HailBytes ASM May 2026 Release: LGPD & IEC 62443 Compliance, Expanded Cloud Connectors, and Threat Intel Integrations

The May 2026 release of HailBytes ASM introduces several platform capabilities driven directly by customer feedback from enterprise security teams, MSSPs managing multinational portfolios, and operators in regulated industrial environments. This post walks through the substantive additions: two new compliance frameworks, native cloud asset discovery for four major providers, threat intelligence enrichment from four leading external data sources, and expanded nuclei template coverage for more comprehensive vulnerability detection.

LGPD Compliance Framework

The Lei Geral de Proteção de Dados (LGPD) is Brazil's data protection regulation, structurally similar to GDPR but with distinctions in data subject rights, consent requirements, and the role of Brazil's national data protection authority (ANPD). For organizations with Brazilian operations or Brazilian customer data — a growing segment of our customer base as HailBytes ASM expands in Latin America — demonstrating compliance posture against LGPD controls has become a board-level reporting requirement.

The LGPD framework in HailBytes ASM maps platform findings to LGPD control categories: data minimization (exposed endpoints surfacing excessive personal data), access controls (authentication weaknesses on assets handling personal data), data breach notification readiness (asset inventory completeness), and vendor risk (third-party integrations surfaced through attack surface enumeration). Compliance report templates are available as read-only builtins, meaning teams can generate LGPD posture reports immediately without configuration.

This addition reflects a deliberate choice: compliance frameworks in HailBytes ASM are not checkbox exercises layered on top of findings. They are control mappings that give business context to technical findings — converting "exposed API endpoint with authentication bypass" into "LGPD Article 46 — inadequate security measures for personal data processing" in the compliance report output. That translation is what security leaders need when presenting to legal, compliance, and executive stakeholders.

IEC 62443 Compliance Framework

IEC 62443 is the international standard for industrial cybersecurity, covering operational technology (OT) and industrial control systems (ICS) in sectors including manufacturing, energy, water treatment, and critical infrastructure. It defines security levels (SL-1 through SL-4) and control requirements across system, component, and zone/conduit levels. For organizations managing or monitoring OT environments, IEC 62443 compliance is increasingly a contractual requirement from customers and regulators.

ASM's role in OT security is distinct from its role in IT environments. The attack surface of an ICS environment is typically smaller and more static — fewer assets, but each with significantly higher potential impact if compromised. Industrial protocols (Modbus, DNP3, EtherNet/IP, BACnet) exposed externally represent immediate critical findings. Remote access interfaces on engineering workstations and historian servers represent the entry points that appear in ICS breach investigation reports.

The IEC 62443 framework in HailBytes ASM maps findings to the standard's security requirements: zone and conduit boundary enforcement (exposed assets that should be network-isolated), secure remote access (remote management interfaces without adequate authentication controls), patch management (outdated industrial software versions detected through service fingerprinting), and supplier security (third-party component vulnerabilities in OT stacks). A new badge type for ICS/OT asset findings provides visual distinction in the findings dashboard, making it immediately clear which findings touch industrial infrastructure.

Combined with the existing PCI DSS, SOC 2, NIST CSF, ISO 27001, HIPAA, CIS Controls, GDPR, FedRAMP, NYDFS, and OWASP framework support, HailBytes ASM now covers 12 compliance frameworks — providing a single platform for multi-framework compliance posture reporting across IT, cloud, and OT environments.

Native Cloud Connector Support

Attack surface management that relies solely on external reconnaissance — DNS enumeration, port scanning, certificate transparency — sees only what the internet sees. For organizations with multi-cloud infrastructure, that leaves a significant portion of the attack surface unmapped: cloud assets that are externally accessible but not discoverable through DNS, or assets that become externally accessible through misconfiguration but were never intended to be.

Cloud connectors in HailBytes ASM ingest asset inventory directly from cloud provider APIs, then cross-reference that inventory against the external reconnaissance results. The gap between "what the cloud provider says exists" and "what external scanning reveals as accessible" is exactly where shadow IT, forgotten assets, and misconfigured services live.

This release adds native connectors for:

• AWS — EC2 instances, RDS endpoints, S3 buckets, ELB/ALB endpoints, Lambda function URLs, API Gateway endpoints, CloudFront distributions
• Azure — Virtual machines, App Services, Azure SQL endpoints, Storage accounts, Application Gateways, Azure CDN endpoints
• GCP — Compute Engine instances, Cloud Run services, Cloud SQL endpoints, Cloud Storage buckets, Load Balancers
• Cloudflare — Zones, DNS records, Workers, Tunnels, and Access-protected applications

Credentials are stored encrypted at rest using the platform's existing secrets management. Each connector uses read-only API scopes — no write access is requested or stored.

Threat Intelligence Enrichment

External attack surface data gains a different dimension when enriched with threat intelligence: knowing not just that an IP has port 22 open, but that the same IP has been observed in Shodan's scan history running an outdated SSH version that appears in active exploitation campaigns, or that GreyNoise has flagged it as a mass-scanner source. That context determines triage priority in ways that raw scan data alone cannot.

HailBytes ASM now integrates with four threat intelligence providers:

• Shodan — Historical banner data, open ports, and vulnerability references for discovered IPs and hosts
• Censys — Certificate history, service fingerprinting, and host metadata to supplement active scanning
• GreyNoise — Classification of discovered IPs as benign scanners, malicious, or unknown, reducing alert noise on mass-scanner traffic
• VirusTotal — Domain reputation, URL analysis, and known malware associations for discovered subdomains and endpoints

Threat intel enrichment is available as an opt-in per-asset lookup, displayed in the asset detail view alongside the platform's native scan findings. API key configuration is handled per-provider in the platform settings. Lookup counts and rate limits are surfaced in the UI to help operators stay within their provider plan limits.

Nuclei Templates v10.4.4 Pre-Bundled

Previously, fresh HailBytes ASM Docker deployments required a network call to download nuclei templates before scanning could begin. In environments with restricted outbound access — a common constraint in enterprise and government deployments — this initialization step would silently fail, resulting in scans that ran no nuclei checks. The root cause was a single custom SSRF template download that masked the absence of the broader template library.

The May 2026 Docker image bundles the full nuclei-templates v10.4.4 release (pinned to the official projectdiscovery/nuclei-templates release tag for supply-chain reproducibility). Fresh deployments now start scanning with the complete template set immediately. Per-scan nuclei -update-templates still pulls newer templates at runtime for environments with outbound access, but the bundled library ensures baseline coverage in air-gapped or restricted environments. The custom SSRF template is layered on top of the upstream bundle, preserving existing detection capability.

Multi-Language Platform Interface

HailBytes ASM now supports seven interface languages: English (default), Portuguese (Brazil), Spanish, French (Canada), German, Japanese, and Korean. Language selection is available in user profile settings and persists across sessions. All platform-generated compliance report templates render in the selected language.

This addition specifically addresses the needs of our MSSP customers operating in non-English-speaking markets, where customer-facing deliverables — findings reports, compliance summaries, executive dashboards — need to be in the client's primary language without a manual translation step. The platform's translation infrastructure uses a formal compilation process (GNU msgfmt) rather than runtime substitution, which means translation quality is verified at build time rather than discovered by a customer reading a malformed report.

Upgrading

This release is available on the AWS Marketplace and Azure Marketplace. Existing deployments can update by pulling the latest Docker image. Cloud connector credentials and threat intel API keys are configured post-update in platform settings; no migration of existing data is required.

Compliance framework report templates are available immediately after update as read-only builtins — no configuration required to start generating LGPD or IEC 62443 posture reports against your existing asset data.