Inside the tech that continuously monitors our customers’ attack surface

Detectify's blog series introduces a new engine framework that enhances the efficiency of monitoring customers' attack surfaces, allowing the company to address vulnerabilities swiftly, such as a critical 0-day vulnerability managed within a day. The process of monitoring involves designing and distributing security tests, or monitors, with varying cadences depending on their importance, to manage traffic and system load effectively. This is achieved through a framework that supports parallelized monitor distribution using PostgreSQL features like "select for update skip locked" to handle millions of monitors daily. The system employs a "slow dripping" technique to distribute tests over time, avoiding overwhelming customers' systems and incorporates self-healing measures to ensure continuous operation. Observability and scalability are emphasized, with the use of lag-duration buckets to track distribution efficiency and prevent infrastructure over-provisioning. This innovative system has increased test frequency and efficiency without compromising performance, benefiting all engine frameworks with easy integration.