Another year, another Black Hat! I’ve been attending Black Hat for several years. This year I’ve been reflecting on what made the event unique for engineers and executives alike, and where these two groups have opportunities to work together.
A couple of things I heard mentioned by engineers at our booth included how they use Censys for straightforward location / protocol use cases as well as the more exotic 4-byte wildcard searches that surface proprietary protocols that attackers use to evade detection. Practitioners who attended the certification sessions (i.e. the two-day training on Hacking Cloud Infrastructure) also mentioned using Censys to do things like subdomain research in their courses. One of the most interesting research queries I heard last week was actually with Proofpoint’s Senior Threat Researcher Greg Lesnewich, who demoed how they leverage Censys to address phishing campaigns.
Risk v. Risks
One particular conversation, however, stands out to me. I was talking to one of the white hats in my network (don’t ask about his past), and he slipped into the conversation that he was running Windows NT on a Nintendo Wii. When I told him I hoped it wasn’t internet-facing, he smiled and said ‘PowerPC exploits for NT never went mainstream’. He appeared to not have considered the possibility of a hack against him or the attendant issues of an attacker getting access to his network.
From that perspective, I started musing about how our community thinks about risks (plural) versus Risk (singular) appetites.
For those in the cybersecurity field, risks (plural) take on different meanings based on the color of your hat. Good guys see risks as responsibilities, while threat actors view them as currency and opportunity. Grey hats view risks as fun experiments with potential value. However, at a higher level, Risk becomes an executive problem with significant urgency and visibility.
Gaining Actionable Risk Insights
This is why Censys is such a compelling proposition to me. Its dataset, utilized by hundreds of thousands of threat hunters and researchers, provides the most comprehensive record of the internet. However, Censys External Attack Surface Management (EASM) goes beyond data – it performs Risk (singular) functions. The internet is the substrate by which you do business, but it’s also the route directly into your network for malicious actors. Censys EASM presents this as usable, actionable risk insights. Imagine visualizing your infrastructure as a quantifiable risk, enabling you to track changes in your risk profile over time. This information is crucial for business continuity reports, risk functions, and executive discussions.
I talked about this with a lot of people at Black Hat, and it was interesting to see their agreement. One executive even emphasized the importance of prioritizing remediation for internet-facing assets, but expressed concerns about the visibility of those devices.
The Limitations of Traditional IT Tools
To this end, our Director of Solutions Engineering Tony Wenzel spoke at Black Hat on the “‘Limitations of Traditional IT Tools,” specifically the limitations in our current technology stacks to discover risks in shadow IT or unknown cloud accounts. Current standalone tools like Vulnerability Management, Cloud Security Posture Management, Cyber Asset Management, and Security Rating Systems can’t provide anything like the requisite visibility. Only when these tools are integrated with an EASM solution like Censys can you truly harness the complete scope of discovering and prioritizing risks and Risk.
Ultimately, when risks transition into the overarching concept of “Risk,” we create a more effective bridge between technical and executive functions. This integration is essential, and it’s something that everyone should be doing.
If you missed any of the sessions at Black Hat Europe, recordings are currently available on-demand on their website.