Best Detectify Alternative: Attaxion EASM Platform

Pricing

Both Detectify and Attaxion provide pricing on demand based on your specific needs and the number of assets that you have. However, both offer a basic plan that you can purchase without talking to sales, using just a credit card.

Detectify vs Attaxion: Pricing
	Attaxion	Detectify
Monthly pricing	USD $349/month	USD ~$420/month (385 EUR/month)
Yearly pricing	USD $3,490	USD ~$3,660 (3,300 EUR)
Assets covered	120 (all types)	25 (only subdomains)
Free trial	✅ (30 days)	✅ (14 days)

Detectify provides pricing in euros, while Attaxion is priced in US dollars. To compare, in the table above, we show the pricing in USD for both platforms (with the conversion rate for 17.03.2024).

Both Attaxion and Detectify are on the more accessible side of the pricing spectrum when it comes to how much EASM platforms cost. Other EASM tools like Censys or Cycognito would most likely cost you much more. 

When billed annually, Detectify’s basic plan ($~3,600/year) is slightly more expensive than Attaxion’s ($3,490/year). When billed monthly, the same plan for Detectify starts to become even more expensive (~$420 vs $349/month for Attaxion’s basic plan). That makes Attaxion a more affordable Detectify alternative.

For this price, Detectify offers a basic plan that allows for discovery, vulnerability prioritization, remediation, and continuous monitoring of up to 25 assets. When we say “assets,” in Detectify’s case it means subdomains.

Attaxion’s basic plan offers a much higher number of covered assets – up to 120. Attaxion is capable of finding many different types of assets, so it’s worth noting that this number would deplete faster.

Both platforms offer a free trial: Detectify gives you 14 days, Attaxion offers 30.

Overall, Attaxion is a cheaper Detectify alternative, no matter whether you choose to go with a monthly or yearly plan. Both tools are inexpensive when it comes to the typical cost of advanced security software.

Asset Coverage

Like every EASM, the first thing both Detectify and Attaxion do is discovering the organization’s assets – known, unknown, and forgotten. For the user, the process looks more or less the same in both cases. 

First, you need to manually add root assets, which are domain names that your company owns. Detectify offers to do this in a variety of ways: manually, by using a Connector to a cloud service, by adding a zonefile or performing a DNS transfer. Attaxion offers two manual ways: by adding a text file or a DNS record.

After that, the EASM platforms perform cyber reconnaissance and find other assets linked to the root assets. 

Attaxion offers more than 11 different methods of asset discovery, including WHOIS and DNS lookups, cloud platform scans, brute forcing, web crawling, and more. It’s capable of finding a very diverse spectrum of assets – not only domains, subdomains, IP addresses, and open/closed ports, but also CIDRs (Classless Inter-Domain Routing), exposed email addresses, SSL certificates, and more. 

In comparison, Detectify offers 5 methods for automatic asset discovery – scraping, brute forcing, DNS zone transfer, SSL monitoring, and application scanning. In addition to that, subdomains can be added manually – either by direct import, or through integrations with Cloudflare and AWS Route53, or through Google Analytics. The types of assets that Detectify can discover are subdomains, IP addresses, and open and closed ports. 

Detectify vs Attaxion: Asset Coverage
	Attaxion	Detectify
Types of assets discovered	10+: Domains Subdomains IP addresses Ports Organizations Open ports Email addresses Clouds CIDRs SSL Certificates	6: Domains Subdomains IP addresses Ports Open ports Clouds
Asset coverage	Highest	High
Reconnaissance techniques	11+ automatic methods	5 automatic methods
Dependency graph	✅	❌

When used on the same infrastructure, Attaxion usually discovers many more internet-facing assets than Detectify. Even when it comes to assets of the same type, Attaxion is usually ahead thanks to the advanced cyber recon methods it uses for asset discovery.

One other point which makes Attaxion stand out is it offers dependency graphs of your entire attack surface, showing you how your assets are interconnected, also highlighting vulnerable assets on the graph. Dependency graphs offer a good understanding of potential attack paths.

Example of a dependency graph by Attaxion

Overall, Attaxion has a broader asset coverage than Detectify, offering to find more different types of assets and using advanced cyber reconnaissance techniques to discover more assets than Detectify.

Vulnerability Detection and Prioritization

One of EASM’s main functions is analyzing all detected assets for security weaknesses and offering to prioritize them. Of course, both Detectify and Attaxion offer that functionality – and provide a rather similar approach to it.

Both platforms use proprietary vulnerability scanners to compose a list of vulnerabilities in the organization’s assets that can be sorted by severity (CVSS), asset, date first seen, date last seen, etc. Both platforms offer some additional information on each vulnerability, such as some details about it, remediation suggestions, and more. Both allow you to add tags for vulnerabilities to create taxonomies. 

Both Attaxion and Detectify also offer a list of technologies and SaaS tools that the EASM scans discovered on the organization’s assets.

Detectify vs Attaxion: Vulnerability Detection and Prioritization
	Attaxion	Detectify
Tags	✅	✅
Proprietary vulnerability research	❌	✅ (hacker community)
Marking as false positive / accepted risk	❌ (offers proactive false positive filtering instead)	✅
Technology fingerprinting	✅	✅
Export reports	✅ (CSV)	❌
Visual diagrams	✅	❌

Technology fingerprinting by Attaxion (left) and Detectify (right)

There are some noticeable differences though.

Unlike Attaxion, Detectify states that they are relying on an ethical hacker community to provide information on vulnerabilities even before they get added to CVE and CWE lists. That’s a useful feature, as earlier discovery and remediation of vulnerabilities helps lower the risk of cyber attacks. Also, in addition to tagging, Detectify offers to mark security issues as fixed, accepted risk, or false positives to manage them more effectively.

Attaxion claims to proactively filter out false positives, so this functionality is not present there. Also, in our experience, Attaxion was able to find more vulnerabilities than Detectify, despite not having a dedicated team of ethical hackers to source the vulnerabilities from.

Also, Attaxion provides a graphical presentation of the distribution of vulnerabilities by severity, as well as how it’s been changing during the latest period, which can help with reporting and getting a quick idea of the organization’s security status. In addition to that, Attaxion offers to export information on security vulnerabilities in a CSV report.

Attaxion offers a visual way to show the distribution of vulnerabilities by severity, by CVSS, and over time.

Overall, when it comes to vulnerability management, Detectify and Attaxion offer very similar functionality. Detectify has an advantage of being able to detect some vulnerabilities that were not assigned a CVE or CWE number, but Attaxion is better at visualizing the state of the attack surface and offering to export reports to use them in other tools.

Remediation

For each discovered vulnerability, Both Detectify and Attaxion provide remediation techniques. Here, the tools have more or less the same to offer for each vulnerability – a description, the list of vulnerable assets, and some remediation suggestions. 

Detectify stands out by in some cases offering exact code snippets where the vulnerability was found, thus speeding up remediation efforts.

Detectify can in some cases offer code snippets, screenshots, or other useful information.

The key difference that Attaxion has is gathering information about the vulnerability and remediation techniques from multiple sources, which sometimes can make remediation suggestions more useful.

Attaxion relies on multiple sources to gather information about the vulnerability and remediation or mitigation options.

Both tools offer to create tickets in task management systems with all information for each vulnerability or send messages over corporate IM systems.

The difference here is in the supported integrations.

Attaxion offers two integrations with the most widely used tools – Jira and Slack. In one click, you can create a ticket in Jira with all relevant information about the vulnerability. Similarly, Attaxion offers to update you about newly discovered vulnerable assets via Slack.

Of course, you can also just copy a link to the page dedicated to a certain vulnerability and send it over to somebody, but to view it, they will also need to have access to Attaxion to open it. Fortunately, Attaxion offers unlimited user seats.

Detectify also offers integrations, but they are set up a bit differently. While Attaxion offers native integrations, Detectify uses a 3rd party service called Workato to set up integrations and workflows with other apps. Currently, it supports Slack, Jira, Trello, Microsoft Teams, Splunk, OpsGenie.

Detectify vs Attaxion: Vulnerability Detection and Prioritization
	Attaxion	Detectify
Integrations	Native: Slack, Jira	Via 3rd party service (Workato): Slack, Jira, Trello, Microsoft Teams, Splunk, OpsGenie
Code snippets / screenshots	❌	✅
Multi-source threat intelligence	✅	❌

Overall, both tools provide mostly similar options when it comes to vulnerability remediation and mitigation, offering additional information and creating tickets / sharing information about vulnerabilities. Detectify offers a broader list of integrations than Attaxion. 

Continuous Monitoring

There aren’t many differences between Detectify and Attaxion when it comes to continuous monitoring of the external attack surface.

Both tools continuously scan the attack surface for new assets, technologies, and vulnerabilities, regularly updating the respective lists.

The only notable difference here is the reports that tools can send on a regular basis. 

Attaxion sends updates over Slack about everything new that it discovers during asset monitoring. With Detectify, you can set up so-called Custom Policies – which basically are more specific notifications. For example, you can set them up so that you get notified whenever a certain technology with certain versions is discovered on one of your organization’s assets.

That helps not to drown in notifications, however, to make Custom Policies truly useful, you’ll need to set up a lot of them.

Example of Custom Policy for vulnerable jQuery versions set up in Detectify

Detectify vs Attaxion: Vulnerability Detection and Prioritization
	Attaxion	Detectify
Continuous monitoring alerts	✅	✅
Custom policies	❌	✅

Overall, both tools offer very similar capabilities when it comes to continuous monitoring, but

Conclusion

Both Detectify and Attaxion are very solid choices if you’re looking for an External Attack Surface Management tool that won’t break your cybersecurity budget. 

Attaxion is better than Detectify at one of main functions of an EASM platform – external asset discovery. It offers broader asset coverage and is capable of finding more different types of assets. You can only protect the assets that you’re aware of, and with Attaxion, you’ll be aware of more assets than with Detectify, which makes it a great Detectify alternative. Attaxion is also more affordable than Detectify.

On the other hand, Detectify has been on the market for a while, so it offers some advanced functionalities such as code snippets showing where a vulnerability is present and custom policies. But it can discover and protect fewer assets, thus not completely covering your organization’s external attack surface.

Ready to try Attaxion EASM? Start a 30-day free trial, or request a personal demo.