics you can see in analytics? Read our blog on vulnerability management metrics.

Join 200+ companies who are using Intruder’s integrations to automate compliance

We’ve made some big steps in 2023 to help customers make vulnerability management for compliance easier. Teaming up with Drata and Vanta, customers can set up their scans to automatically send evidence of good cyber hygiene from Intruder to the compliance platforms. 

Available on Pro, Premium and Vanguard plans, head into the portal and set up your Drata and Vanta integrations following these simple steps.

Check fixes 65% faster with remediation scans

Running an entire scan to check your fix on one vulnerability isn't efficient. That's why we introduced remediation scans. Running an average of 65% faster than a full scan, remediation scans look at a specific vulnerability on associated targets to understand whether you've successfully closed the gap in your security and gives you immediate feedback on remediation efforts. Find out more about our most requested feature release for 2023 here.

Sleek improvements to make scanning easier

Set up authentications easily

We heard from you that adding an authentication to a web app could be challenging. So we’ve made the process better. Now when you add an authentication to a web app in Intruder, there is a verification step where we test the login details you provide to make sure the authentication has been successful. Watch this video on how the process works end-to-end.

Add an authentication through a recorded login

Bringing it a step further, we’ve also created another easy way to add an authentication to your web app! Now, you can use Google Chrome Dev Tools to record yourself logging into a target and then upload the file to Intruder to set up your authentication seamlessly. Check out how to add a recorded login here.

Bring your scans closer to home with location-scanning

You can now run all your scans from the region of your choice and minimize the number of IPs whitelisted. Learn how to adjust your location settings here.

New and improved tag management and filtering

We’ve made it even easier to use the tag function in the portal to organize and group targets. Plus, we’ve even gone a step further to improve the look and filtering capabilities for tables across the platform - including the ability to filter by host status, target type, tag or license type. 

Introducing Bits: Intruder’s design evolution

We adopted our own design system - Bits - earlier this year and embarked on a transformative journey to enhance the user experience for our customers and teams. In this blog post, Nika Vizintin Prinz, our Senior Product Designer, explains why we switched to this system and our lessons learned along the way.

It’s holiday season, so why not give the gift of security 

You may take a break over the holidays, but your security shouldn't. We even wrote this blog about what to look out for! 

Help protect your friends and pocket a reward for yourself in the process. Refer a friend to Intruder and you’ll both receive $150 when they sign up. Find out more here.

Your top rated content from 2023 

Thank you for joining us on the journey

Intruder made the Deloitte Tech Fast 50 2023 list - we were the fastest-growing cybersecurity company in the UK! Thank you to all our customers who helped us win this fantastic recognition. 

“It was a pleasure to meet one of our customers at the awards, Kate Jillings of ToucanTech, building an all-in-one community management platform, who snapped up an award for being a top fast growing female founded business. 

The recognition is a great celebration of what we've been building at Intruder, without raising a ton of money, we've quietly been helping more than 2,500 customers like Kate to effortlessly solve their cyber security problems, while they crack on building great businesses.

It's a great look back at how far we've come, and makes me very excited about our next stages of growth, and those who will come on the journey with us, both as customers and on our team.” – Chris Wallis, Founder at Intruder

Patrick Craston, Intruder's CTO (left), Chris Wallis, Intruder's CEO and Founder (right)

What’s coming in 2024

Enhanced vulnerability scanning with Nuclei

One of our core strengths at Intruder is continuous vulnerability scanning. That's why we're excited to share that we're augmenting Intruder with Nuclei, another scanner that packs a punch and is our next step to providing the best vulnerability management platform on the market.

Nuclei is a fast, customizable vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms and networks. Tenable and Nuclei will be working side-by-side to make sure you’re getting as much attack surface coverage as possible. And don’t worry, Intruder will still filter out the noise so that you can work on what matters to you most. More updates to come in January! 

Support for Single Page Application Scanning

You've asked and we listened! The ability to effectively scan Single Page Applications (SPAs) has been a long requested feature, and you will soon have it! 

With this release, we’ll add to the recently launched Recorded Logins feature, by implementing enhanced spidering. This will allow you to scan more than just traditional multi-page applications such as your single page apps too.

We’d love to hear what you think!

Are the stats what you expected? Should we be building more into the product somewhere else? Let us know! Click here to request/vote for new features or book a quick chat with a member of our product team.

See you in the new year 👋🏼

Release Date
Level of Ideal
Comments
Before CVE details are published
🥳
Limited public information is available about the vulnerability.

Red teamers, security researchers, detection engineers, threat actors have to actively research type of vulnerability, location in vulnerable software and build an associated exploit.

Tenable release checks for 47.43% of the CVEs they cover in this window, and Greenbone release 32.96%.
Day of CVE publish
😊
Vulnerability information is publicly accessible.

Red teamers, security researchers, detection engineers and threat actors now have access to some of the information they were previously having to hunt themselves, speeding up potential exploit creation.

Tenable release checks for 17.12% of the CVEs they cover in this window, and Greenbone release 17.69%.
First week since CVE publish
😐
Vulnerability information has been publicly available for up to 1 week.

The likelihood that exploitation in the wild is going to be happening is steadily increasing.

Tenable release checks for 10.9% of the CVEs they cover in this window, and Greenbone release 20.69%.
Between 1 week and 1 month since CVE publish
🥺
Vulnerability information has been publicly available for up to 1 month, and some very clever people have had time to craft an exploit.

We’re starting to lose some of the benefit of rapid, automated vulnerability detection.

Tenable release checks for 9.58% of the CVEs they cover in this window, and Greenbone release 12.43%.
After 1 month since CVE publish
😨
Information has been publicly available for more than 31 days.

Any detection released a month after the details are publicly available is decreasing in value for me.

Tenable release checks for 14.97% of the CVEs they cover over a month after the CVE details have been published, and Greenbone release 16.23%.

With this information in mind, I wanted to check what is the delay for both Tenable and Greenbone to release a detection for their scanners. The following section will focus on vulnerabilities which:

  • Have CVSSv2 rating of 10
  • Are exploitable over the network
  • Require no user interaction

These are the ones where an attacker can point their exploit code at your vulnerable system and gain unauthorised access.

We’ve seen previously that Tenable have remote checks for 643 critical vulnerabilities, and OpenVAS have remote checks for 450 critical vulnerabilities. Tenable release remote checks for critical vulnerabilities within 1 month of the details being made public 58.4% of the time, but Greenbone release their checks within 1 month 76.8% of the time. So, even though OpenVAS has fewer checks for those critical vulnerabilities, you are more likely to get them within 1 month of the details being made public. Let’s break that down further.

In Figure 10 we can see the absolute number of remote checks released on a given day after a CVE for a critical vulnerability has been published. What you can immediately see is that both Tenable and OpenVAS release the majority of their checks on or before the CVE details are made public; Tenable have released checks for 247 CVEs, and OpenVAS have released checks for 144 CVEs. Then since 2010 Tenable have remote released checks for 147 critical CVEs and OpenVAS 79 critical CVEs on the same day as the vulnerability details were published. The number of vulnerabilities then drops off across the first week and drops further after 1 week, as we would hope for in an efficient time-to-release scenario.

Figure 10: Absolute numbers of critical CVEs with a remote check release date from the date a CVE is published

While raw numbers are good, Tenable have a larger number of checks available so it could be unfair to go on raw numbers alone. It’s potentially more important to understand the likelihood that OpenVAS or Tenable will release a check of a vulnerability on any given day after a CVE for a critical vulnerability is released. In Figure 11 we can see that Tenable release 61% their checks on or before the date that a CVE is published, and OpenVAS release a shade under 50% of their checks on or before the day that a CVE is published.

Figure 11: Percentage chance of delay for critical vulnerabilities

So, since 2010 Tenable has more frequently released their checks before or on the same day as the CVE details have been published for critical vulnerabilities. While Tenable is leading at this point, Greenbone’s community feed still gets a considerable percentage of their checks out on or before day 0.

I thought I’d go another step further and try and see if I could identify any trend in each organisations release delay, are they getting better year-on-year or are their releases getting later? In Figure 12 I’ve taken the mean delay for critical vulnerabilities per year and plotted them. The mean as a metric is particularly influenced by outliers in a data set, so I expected some wackiness and limited the mean to only checks released 180 days prior to a CVE being published and 31 days after a CVE being published. These seem to me like reasonable limits, as anything greater than 6 months prior to CVE details being released is potentially a quirk of the check details and anything after a 1-month delay is less important for us.

What can we take away from Figure 12?

  • We can see that between 2011 and 2014 Greenbone’s release delay was better than that of Tenable, by between 5 and 10 days.
  • In 2015 things reverse and for 3 years Tenable is considerably ahead of Greenbone by a matter of weeks.
  • But, then in 2019 things get much closer and Greenbone seem to be releasing on average about a day earlier than Tenable.
  • For both the trendline over an 11-year period is very close, with Tenable marginally beating Greenbone.
  • We have yet to have any data for 2021 for OpenVAS checks for critical show-stopper CVEs.
Figure 12: Release delay year-on-year (lower is better)

With the larger number of checks, and still being able to release a greater percentage of their remote checks for critical vulnerabilities Tenable could win this category. However, the delay time from 2019 and 2020 going to OpenVAS, and the trend lines being so close, I am going to declare this one a tie. It’s a tie.

The takeaway from this is that both vendors are getting their checks out the majority of the time either before the CVE details are published or on the day the details are published. This is overwhelmingly positive for both scanning solutions. Over time both also appear to be releasing remote checks for critical vulnerabilities more quickly.

Written by

Courtney De Winter

Recommended articles

Ready to get started with your 14-day trial?
try for free