When ZMap, the world’s first global, open-source internet scanner, was released in 2012, it immediately attracted tens of thousands of users from leading government agencies who conducted critical searches to understand the emerging digital threat landscape.
Today, Censys’ proprietary Internet Map is the most comprehensive, up-to-date collection of global internet infrastructure enriched with critical context to help security teams, in both the private and public sectors, enhance threat landscape visibility, report insights faster, and achieve mission-critical objectives.
To highlight the mission-critical work of our public sector customers, we want to walk you through a use case that shows how one of the top government agencies partners with Censys to understand the threat landscape. We have anonymized the customer name for the purposes of this case study blog.
Public sector customers are following guidance from the Biden Administration’s National Cybersecurity Strategy due to the complexity of the global stage and autocratic states using advanced cyber capabilities against critical infrastructure and systems. The high-level message is clear – “Cybersecurity is essential to the basic functioning of our economy, the operation of our critical infrastructure, and the strength of our democracy, the privacy of our data, and our national defense.” With the sophistication of threat actors accelerating, understanding the threat landscape is of utmost importance to this government agency.
Prior to Censys, this government agency was using existing threat intelligence sources that lacked the granularity necessary to build a comprehensive view of the threat landscape. Their goal was to increase visibility and add data context for global threat discovery in order to effectively track critical risk activity.
With Censys Search, the agency implemented automated and timely gathering of the global threat landscape, with rich context for improved reporting. In addition, they utilized exposure management capabilities to protect their critical networks and systems.
Overview and Current Challenges
Cyber threats have become more frequent and complex, posing a significant threat to global security. To mitigate these threats, security teams need better insights to to track, understand, and remediate potential risks.. This government agency didn’t just want to look inward, they wanted a detailed view of the holistic threat landscape – understanding the tactical, operational, and strategic picture. While this agency uses other threat intelligence feeds, they found Censys to provide the most detailed and specific data sets to their teams.
Track and Report Threats with Confidence
Prior to leveraging Censys, the data feeds that were used by this government agency were incomplete and missing critical details, making effectively tracking threats a huge challenge. Without these details, threats could go unchecked and create risks for mission-critical systems and networks.
For this government agency, Censys provides one of the largest and most comprehensive internet intelligence datasets, both current and historical, supplementing their security teams with additional capabilities of a key pillar of the Biden Administration’s National Cybersecurity Strategy – to disrupt and dismantle threat actors.
These new insights have allowed this agency to make better assessments, and have more confidence in malicious indicators, allowing their teams to take appropriate network defense countermeasures proactively by identifying potential threats early.
Proactively Identify Threats
Censys’s programmatic search capabilities combined with its breadth and depth of data enables this agency to glean insights into infrastructure used by malicious actors.
The agency reported Censys has had a positive impact on the overall mission effectiveness. It has been an essential source of current and historic information which enabled them to track infrastructure both proactively and retroactively.
With cybersecurity’s increasing importance on the world stage, arming teams with the most up-to-date and accurate internet intelligence gives them an edge over malicious actors to be more proactive, and stop threats before they can be activated.
Ensure Resilience With Fresh Data and Automation
One of Censys’s distinctions is how fresh and accurate its search results are – Censys refreshes all known services within a 24 hour time frame. The national security implications of fresh data are significant – if teams can’t quickly identify new attacker infrastructure or potential exposures, attackers can threaten critical networks and systems.
The agency noted that Censys was able to capture historic information that was not readily or fully available from other sources, allowing teams to understand and block threats before they could be activated. They treat Censys as one of the main sources of internet scanning and other data.
Automate Manual Processes
To automate formerly manual processes and ensure analysts focus on the most mission-critical objectives, the team utilizes the API with overnight refreshes, providing timely data while saving analyst time. Censys has the widest breadth and depth of internet scanning data available and scans the top 137 ports and the top 1,440 ports in the cloud on a daily basis.
With the Censys API, the agency is able to automate investigations, saving analysts valuable time instead of conducting manual queries. This frees them up to do deeper and broader investigations, painting a better picture of the threat landscape and better helping the agency achieve its mission objective.
The team is so invested in using the capabilities of Censys Search, they’ve recently upgraded their license. With this new license they can do more historical trends analysis, exposure management, and share insights with internal stakeholders.
Mission Critical Partner for Search and Exposure Management
With the upgraded license, the government agency can do even more to thwart attackers. By using existing discovery capabilities and Censys’s rich historical data (up to 7 years), they can retroactively understand how certain events transpired and aligned with threats they were seeing at the time.
They don’t just use Censys for threat discovery, but exposure management as well, by feeding IP addresses and infrastructure from Censys into perimeter defenses. This helps the agency protect their own networks and defend data in their infrastructure.
The agency has been a Censys customer for five years and counting. With an increasingly complex geopolitical environment, it’s more important than ever that teams are able to understand and report on the threat landscape and potential exposure to achieve their mission objectives.
Censys’s distinct advantage as the provider of the most comprehensive, accurate, and up-to-date map of the internet has transformed how this team engages with internal stakeholders and partners. Through mutual cooperation with its partners the agency can ensure defense and resilience for its networks, while providing valuable insights for multiple teams to reach economies of scale. This transformation means the agency can better achieve their mission objectives with a detailed tactical and strategic view of the threat landscape.
Censys Internet Intelligence Platform™
Founded by the creators of ZMap, trusted by the U.S. Government and over 50% of the Fortune 500, Censys’ mission is to be the one place to understand everything on the Internet.
Censys is the leading Internet Intelligence Platform™ for Threat Hunting and Exposure Management. We provide governments, enterprises, and researchers with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threats. Censys scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B), reducing the likelihood of a breach by 50%.
Request a demo or try Censys Search to see how your organization can benefit from Censys’ leading Internet Map.