The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release is full of key additions and progress across multiple areas of the platform.
We are sure that you’ll find these quite interesting!
- Application Security Posture Management
- Team Graph
- Team Dashboard Access Update
- Asset and Vulnerability Management
- Saved Filters
- Introducing Asset Lifecycle Management
- Introducing Vulnerability Lifecycle Management
- Integrations
- Out-of-the-box Nuclei Scanning
- Wiz Integration
- Control Snyk ignored vulnerabilities
- Other Improvements
- Navigate to Asset from Impact Explorer chart
- Improved display of Impact and Exposure in Risk Elements
Application Security Posture Management
Team Graph, Application Graph, Environment Graph
Team management has become easier to navigate thanks to our new Team Graph display, present in every team’s dashboard page.
Team Dashboard Access Update
In order to make it easier for engineers and security champions to access information about their teams, we have restructured the main menu and made the Teams area and top-level entry.
Now the menu features an additional Teams top-level entry, with two sub-menus:
- Dashboard: previously found under Security > Teams Dashboard
- Configuration: previous found under Settings > Teams
Users with the role Organisation User or Organisation Security Developer can access their teams’ dashboard under Teams > Dashboard. However, only administrator users will have access to Teams > Configuration.
Asset and Vulnerability Management
Saved Filters
We have been busy improving our Asset and Vulnerability filtering functionality so that our users can save even more time by not having to repeatedly configure filters that they use frequently.
Now users can save any combination of filtering conditions under a memorable name – and even add a bit of description – and recall those conditions easily from the Filters popup.
Additionally, the saved filter can be either Private – just available to the user creating it -, or shared with the rest of the organisation.
Once the filter is saved it can be easily reused from the new Saved Filters tab.
Introducing Asset Lifecycle Management
Now users are able to automatically purge assets from their accounts when they haven’t been seen in a scanner report for more than a configurable number of days. This improves our users’ ability to keep ephemeral assets and their vulnerabilities under control.
As indicated in the warning message, this functionality should be used responsibly. “With great power…”
Introducing Vulnerability Lifecycle Management
In addition to the feature presented above, vulnerabilities gain their own lifecycle management settings. However, in this case the platform will close vulnerabilities, rather than deleting them.
Integrations
Out-of-the-box Nuclei Scanning
Phoenix is expanding its built-in scanning capabilities with the introduction of Nuclei-based scanning for websites. This new addition joins ZAP and WPScan as out-of-the-box scanning options offered by Phoenix Security. Users can scan their web properties without the need to host and run their own scanners.
Wiz Integration
On the integration front, we are happy to announce the general availability of our native, API based, integration with the Wiz scanner.
As it is the case with all our integrations, the configuration is very straightforward, and only needs a few parameters required for the API authentication. Our knowledge base article provides detailed information about how to obtain the required details.
Control Snyk ignored vulnerabilities
Phoenix integration with Snyk has been improved with an additional setting to optionally include “ignored” vulnerabilities with those fetched from the scanner.
Snyk offers the possibility to mark vulnerabilities as ignored. To support organisations taking advantage of that feature, by default Phoenix excludes those vulnerabilities from the set fetched from the scanner. However, users can choose to include them by selecting the corresponding option in the scanner configuration.
Other Improvements
Navigate to Asset from the Impact Explorer chart
When using the tree-map chart to explore the impact and severity of applications and components, users can now go directly to the asset details page from the last level of the chart.
Improved display of Impact and Exposure in Risk Elements
In the Risk Elements section of vulnerability details, we’ve made the information about Impact and Exposure factors more accurate and easier to understand.