Let’s say you come across something unusual on the internet: a cluster of unknown hosts, software that’s pretending to be one version but is really another, control panels with no authentication. Are these happenstance oddities, or actual cybersecurity threats?
For threat hunting security teams, the ability to answer this question quickly matters a lot. Mistaking a hostile threat for a harmless artifact can lead to catastrophic consequences.
But discerning harmless from hostile isn’t always easy; we know that the tactics malicious actors use are increasingly sophisticated, and we also know that the internet can be a big, weird place (and one that’s only getting bigger). Data from our own customers indicates that the average organization’s external attack surface (comprised of all of its public-facing internet assets) is growing 110+% year-over-year. With so many touch points across so many different devices (think: remote employees logging in on laptops, cell phones, tablets; folks outside of IT spinning up cloud instances on their own) it can feel almost impossible for security teams to keep tabs on all of their organization’s internet-facing activity.
That’s why in our latest ebook, Where the Weird Things Are: How to Investigate Unusual Internet Artifacts with Censys Search Data, we’re sharing a how-to guide threat hunting security teams can use to quickly gathering the intel they need using our Censys Search tool. In the ebook, you’ll find step-by-step instructions for running queries in Censys Search that you can use as a template for your own search efforts. The Censys Search tool is ideal for this kind of quick intel gathering because it leverages our multi-perspective global scanning and daily coverage of the largest number of popular ports to provide on-demand, accurate, and contextual data. Censys Search also provides visibility into all things connected on the internet, so that you can see each connection and pivot to different assets to further your investigation.
In the ebook you can find more detail on each step of our intel-gathering search query, which includes:
- Evaluating the weirdness of an observation: Review the 5 questions you should ask to assess the “weirdness” of an observation using Censys Search.
- Assessing your scope: Learn how to explore the search attributes that will help you narrow your focus.
- Characterizing the IP space: Dig deeper into attributes like services and geographic region using the Reports feature within Censys Search.
- Examining your reports: Understand how to make meaning of the data within the reports you generate.
- Analyzing historical trends in the data: Discover how to run a query over snapshots from multiple days.
- Comparing trends across hosts: Create graphic visualizations that compare your observations of interest against a general set.
- Drawing initial conclusions: Learn how the Censys team interpreted the results of its own query and apply to your future efforts.
The internet is a BIG, weird, and constantly-changing place. With just a few query steps, you can understand a small chunk of the cyberspace. By knowing which questions to ask, Censys Search data can help build a bridge to the insights that answer them.
Download the ebook today and learn how to gather the intel you need to defend against threats!