At Censys, we talk all the time about how critical data is to cybersecurity success. It’s a foundational element of the practice, driving almost every decision teams have to make. Which assets are exposed? Where should we look for threats? How is our attack surface changing over time? Your data guides the answers to these questions.
However, whether or not you arrive at the right answers depends on the quality of that data. And a big part of quality is “freshness.” In a rapidly-evolving threat landscape, cybersecurity teams need data that’s up-to-date enough to allow them to spot exposures on their own attack surface and identify external threats before adversaries can take action.
Which brings us to the question: how do you know if your data is “fresh enough”?
Consider this study from GreyNoise Research, which found that approximately every three minutes unknown and possibly malicious entities are performing their own scans of the internet. That’s close to continuous scanning from potential adversaries. If your own data stream isn’t keeping up, threat actors will most certainly have a chance to exploit risks on your attack surface before your team is any the wiser.
Gaining A Near Real-Time View
Cybersecurity teams therefore need a view into what’s happening today – not last month, last week, or on a random day two weeks ago. Without a near real-time view of attack surfaces and the broader global internet infrastructure, teams are left to make decisions with stale data that may overlook new threats or send analysts investigating activity that’s since changed.
Many cybersecurity teams aren’t leveraging data that’s truly up-to-date. In fact, only 14% of respondents to the 2023 Security Hygiene and Posture Management Survey said they continuously scan their attack surfaces. One-third of respondents scan monthly, and 19% are only scanning their attack surfaces on a quarterly basis.
What’s stopping teams from getting up to speed? Some providers charge users more to scan the internet more frequently, and even then, only provide refreshes on a weekly basis. In fact, many sources of internet data on the market don’t offer near real-time visibility, which may lead teams to believe there’s simply not a better option. This of course isn’t true. The Censys Internet Map, which powers our Internet Intelligence Platform for Threat Hunting and Exposure Management Platform, offers the most up-to-date view of the global internet available, scanning the entire IPv4 every 2-3 minutes.
In other words, Censys actually keeps pace with the rate of potential adversarial scanning that GreyNoise observed.
Truly fresh data is worth obtaining because with it, cybersecurity teams are better equipped to take action, including to:
- Detect exposures on their attack surface before adversaries
- Quickly identify emergent threats
- Observe changes to their attack surface and other services on the internet
- Accelerate incident response time
Given that nearly all surveyed security leaders (93%) say they’ve been successfully breached by a cyber attack within the last 12 months, the need for better data is clear.
Other Criteria to Consider
Of course, freshness isn’t the only expectation teams should have for their data. The data that cybersecurity decisions are based upon should also be complete (as in, data is based on multi-perspective scanning with global coverage), accurate (false positives and negatives are kept to a minimum), and contextualized (data is labeled and easy to filter). This last attribute is a big one, given that teams need to quickly be able to understand what they’re looking at without the need to go down investigative rabbit holes. Is the data labeled and does it include the ability to parse and index fields to better organize? Can it easily be rolled up into a report for executives?
Do Better with Better Data
Teams shouldn’t have to settle for anything less than supremely fresh data. If your data is refreshed monthly, quarterly, or intermittently – consider it expired. You deserve near real-time data that your team can rely on to proactively protect your organization against advanced threat actors.
See Our Data in Action