Edgescan Product Strategy

Edgescan Product Strategy

September 30, 2020 / advisory , blog , general , news , papers / Comments (0)

Edgescan Development Plans

Product Strategy 2020 to 2021

 

With the successful rollout of API Discovery to clients in early 2020, we wanted to start publishing and discussing some of the long-term work that the Edgescan teams are working toward.

 

All Edgescan teams have expanded in the last year, with our biggest headcount increases being in our development and operations teams. The benefits of hiring the most interesting and exciting builders and breakers, is they create (and break) the most interesting and exciting technologies, so let’s talk about it.

 

The aim of this blog post is to give you a short summary of some of the ongoing work, and some of the projects that are expected to be rolled out in the coming year.

 


 

Scanning Technology Upgrade
Timeline – Ongoing
What we are working on. We have an industry-leading assessment platform; we are pushing this bar out even further with some new spidering/crawling capabilities which will provide a much deeper and accurate level of crawling on all technologies and significantly improve client-side web application results.

To add to that we are improving our full-stack orchestration technology, this is the technology that controls our crawlers/scanners. This will ultimately lead to shorter scan times and more detail available via the platform & API. Launch starting August 2020 and first phase will be completed by December 2020.

A significant amount of our development time will as always go into scanning technology. Below are further upgrades.

  • New Single-Page application scanning – new JavaScript parsing engine being implemented.  Rollout September 2020.
  • API crawling and scanning upgrades – swaggers and API descriptor files can already be stored against your asset in Edgescan. We are building out on this. Expected January 2021.
  • Network scanning upgrades – with ~90,000 unique vulnerability tests, we plan to increase our coverage, efficiency and decrease time from new exploit discovery to when Edgescan is testing for this new finding. Expected December 2020.

 

Single-Sign On (SSO).
Timeline – March 2020
With more organisations utilising SSO services, we are expanding our support for supported services.
Current supported include:

  • Okta
  • Onelogin
  • Ping Identity
  • Auth0
  • G Suite
  • Azure AD

Contact your Edgescan sales representative if you would like to enable SSO within your organisation. Contact Us

 

API Discovery
Timeline – May 2020
  • Edgescan’s API Discovery service monitors your organizations external infrastructure for exposed API’s, both known and unknown. Our exploration techniques are lightweight, non-destructive, run continuously, and provide a confidence level with each finding so you can perform immediate risk triaging.
  • Edgescan provides a read-only data stream that is available through our web platform and the Edgescan API hosts endpoint. No configuration is needed!

For a more comprehensive introduction to API Discovery please see our product data sheet.

 

UI Redesign
Timeline – December 2020
  • We sent an RFI out to 10 exciting design studios in Ireland in November 2019. This was a long-term project for us as we understood we have the security, operations and development skillset, but we lacked the design experience that could really push our UI to the forefront of this industry.
  • We engaged with Design Partners to give our platform a ‘facelift‘ which will be rolled out to all clients before the end of 2020.
  • We are really excited about this and it represents our first time engaging with external designers in a project of this size, we hope you like what you see.

 

Organisation Setting & Configuration
Timeline – March 2021
Manage your assets and users more effectively by splitting them into logical organisations to match the structure of your business units or functions.

This will enable our users to have more granular control over their assets and organisations as well as enabled nesting organisations for those tricky M&A use-cases.

 

License Management
Timeline – April 2021
To build on work completed in 2019, where we have rolled out further license visibility in the platform.

This is part of a larger piece of work that has been happening in the background. Success criteria for this project is to ensure that clients have full visibility over all the testing & assessments we are performing and making sure license ‘utilisation‘ KPIs are front and centre.

 

Reporting – Compliance and Benchmarking
Timeline – Ongoing
  • CIS Benchmarking – October 2020.

As you may have seen, CIS alignments and controls have been rolled into the definitions. This will allow CIS benchmark reporting and further telemetry for vulnerability data.
This is a follow-up to the CVE and CWE information that was added into vulnerability definitions in 2019 and 2020.

  • Quarterly stats reports – June 2021

Currently only available for enterprise client. Quarterly reports give our clients an indication of time and effort saved by utilising the Edgescan service.
We would like to make this service available to all users.

  • Further ASV & PCI Reporting – April 2020 and August 2020.

We have completed three minor sprints this year for PCI reporting. This expanded our reporting capabilities adding in more supported formats, enabled historical reporting so you can benchmark current PCI results vs previous and streamlined disputes resolution allowing more detailed reporting.

Compliance and regulation information available here.

 

Onboarding Application
Timeline – June 2021.
To further streamline the onboarding of assets in Edgescan, we have built out our API to make it as simple as ever for organisations to get their assets created and testing started. With the addition of new swagger locations and API calls it has never been easier to get testing lined up.

When the UI work is completed on the main frontend, the next piece of technology to incorporate is the onboarding application.

 

Integrations 2021 and beyond.
Further integration work, in 2020 we’ve added risk correlation tool (RiskSense), automation technology (Axonius), we plan on expanding integrations and technology partnerships:

  • Into automation tools such as Zapier, Sentinel & additional CI/CD tooling.
  • Into asset/risk management tooling such as ServiceNow & RSA Archer.
  • Into cloud services such as AWS, Azure and GCP.

We will have individual blog posts about further integrations as they are rolled out.

We hope this gave you a bit of insight into our exciting plans for the next few months. If any of the above have prompted questions please get in contact with your Edgescan sales representative. As ever, we are more than happy to discuss any features you would like included.

 

Book a Meeting

David Kennefick

Product Architect, Edgescan

David Kennefick