From Hunting the Adversary to Hunting your Organization’s Infrastructure
Do you use Censys? Have you ever used Censys Search? Chances are, if you’re a threat hunter or security researcher, the answer is yes.
Every week Censys Search has thousands of active users, the vast majority are threat hunters and information security researchers. Censys Search, our complimentary offering, is a valuable tool to track down malicious infrastructure across the Internet. Censys Search enables researchers to map the breadcrumbs left behind after an incident to an adversary’s infrastructure operations like IP addresses, domain names, and certificates, run by nation states and cybercriminals alike.
Now, what if we told you that Censys has another powerful tool that uses similar concepts of infrastructure discovery, but in an automated way. Censys ASM Platform (or Attack Surface Management Platform) was built on top of our Universal Internet DataSet, giving you the best visibility of the Internet while automating the manual pivots threat researchers do, but for practitioners instead.
Rather than hunting for malicious infrastructure, we’ve built a product that fits both the needs of security practitioners and security executives to discover and inventory all Internet-facing assets and automate attribution. However, this particular attribution, assists practitioners in determining which assets across the entire Internet belong to their organization, rather than an adversary.
Our Path to ASM
Censys started as a research project at the University of Michigan when the developers behind the ZMap scanner built a search engine, allowing academic researchers to interactively query Internet scan data. Censys was originally designed to help the academic research community better understand devices connected to the Internet and how vulnerabilities affected users (e.g., understanding the impact of the Heartbleed vulnerability and the types of devices infected by the Mirai botnet). The data has proved useful to threat teams who are tracking down malicious infrastructure across the Internet as well, and in 2015, Censys spun out of the University of Michigan into an independent company to help support these commercial users.
Evolving from threat hunter tool to ASM Platform has been a natural progression of the Censys sweet spot, being able to scan the entire IPV4 space and 2,324 ports across the Internet very quickly. This capability ensures that the Censys ASM Platform delivers unmatched, actionable visibility into where your organization’s assets are located across the Internet, potential security risks they may present, and facilitates prioritization and remediation efforts.
Attack Surface Management will continue to be one of the leading topics of discussion among information security professionals as we head into 2021 and you can read more about the history and how this came to be in our latest blog post. However, the concept is closely tied to risk management and the idea that in today’s world, all organizations have some Internet-facing assets. These Internet-facing assets thereby create a potential attack vector and all of these vectors together make up your organization’s attack surface.
The need for automated tooling to assist and support attack surface management is growing with the more and more complex technology landscapes we create. There are many reasons why attack surface management has become an increasingly difficult challenge over the last year, most notably due to the increase in distributed workforce with more employees working from home due to the pandemic. However, some of these problems are by no means new, but rather amplified by COVID-19. The increase in cloud infrastructure, hybrid cloud environments, remote workforce, and ease by which staff can spin up instances across the Internet creating unsanctioned cloud assets, or ShadowCloudTM, have merely highlighted the need for effective attack surface management more than ever.
The Future is ASM
Censys has a rich history and track record of having the best discovery and visibility across the Internet. The best visibility translates into peace of mind for security teams who can be confident their attack surface is mapped and monitored accurately and continually. In the past, Censys has operationalized its visibility in tools for researchers and threat hunters, tracking down APT infrastructure or understanding Internet-wide phenomena. Now this capability, along with Censys ASM automatic organization attribution, can better track, monitor, and remediate your own organization’s assets.
Our data, coupled with the ability to automatically find previously unknown assets belonging to your organization, ensures security teams big and small have the ability to derive actionable insights from Censys and supercharge their existing toolsets.
To learn more about the Censys ASM Platform, sign up for a demo today!
Megan DeBlois is a Technical Marketing Manager at Censys. She holds a dual Bachelors Degree in Political Science and Middle East Studies from the University of California, San Diego and is currently an MSc candidate in Software and Systems Security at the University of Oxford. She is the co-founder of the COVID-19 App Tracker Project and passionate about security and privacy, especially for at-risk communities.