Our Recap of 2023

New Features of the Security Audit Platform

Our platform is designed with our partners' needs in mind. We are pleased to look back on key new features of go.lywand.com that have been developed in response to constructive feedback from our partners.

In particular, we would like to highlight our Feature Request Portal, which has been available to our partners since the end of August 2023, allowing them to submit change requests or suggestions for new features at any time.

• Multiple clients can be created quickly and easily with the Customer Bulk Upload.

• The Management Report can be personalised (company, address and logo).

• When creating a new customer, the cost estimate provides a preview of the monthly costs.

• Individual device checks can be triggered manually in the Check Insights.

• Ignored vulnerabilities are tracked by automatically recording which user ignored a vulnerability and when. Optionally, an internal note can be added to document the reason.

• The new Partner Dashboard replaces the previous Customer Overview. After logging in, lywand partners will find information on their current phase or partner level, the total number of targets checked and an overview of their customers.

• To make it easier to set up customers, some steps can be skipped when creating customers.

• Status information and a simplified uninstall process optimise the handling of endpoints.

• The MSI installer provides an additional option for agent distribution.

• A grace period can be set for the "missing patch" vulnerability.

• The Security Dashboard provides a rating preview, including rating definitions. You can also see at a glance how many measures are required for a particular rating.

• In addition to the new layout of the Renovation Plan, the planning and implementation modes have been combined into one page.

• The Feature Request Portal allows partners to submit and upvote feature suggestions and improvements.

• The connection to Datto's Autotask PSA ticketing system allows measures to be managed and processed directly in Autotask.

• Vulnerabilities can now be ignored for all customers.

• The presentation of key figures in the Security Dashboard has been improved and expanded.

• Auto Healing can automatically remediate up to 80% of internally detected vulnerabilities.

• The agent allows the use of authenticated proxies.

Expansion of the Network

New Distributors & Partners

During 2023, we reached important milestones in the expansion of our sales channels. In March 2023, we signed CampusLan GmbH as a distributor for the education sector, followed by Infinigate Deutschland GmbH in April 2023 and Infinigate Österreich GmbH in May 2023 - Infinigate is the largest cybersecurity distributor in EMEA. Thanks to the successful cooperation with our distributors, we were able to gain 413 partners by the end of the year. The number of our customers also increased to 2,459.

Success Stories & Partner Workshops

Events

We participated in many events last year and were delighted to meet many of our partners in person. - There's nothing like face-to-face dialogue. 😊

Technical Insights

Security Audits Carried Out

A total of 15,037 external and 5,867,345 internal audits were performed in 2023. The number of internal audits is significantly higher than the number of external audits, as external audits of the IT infrastructure are generally performed monthly, and internal audits are performed daily, one per endpoint.

Average Security Audit Duration

The average duration of an external security check was 8.7 hours, while an internal check was only 10 minutes.

Vulnerabilities Overview

Our platform is capable of detecting 139,065 different security vulnerabilities, which are checked as part of the security audit process. In 2023, we were able to identify 1,235,782 vulnerabilities. Since the launch of the Auto Healing feature in December, many partners have activated the feature and 122,016 vulnerabilities have been automatically fixed in just one month - we think that's lywand! 😉

The Most Common Vulnerabilities

Of the vulnerabilities identified in 2023, the following five were the most common.

1. Missing patches

   This type of vulnerability occurs when systems or applications are not kept up to date. They can easily be exploited by hackers to gain access to systems and data.

2. Web misconfiguration (content security policy)

   Incorrect configuration of the web server can make it easier for hackers to intercept and/or manipulate data. In particular, the content security policy should protect against so-called cross-site scripting (XSS) attacks. This means that malicious code cannot be infiltrated on the respective website.

3. Encryption misconfiguration (SSL/TLS)

   These encryptions are used to ensure the security of data transmissions on the internet. Misconfiguration of these settings can make it easier for hackers to intercept data.

4. Outdated operating systems

   Older operating systems can be more easily exploited by hackers as they are usually no longer patched by the manufacturers.

5. Insecure authentication

   Weak points in authentication can allow hackers to gain access to systems and data by impersonating authorised users.

Conclusion & Outlook for 2024

2023 was an exciting year full of challenges, new opportunities and successes that we mastered together. We appreciate the commitment of our great team and the valuable partnerships.

2024 is all about expansion - we plan to continue to invest in new employees, increase our pace in the development of new features and drive the scale-up into new markets. One clear goal is to triple the size of our partner landscape in order to make our altruistic approach to security auditing accessible to even more small and medium-sized companies.

Topics for 2024:

• NIS2 support through lywand

• Cloud security

• Implementation & prioritisation of feature requests from our partners

One thing is clear: 2024 will be lywand!