Ann Arbor-based Censys, a leader in attack surface management (ASM), has announced a new cloud security offering that includes cloud storage bucket discovery, risk analysis, daily asset scanning, and a centralized and complete cloud inventory across all cloud providers.
The attack surface of any given software is all the points that are vulnerable to unauthorized users adding or extracting data from the software environment. It is impossible to minimize the surface to zero, but ASMs like Censys provide services capable of monitoring these points.
In a recent analysis of its own universal internal dataset, Censys found 2 million database exposures across the most common cloud providers, says security research lead Megan DeBlois. Remote Desktop Protocol (RDP) exposures were nearly as prevalent, with 1.9 million.
RDP was developed by Microsoft and allows a user running server-side software to access the computer of a user running client-side software and make changes.
“We know that database exposures lead to data breaches, and past research has shown that RDP accounts for 70 percent to 80 percent of network breaches,” says DeBlois.
Growing concern from customers and internal research pushed Censys to improve their offerings in cloud visibility. Many of the used Cloud Security Posture Management, Cloud Access Security Broker, or Cloud Workload Protection platforms — all different cloud security structures — which only monitor known cloud accounts, leaving the system vulnerable to unauthorized.
The new offerings by Censys allow customers to continually discover cloud assets and risks, including unknown cloud accounts and providers, to unmanaged cloud storage buckets, eliminating the security blind spots created when they go unmonitored.
“Most Fortune 500 companies have hundreds of cloud accounts. While some are managed through cloud security tools, many are simultaneously created by non-IT groups and don’t have technical controls to prevent a breach,” says Zakir Durumeric, co-founder of Censys. “Security teams are left with a huge environment to protect but are blind to many of their riskiest accounts.”
Durumeric detailed a specific example of a breach in which a customer thought they had 800 hosts in their attack surface. After connecting their Amazon Web Services accounts to Censys’ cloud security system, 1,439 accounts were revealed — nearly an 80 percent increase. Also discovered were 60 exposed protocols and end-of-life software risks on assets that were unknown before.
The discovery of new cloud assets can help mitigate data loss from misconfigured databases and buckets, which has resulted in numerous data loss events over the years, says Derek Abdine, CTO at Censys.
“Censys has added storage bucket discovery after overwhelming demand from customers,” says Abdine. “After switching on the feature with one customer, we found 18 exposed buckets, one with a completely configurable access control list. That means anyone on the Internet could have changed the settings and accessed the data.”
Founded in 2013, Censys gives organizations the world’s most comprehensive real-time view of global networks and devices. Customers like FireEye, Google, NATO, Swiss Armed Forces, the U.S. Department of Homeland Security, and over 10% of the Fortune 500 rely on the company’s Internet-wide continuous visibility platform to discover and prevent cybersecurity threats.