Setting sail on a new year and new exposure management approaches.

Is there a better way to kick off 2025 than with some exposure management innovation and a security conference taking place on the deep blue sea? We don't think so.

Earlier this month, we unveiled new Inside-Out Attack Surface Management capabilities designed to uncover exposures that are impossible to find through attribution alone. Dive right in with these resources:

• Read our blog to learn how it works ›
• Listen to HD Moore on this week's Risky Business episode ›
• Watch our Dark Reading webcast on-demand › 
• See what we've found so far in the January episode of runZero Hour ›

We’re also gearing up for a busy events season. We are hopping onboard the inaugural CruiseCon 2025 (shameless plug to visit our sponsor table!) and headed out west to the Rocky Mountain Cyber Symposium. Don't miss our training session if you plan to be in Colorado Springs.

Cheers to a great 2025!

The runZero Team

We love our community of runZero users. And we love your feedback. Your insights inspire us to improve and innovate, and we're excited to share some of our latest product updates. Take a read and then try them out for yourself!

Don't have runZero yet? Fire up a 21-day, fully-loaded free trial for up to 100,000 assets, with a smooth transition to our free Community Edition – no sales call required.

---

Inside-Out Attack Surface Management: Unveiling New Detection Capabilities

We’re excited to introduce Inside-Out ASM (IOASM), the first in a series of features designed to uncover new categories of vulnerabilities and misconfigurations. IOASM leverages runZero’s unique fingerprinting to identify internal assets that are also exposed on the public internet—no external IP knowledge or configuration required.

This innovative approach uses device-specific fingerprinting, rather than relying on IP or domain attribution, to reveal inadvertent exposures. Within the runZero platform, you can now see vulnerability records created for potentially exposed internal assets and the misuse of shared encryption keys.

In the coming weeks, we’ll release new documentation on this feature, along with a series of blog posts outlining details and step-by-step instructions on how you can use this feature to identify hidden risks.

Read our recent blog for more details ›

---

Customizable Alert Rules for Individual Users Within Your Organization

runZero is expanding access to customized alerting capabilities, giving users greater granularity to manage alerts within the platform. Alerts, rules, channels, and templates can now be scoped to one or more specific organizations, empowering organization-level users to create and edit alert rules tailored to their unique needs.

This enhancement provides precise control over alert rules, flexibility in configuring notification channels, and the ability to use custom templates for consistent, clear, and concise messaging to stakeholders.

For detailed guidance on configuring these settings, please refer to our alerts documentation ›

---

Custom Integration Scripts

We're excited to announce that you can now execute Custom Integration Scripts directly on runZero Explorers, triggered by runZero tasks.

This enhancement streamlines your workflow by allowing seamless integration management within the runZero UI, eliminating the need for deploying external scripts. By running integrations internally, you benefit from enhanced security and greater control over your processes. Additionally, this update fosters a collaborative ecosystem, enabling easier sharing and distribution of integrations developed by both our team and customers.

Learn more in our custom integration scripts documentation ›

HD Moore on Inside-Out Attack Surface Management

See how flipping external approaches inside-out overcomes common challenges like attribution accuracy and false positives, and why starting with a deep understanding of your internal attack surface delivers significant improvements in external defenses.

Access the on-demand webcast to learn:

• How to find hidden risks that other solutions miss: Uncover high-risk exposures, cloned servers, exposed encryption keys, duplicated certificates, misconfigurations, and other vulnerabilities that traditional EASM tools often miss.
  
• Why asset fingerprinting is key: Understand why an accurate view of your external attack surface starts with detailed asset fingerprinting—not just IPs and domain names—enabling you to determine if any assets discovered within your internal networks are also visible on the public internet.
  
• Inside-out techniques in action: See a live demonstration of how inside-out methods, powered by the runZero Platform, can reveal what’s truly at risk and how everything is connected.

Check out this novel approach to bridge amazing internal visibility with external defenses.

New Episode February 19th @ 1PM ET / 10AM PT

Discover fresh insights, pioneering research, and practical strategies to level up your security, served with a side of cybersecurity fun!

Every month, our research team dives into real-world exposures and attack surface trends. Our goal is to share novel information to improve security for IT, OT, loT, cloud, & mobile environments, not just rehash the same old infosec news. We hope you'll join us!

CruiseCon 2025
February 8-13 @ Port Canaveral, Florida

We’re setting sail on the the inaugural CruiseCon 2025 and thrilled to be a sponsor of this one-of-a-kind event. Bringing together cybersecurity pros for hands-on learning and meaningful connections, the agenda explores today’s most pressing security topics, combining technical insights and executive networking in an unforgettable setting.

---

Rocky Mountain Cyber Symposium
February 10-13 @ Colorado Springs, CO

Join us in Colorado Springs for RMCS25, where industry, government, and academia tackle today’s cybersecurity challenges under this year’s theme, Securing the Future. And don’t miss our training session, Combatting Modern Threats With Innovative Assessments, to learn how you can leverage runZero for your next Cyber Operational Readiness Assessment (CORA) and to see if you emerge victorious in our CTF competition. We’ll see you there!

See all events ›

Did you know runZero can help you respond to zero-day threats without security probes or a rescan? It’s true!

Check out our Rapid Response posts for tips from our runZero Research team and pre-built queries that can help you identify potential exposures in your environment — and that includes free trial users!

---

See all Rapid Responses ›

[runZero Blog] 
Inside-Out Attack Surface Management: Identify the risk before hackers bridge the gap

[runZero Blog]
Ensure compliance with DORA’s ICT risk framework using runZero

[runZero Blog]
Taming the typhoons: How runZero keeps you ahead of state-sponsored cyber threats

Read more ›