A National CERT Group Uses Censys Data To Identify Security Risks
A national CERT group responsible for reducing the cyber risks faced by their country’s key systems and services, shared with us how they’re using Censys data to identify security risks. Using this data, they help their national services and business partners lock down their networks and critical infrastructure.
In addition to working with their national services, this particular CERT group works with private sector organizations and international counterparts. It also coordinates the national response to any serious cyber security incident.
We spoke with an employee for this national CERT group to understand how they’re putting our data to use.
How does a national CERT use Censys data?
The employee’s team is required to ensure the government’s critical infrastructure is all online and that they’re being proactive about managing the nation’s common vulnerabilities and exposures (CVEs).
Initially, they heard about Censys through word of mouth in the academic research space and decided to evaluate Censys compared to some of the other scanners on the market. As Censys was free to try for researchers and many of the other scanners were not, they were able to jump right into using it for evaluation purposes.
A proactive security advisor for partners in healthcare, finance, and critical infrastructure
This group initially began using Censys for infrastructure discovery and vulnerability scanning and tracking, alongside other tools, such as Shodan. These are still primary goals for the organization, but they’ve found some other interesting use cases for Censys data that have been invaluable for them and for their business partners.
As proactive advisors for their business partners, the CERT group produces monthly scorecards to tell them how they’re doing when it comes to security, compared to other organizations and businesses in their industry. Alongside these scorecards, they also create trend reports to let their partners compare their standing compared to their security health in previous quarters. These simple tools give their partners a high-level, at-a-glance view of their overall security health, rather than inundating them with highly technical security reports.
The group provides their partners with ongoing adversary tracking reports and advisories around current and emerging security threats. These advisories are categorized based on the level of risk the threats or vulnerabilities present to the partner -- for example, a known adversary is actively attacking their system is a high threat and therefore warrants an immediate notice suggesting immediate action. Whereas, a lesser threat may just go out as something to fix or patch quickly in order to remediate the risk.
Vulnerability and CVE tracking with Censys
Along with these reports to business and government partners, the national CERT group tracks new CVEs and vulnerabilities to ensure that their partners patch their systems against emerging threats. Once CVEs are created, they run queries to locate any affected systems and servers and recommends patching and/or updating.
The positive impact of visibility and data
Overall, the employee says that Censys “has had a hugely positive impact on our organization and on the security of our business partners.” Compared to the other scanners they have used and evaluated, “Censys has more precise, context, accurate data that enables us to provide actionable advice to our partners.”