Winter 2023 Product Release: What’s New at Astra Security?

If it were a country, cybercrime would be the world’s third-largest economy, surpassing the wealth of entire nations at $8 Trillion. 

2023 has seen an alarming surge in cybercrime activities. From escalating ransomware attacks — rising 95% year-over-year — to compromising sensitive data, companies face a digital landscape marred by increasing vulnerabilities. 

So, how can businesses secure themselves?

Protecting from cyber threats is about building a solid defense using a mix of tools and strategies that work together to keep you safe. 

Risk-aware approach includes leveraging software like firewalls, password managers, and vulnerability scanners. It’s also important to keep your software updated and carefully manage the information you share online.

Fostering a robust cybersecurity culture begins with thorough in-house employee training. However, continuous manual & automated scans play a pivotal role in creating a robust defense against evolving threats. 

Astra’s latest VAPT and security offerings are tailored to equip your business against evolving security threats. Our comprehensive solutions blend automation and manual expertise to run 8000+ tests and compliance checks designed to uncover vulnerabilities and save millions of dollars proactively.

Don’t believe us? Well, we crunched some numbers. We have uncovered 892k+ vulnerabilities, and without us, our clients would have lost potentially more than $42 million in one year. The best part is we just got started.

In the Winter 2023 Product Update, we aim to streamline, simplify, and automate security for businesses. So, without further ado, let’s dive in!

1. Generate AI Test Cases tailored to your Industry.

What does it do?

We’re now leveraging AI to emulate the hacker mindset and identify scenarios of business logic vulnerabilities in applications. This new feature helps security engineers be more creative while finding vulnerabilities in the application.

Let’s say you’re scanning a video streaming platform – Astra will generate test cases for verifying the possibility of account sharing, view manipulation, or payment fraud.

When you start a manual pentest, based on your application’s context, functionality, technology, vendors, etc, the AI will identify scenarios for the security engineer to test for in your application. You can enter an app overview and list some of the features you want us to focus on.

Why did we build this?

Security test case generation shouldn’t be dependent on humans alone. The current manual pentest game is about how creative your security engineer feels that day—the more inspired, the more business logic scenarios they catch.

Now, with our AI-generated creative test cases + exhaustive list that security engineers test for, the chance of a vulnerable scenario not being tested is very slim.

P.S. Here’s to stop worrying if your security engineer had their coffee!

How does it help you?

1. Efficient Setup: The streamlined scan initiation and detailed AI test cases help deliver maximum information with minimal manual effort.

2. Dynamic Test Generation: Users and analysts can explore complex business logic scenarios with instantly generated industry-specific test cases during manual pentests and automated scans.

3. AI-Powered Detection: Flag new threats with adaptive AI and generate test cases that identify emerging patterns and novel business logic errors in the global CVE base, to stay ahead of evolving cyber threats.

Last month, more than 20% of our new users started using this feature to generate application-specific test cases.

2. Dive into Analysts’ Hacktivity Profiles for deeper insights

What does it do?

As a testament to our commitment to transparency, our latest feature showcases dedicated profile pages for each security analyst, providing an exclusive glimpse into their work, such as the number of pentests conducted, certifications, and CVEs discovered.

To learn more about your security expert, click the researcher’s name, E.g., Jinson, on the vulnerability page or go through the chat section.

Why did we build this?

During the research and onboarding process, understanding the expertise and accomplishments of security analysts is a crucial requirement for our prospective customers. 

As a leading cybersecurity firm, we value trust and transparency and want to offer the same in our customer relationships. Our Hacktivity pages are just another step in this ladder to help you explore our analysts’ incredible skills and performance, as they uncover an average of 2400+ vulnerabilities daily.  

How does it help you?

1. Visual Timelines: Inspired by Github, the Hacktivity graph acts as a comprehensive visual timeline to help you understand the ongoing efforts and impact of the security analyst assigned to you.

2. Quantified Analysis: Check the total number of pentests performed, high-impact vulnerabilities discovered, and CVEs reported to understand our efficacy in identifying and mitigating critical vulnerabilities.

3. Credential Assessment: Evaluate the comment velocity, certifications, and credentials to understand our expertise and decide if we fit the bill.

3. Leverage the improved Astra-naut Bot

What does it do?

We’ve just supercharged the comments box with AI. You can now speak to the Astra-naut bot 24/7 and get instant answers to security-related topics such as code snippets to patch vulnerabilities, the impact of the vulnerability, security recommendations, etc.

Try asking the bot, “What’s the best way to fix this?”

Why did we build this?

Our upgraded Astranaut Bot is a definite game-changer for two reasons: 

Firstly, it gives you answers that make sense for YOU. For example, if you are dealing with a specific authentication issue, it tailors the resolution to your particular application and code, making the answers effective and efficient.

Secondly, it is available 24/7—no more scheduling meetings and waiting for replies. Get help whenever you need it.

How does it help you?

1. Practical Guidance: Get practical guidance with suggested code snippets, turning advice into concrete steps for resolving security issues.

2. Interactive Experience: Experience a personalized interaction with contextual prompts, creating an engaging and familiar experience just for you.

3. Efficiency and Speed: Detailed responses and instant replies minimize downtime to boost efficiency and speed up remediation.

The Astranaut Bot resolved 500+ queries for our valued customers last month.

4. Generate Customizable Reports for you!

What does it do?

Our new reports feature boasts a simplified layout, multiple customization options, and lightning-fast generation time. Here’s what’s new:

• Pentest PDF Makeover: Enjoy a sleeker look and easier navigation in our revamped Pentest PDF reports. 
• Management Reports Shortcut: Meet the Management Reports/Executive Summary feature – a concise way to share key findings. No more lengthy explanations!
• Consolidated PDFs: Say goodbye to PDF overload! Our consolidated reports feature lets you merge multiple targets or scans into one PDF, saving you time.
• Reports Page Revamp: Check out our new Reports Page! See all your scans in one spot, generate reports with ease, and take control of your assessment data. 

Why did we build this?

Reports should be simple, clear, and actionable.

Now, our reports are tailored for a smoother, simpler, and faster communication of findings. We aim to enhance control and save valuable time for our CTOs, ensuring a more streamlined process for quick remediation.

How does it help you?

1. Simplified Process: Navigate to the new Reports page at https://my.getastra.com/vapt/report, where you’ll find all completed manual pentests by default, providing a quick overview.

2. Improved Look and Feel: Enjoy a revamped design with enhanced formatting, ensuring a visually appealing and professional presentation of your findings.

3. Customizable Sections: Generate and tailor your reports to fit your needs by customizing report sections, allowing you to highlight the most relevant information for your audience.

4. Consolidated Reporting: Generate a single PDF report that consolidates findings from multiple scans or targets, streamlining the reporting process and reducing clutter.

5. Versatile Reports: Leverage our enhanced report generation capabilities, from insightful CTO debriefs using the Management Report to brainstorming sessions guided by the Full Report.

In the last month, out of total sessions, nearly 70% of our new users tried this feature out!

5. Simplify Team Management

What does it do?

You can now centrally manage the team members with access to your pentest targets. 

Add someone as a project member to share access to one specific target or as a workspace member to share access to all current and future targets added to your account.

Just navigate to the Teams page at https://my.getastra.com/my-account/teams to get started!

Why did we build this?

Allocating access to team members for multiple targets can be quite cumbersome. Deleting team members & providing them granular access is even more tricky.

Our latest feature streamlines the process of assigning and overseeing access permissions. You can now swiftly onboard your team without the hassle of individually sharing access for each target with the engineers.

How does it help you?

1. Effortless Access Assignment: Easily assign access to specific targets or choose broader access to entire workspaces.

2. Centralized Access Management: Navigate to the Teams page for a centralized hub to manage project and workspace members. 

3. Enhanced Visibility: Gain insight into your colleagues’ Multi-Factor Authentication (MFA) status, adding an extra layer of security awareness to sensitive access points.

4. Administrative Efficiency: Enable bulk actions, like selecting and deleting multiple members simultaneously, ensuring swift and effortless execution.

Our simplified team management feature has quickly become a favorite among our users, with nearly 40% of our existing users already taking advantage of its streamlined workflows and enhanced collaboration capabilities last month.

6. Track Pentest Progress

What does it do?

You can easily follow your manual pentest and scan right from the dashboard. After requesting a scan, our team assesses the app’s scope and shares the latest delivery status:

• On Track for Delivery: The scan progress is on schedule…
• Running Behind: The scan progress has encountered some delays, and the estimated completion time might be affected.
• Delivery Blocked: The scan progress is blocked due to specific issues or obstacles. We may need additional information.
• Delivery Completed: The scan has been completed, and the results are ready for your review

Why did we build this?

Transparency and efficacy are two non-negotiable pillars of security. Moreover, timely updates and clear communication are crucial for effective security solutions, empowering your in-house teams to plan strategically.

Thus, our latest upgrade helps you stay in the loop and on track!

How does it help you?

1. Enhanced Visibility: You can access this information from the web scan and all scan pages. We also send timely email alerts for the same.

2. Streamlined Communication: This helps us foster transparent communication, whereby our analysts can communicate the delivery status with reasons.

3. Efficient Resource Allocation: Clear delivery dates allow for better planning and effective resource allocation for your company.

7. Detect 8,000+ CVEs with Astra’s Automated Scanner

What does it do?

Our latest update integrates 4000 new scanner rules designed to test websites for known and emerging new CVEs on web applications and API targets, cataloged in the global list of Common Vulnerabilities and Exposures, bringing the total up to 8000+ CVEs.

Why did we build this?

Vulnerabilities are evolving, and scanners should, too. While our automated scanner previously relied on manual intervention to identify vulnerabilities and complex attack vectors for the given vulnerabilities, our new feature harnesses the power of the CVE database to seamlessly detect known software vulnerabilities such as the User controllable javascript event (XSS).

Moreover, this integration has enabled us to swiftly uncover a remarkable 1.5K new vulnerabilities within the first week of launch.

How does it help you?

1. Impactful Scans: Detect unauthenticated System monitoring portals, sensitive API keys, and log files, all of which have critical real-world significance.

2. User-Friendly Implementation: Streamline CVE detection with minimal human effort without compromising the security of your application.

3. Proactive Risk Mitigation: Enable proactive identification of vulnerabilities, contributing to a more robust risk mitigation strategy.

8. Configure Static IP for Astra’s Automated Scanner

What does it do?

With our latest update, every API call our automated scanner makes will now originate from a set of predefined static IP addresses, offering heightened control and security. This means that the IP addresses from which our automated scanner communicates are now fixed and easily identifiable.

Why did we build this?

Recently, our team noticed that some of our customers were facing problems configuring security measures, especially header-based whitelisting. Not only were they quite rigid, but they also could be slightly unstable sometimes. Additionally, 2FA and captcha measures often disrupted scanning efficiency. 

This update aims to directly address these concerns, catering to your specific needs and improving the overall functionality of our automated scanner.

How does it help you?

1. Implement Granular Security Measures: Enhance control over access to our automated scanner with IP-based whitelisting to gain a more granular and targeted approach to security.

2. Optimize Scanning Processes: Delve deeper into the scanning process with more comprehensive results by disabling captcha/2fa on customers’ websites.

3. Improve Monitoring and Analysis: Facilitate a more in-depth understanding of the requests generated by our automated scanner’s enhanced tracking capabilities, contributing to better monitoring and analysis.

4. Simplify Configuration: Simplify the configuration process on popular firewalls with predefined static IP addresses, making it a hassle-free user experience.

9. Scan for open Ports in the Full Scan

What does it do?

Our latest feature in the full scan is a game-changer. The final phase of our full scan now scans for open ports, particularly after login recording (scan behind logins)! 

As the name suggests, this advanced feature is designed to identify subdomains, open ports, and potential vulnerabilities, such as Subdomain Takeover.

Why did we build this?

Traditional scans fail to recognize crucial security elements such as open ports and potential network mapping opportunities. These oversights become potential gateways for malicious actors to exploit vulnerabilities within your application’s code or structural design. 

Moreover, misconfigured settings and subdomain attack vectors that allow for complete takeover also often escape them. With this update, we aim to mitigate such advanced cyber threats to ensure a proactive approach to security.

How does it help you?

1. Enhanced Risk Identification: Gain enhanced risk identification by identifying activities like Subdomain Takeover and Port Scanning for heightened security awareness.

2. Proactive Security: Experience smooth scans, with no more disruptions due to captcha and 2FA measures, ensuring the reliability and continuity of security assessments.

3. AI-Driven Precision: Achieve seamless and accurate threat detection through AI-driven precision, effortlessly adapting to emerging patterns.

10. Run better-quality Vulnerability Scans

What does it do?

With evolving threats and emerging CVEs, our automated scanner has quickly caught up. Our latest update focuses on improving the accuracy of our automated scans by fine-tuning 30+ rules to fortify the security of your web assets and reduce the excess workload generated with higher precision scans.

Why did we build this?

In some of our recent interactions with our clients, we identified certain common areas where our vulnerability scanners could be enhanced to provide more precise results. This update is just the first step in refining our scanning rules to reflect specific industry nuances better and ensure a more precise scanning outcome.

How does it help you?

1. Stability and Reliability: With higher precision scanning, ensure automated scan stability, ensuring security teams get reliable results for continuous monitoring and proactive threat mitigation.

2. Efficient Resource Allocation: Higher quality scans equip your security teams to allocate resources effectively, concentrating on real vulnerabilities instead of misleading alerts.

3. Adapting to Emerging Threats: Adapt to emerging cyber threats with continuous refinement of scanning rules of our automated scanner.

11. Enjoy our improved Dashboard Loading Speed

What does it do?

We’ve turbocharged the dashboard! Our latest update makes the dashboard load fast, giving you quicker access to all the necessary information. Whether it is switching between compliance and vulnerabilities or scan results, we have got you covered.

Why did we build this?

To enhance the user experience, we’ve modified our code to improve the dashboard’s loading speed and overall performance significantly.

A faster loading dashboard is crucial to eliminate delays, improve productivity, and allow users to navigate and solve problems efficiently.

How does it help you?

1. Do More in Less Time: Spend less time waiting and doing more. Whether scheduling continuous scans or analyzing reports, quick loading helps you complete tasks faster.

2. Faster Navigation: Move around the platform with ease. A faster dashboard translates to easier navigation without annoying delays and rage clicks.

Conclusion

Focusing on automation, efficiency, and transparency, we aim to redefine your experience to help you stay ahead of the curve and protect your critical assets. So, the question remains: What’s next for the Astra Dashboard?

In fact, continuing with the dashboard rehaul as the underlying theme, we’ll be working significantly in the next couple of months to simplify navigation, add new visuals, and improve your overall interaction with Astra’s dashboard. So stay tuned and stay safe!

Share this...

Facebook

Pinterest

Twitter

Linkedin