Detectify Launches IP Range Scanning to Reveal Hidden Assets Across Entire Networks
What Happened – Detectify introduced “IP Range Scanning,” a SaaS capability that continuously discovers and monitors every address in a CIDR block, surfacing forgotten servers, non‑standard services, and exposed databases that traditional domain‑only scanners miss.
Why It Matters for TPRM –
- Hidden assets are a common source of third‑party risk; unmanaged IPs can become footholds for attackers targeting your supply chain.
- Continuous, high‑fidelity discovery reduces blind‑spot exposure, enabling more accurate risk assessments of vendors and partners.
- Early identification of exposed services (e.g., Redis, MongoDB) helps you enforce security controls before a breach occurs.
Who Is Affected – All enterprises that rely on third‑party network services, especially those in technology/SaaS, financial services, healthcare, and retail that outsource infrastructure or use legacy IP ranges.
Recommended Actions –
- Add Detectify’s IP Range Scanning to your vendor security‑testing toolkit.
- Conduct a baseline scan of every third‑party CIDR block you consume.
- Integrate findings into your risk register and remediate exposed services promptly.
Technical Notes – The solution uses protocol‑level probing beyond simple port scans, detecting services on non‑standard ports and raw IP addresses without DNS records. No specific CVE is referenced; the risk stems from mis‑configuration and forgotten assets. Source: Help Net Security