Our team headed out to San Francisco last week to attend the RSA Conference. We were there to spread awareness of Attack Surface Management and reveal the risks of internet exposure. But we also wanted to hear from the cybersecurity community about what was top of mind. That said, here’s what we learned.
Organizations have an incomplete view of their external exposure
Most attendees we talked to already had solutions in place to monitor the assets within their known IP ranges and were using some sort of vulnerability management tool, but not one attendee felt confident they knew their complete outside-in view of their assets exposed to the internet. It’s difficult – it’s a moving target every single day to know what your risks are.
Teams are wary of what assets ASM solutions surface
It was interesting to hear that ASM has somewhat of a bad reputation given the lack of clarity some vendors provide in their surfaced assets and the amount of false positives or noise that is produced.
The reason ASM has a reputation for false positives is because most solutions don’t have the appropriate data and knowledge of the internet. Other solutions also are not refreshing your attack surface quickly enough which results in presenting stale data. This is what sets Censys apart. We scan the entire internet regularly and give the most accurate and holistic view of your external attack surface. By automating scans through our ever-expanding dataset, we can accurately surface shadow IT and discover all assets associated with your organization. And to prove what we brought in is legitimate, we also show our work on every asset.
Organizations want to reduce their workload
One thing we kept hearing over and over again was that attendees and organizations need a solution that doesn’t require hiring and training more employees. By hooking into the tools your organization already uses, Censys is able to sit on the front-line, continuously discovering new assets or changes to existing assets. It can then feed that information into SEIMs for long-term historical changes or alerting, vulnerability management tools for deeper scans, or into any other system that would benefit from an external asset inventory source of truth. We are able to fill a major security gap and the best part is we already have your missing piece. There is no work that needs to be done on your end to see your organization’s internet exposure; that’s the hard part and we’ve already done it.
Did you miss Censys at RSA?
RSA is always a whirlwind of activity, so if you didn’t get the chance to stop by our booth to chat, please feel free to reach out to us. You also still have the opportunity to get a custom attack surface for your organization through a demo with our sales team. You can sign up for your tailored demo below.
Schedule a Demo