Announcing Our Attack Surface Management Platform
We’re excited to announce that our new enterprise security platform is in limited, closed beta! We plan to make Censys Platform, our first SaaS product, available to everyone in Fall 2019.
Today, we’re working with beta customers to create an automated, streamlined way for businesses to get global visibility about their attack surfaces. We’ve heard from users over the past year or so that our trusted data has many uses within the corporate security space and we’re working alongside our beta customers to determine exactly how we can solve the digital risk and visibility challenges that they’re not able to remedy with existing solutions.
The common challenge that our beta customers have agreed on is that there aren’t any security solutions on the market that provide them with a reliable and complete list of every asset used in their organizations. Solving that relatively simple problem is something our data has been able to provide for years, but presenting it in a clear, readable dashboard for users provides them with a level of insight they couldn’t find with other solutions. Add to that monitoring and tracking those assets and notifying them of anomalies or security risks right within their existing workflow and we knew we had a product worth building.
With the Censys Platform, customers will be able to protect their entire attack surfaces. With Censys, you can:
Discover and monitor
- Discover assets (including cloud and IoT) used by employees, third-party vendors, contractors, etc. within your business that you may not have known about
- Monitor known assets for vulnerabilities, changes, and anomalies
- Get a comprehensive, real-time attacker’s view of your organization or any you have acquired or merged with during an M&A
Track changes in your assets as they happen
- Our Logbook feature shows you a timeline view of network and asset change events.
- When someone spins up a host anywhere in the world that is connected to your organization in any way, we detect that host and report it in the timeline view.
- These changes can indicate critical security issues, which you can dig deeper into to explore and analyze and take action on before they cause any negative impact to your organization.
Get near real-time actionable insights
- The key is not just to have more data, but to have relevant data
- We flag and prioritize security issues based on the level of risk and potential impact.
- Your team doesn’t need more noise to wade through, you just need current information about the important things that have a real impact on your risk profile or compliance status.
Proactively mitigate risks
- We let you know when any of your assets are affected by critical vulnerabilities in real-time. When new bugs or CVEs are reported and confirmed, we automatically scan your assets to see which are affected and require action
- Get alerts when new suspicious certificates are found that are connected to your domain or similar, likely fraudulent, domains that may be used in phishing campaigns against your company, customers, or partners
- We’ll also flag internal services and devices that are exposed on the Internet that shouldn’t be. Because those services (think IoT devices and building management controls) can put your organization at risk if they’re unnecessarily exposed and vulnerable, we’ll notify you so that you can take action and remediate risks.
Receive notifications and alerts
- No one wants more notifications and alerts, we get it. We try to make alerting as painless as possible because we know these alerts can be distracting to IT and security teams who are getting hundreds of alerts per day.
- You do need to know when significant security issues are uncovered within your infrastructure, though. With that in mind, we can integrate with your existing systems (SIEMs, orchestration, and ticketing systems, for instance) so that you’re getting notified in your current workflow.
- The goal is to allow you to customize where you get alerts and what level of security risk you determine warrants an alert to the team.
No Black Boxes
Unlike our competitors, we believe in full transparency. You can view all of our security insights in your customize dashboard, of course, but you can also pivot from there into our actual continuous, up-to-date scan data.
Don’t trust us just because we say we’re security experts. You know your organization better than we can, and it’s important that you’re able to investigate what actual data impacting our security insights. We know we need to earn that trust over time and full data access through our web interface and APIs is critical to building that trust.
Continuous protection between pentests
The Censys Platform lets you protect your organization between annual or quarterly pentests. Pentests are important and a valuable part of satisfying your regulatory compliance process, but imagine being able to perform a lot of those same exercises on-demand, with your own team.
Pentests give you that vital outsider’s perspective — the hired consultants have no bias that can get in the way of getting that attacker’s view — but you can supplement that by regularly monitoring and tracking infrastructure automatically with the Censys Platform.
See us at Black Hat USA 2019
If you’re attending Black Hat USA 2019, we’ll be offering demos in our Innovation City booth, #IC2206.
Request a Demo or Personalized Attack Surface Report
Want a customized attack surface report? We’ve only got a few limited spots available, so act now! Request a customized attack surface report!