Why This European Government Agency Uses Attack Surface Management
Attack surface management (ASM) is becoming an integral, value-add strategy for cybersecurity teams across industries, including those in government. Our own partnerships with government agencies around the world highlight how ASM complements government threat hunting and response efforts. Teams use ASM tools like the Censys Attack Surface Management Platform to gain greater visibility into all of the assets they own, automate processes, improve reporting efforts, gain more context into the risks, and much more.
One of our government customers based in Europe has been using ASM to save time and see more, and in their case study – which you can read in full here – they talk about why ASM was a worthwhile investment.
Let’s take a look at some of their story’s highlights.
This agency’s security team is responsible for proactively monitoring and responding to threats for a number of other partner government agencies. It means they need a good view into and comprehensive understanding of multiple attack surfaces. Prior to using an ASM solution, the team relied on a number of different tools and OSNIT techniques, which, while somewhat effective, resulted in a lot of manual, cumbersome effort. Their senior security analyst considered scripting some of these intel gathering motions in-house, but ultimately realized that an ASM solution could deliver the long-term efficiency the team really needed.
How They’ve Benefitted
After exploring options, their agency came to Censys. They’ve since used the Censys ASM Platform to:
Gain Greater Asset Visibility – The platform’s comprehensive, automated asset discovery and contextualized risk recommendations help the team identify and fill in the gaps that other tools like vulnerability scanners may have missed. In one instance, they uncovered a number of different previously unknown subdomains that were exposing private data.
Work Smarter, Not Harder – Rather than spending hours on basic, manual information-gathering efforts, automated discovery and management now frees up analysts to focus on higher order tasks and investigating risks.
According to their senior security analyst, “[Censys] saved us a lot of time; some of the enumeration things we were doing before, I would spend a week doing them and now I can do them in 20 minutes. I have more time to keep on digging instead of doing the basics first. It’s a timesaver in a way that is huge.”
Leverage Customization – The agency said they’ve also realized value through Censys ASM’s ability to customize functions via API. As their senior security analyst put it: “Being able to work with the API gave us capabilities that weren’t already in Censys. You have the ability to extend the capabilities of Censys and the data to a great extent.”
Interested in learning more about their experience with ASM? Check out the full case study!