Research Shows 50% of SSH Exposure Found on Non-Standard Ports; Detectify Launches IP Range Scanning to Close Critical Visibility Gaps

Detectify, the Swedish application security testing platform built and trusted by hackers, has launched IP Range Scanning to continuously discover and monitor entire blocks of IP addresses, helping security teams find forgotten assets and hidden risks before attackers exploit them.

Many organizations are sitting on forgotten IP addresses that have become entry points for cyberattacks. While millions have been spent securing public-facing websites, legacy tools can miss large parts of the attack surface due to noise and stale data.

Detectify’s research shows how serious this gap is: SSH appeared on non-standard ports nearly as often as on port 22, suggesting that teams that only check standard ports may miss a significant number of exposed services. Additionally, high-risk services such as Redis and MongoDB are often exposed on raw IP addresses without associated domains, leaving them invisible to many traditional tools.

Detectify’s IP Range Scanning prioritizes high-fidelity discovery across large network segments, delivering greater accuracy and reducing blind spots. With this release, customers can benefit from:

• Onboarding entire CIDR blocks in seconds: Gain continuous visibility into the infrastructure behind their networks, from legacy systems to rapidly expanding environments.
• Identifying hidden services: Uncover everything from remote desktops and databases to web applications, powered by Protocol Discovery that goes beyond simple port detection.
• Bridging the gap to testing: When a web application is detected, Detectify automatically transitions to deep security testing.

“Security teams have been trapped between fast but shallow mass-scanners and slow, legacy enterprise tools that produce too much noise,” says Rickard Carlsson, CEO and Co-founder of Detectify. “We’re ending that era of guesswork. If it’s on your network, we will find it and verify if it's actually exploitable.”

Scanning entire IP ranges, not just domains, gives organizations a more complete view of their exposed attack surface. Continuous discovery across those ranges helps teams identify forgotten or unmanaged assets early, improving visibility and reducing the risk that overlooked weaknesses will be exploited.

“We don’t believe in half-measures. You either see your entire network, or you’re vulnerable. We’ve built the technology to bridge the gap between domain monitoring and the underlying IP infrastructure, because a blind spot is just a breach waiting to happen,” Carlsson concludes.

About Detectify

Founded by ethical hackers in 2013, Stockholm-based Detectify is an application security platform trusted by over 2,100 organizations globally, from high-growth startups to the world’s largest enterprises and public institutions. Detectify equips modern security teams with clarity and control over their attack surface. Fueled by real-world validated payloads from its global community of elite ethical hackers and scaled through its own AI-driven engines, Detectify enables organizations to identify and fix truly exploitable vulnerabilities before attackers do.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260324499043/en/

Security teams have been trapped between fast but shallow mass-scanners and slow, legacy enterprise tools that produce too much noise.