Are You Still Using Shodan to Map Your Attack Surface?

Posted by Reposify on August 19, 2020 8:41:42 AM EDT

If you are using Shodan to search for your company’s assets or perform reconnaissance as part of blue or red teams routines - you need to keep reading. This blog unlocks insights that will help you eliminate more risks in less time and minimum effort.

Shodan (aka the hackers’ search engine) is a well known Internet search engine which allows you to check the exposure status and meta data of every public IP address. It is used by both hackers and organizations.

Shodan is great for attackers. Having the internet at your fingertips is exactly what you need when trying to find exposed assets to attack. But for organizations it's a different story.

In order to stay ahead of attackers you need a quick way to continuously map and monitor your ever-changing external attack surface. But trying to create an always up-to-date connected asset inventory by using an IoT search engine is like looking for a needle in the haystack while ignoring the rest of the barn. The inherent limitations of Shodan include manual searches, false positives, no prioritization and result in partial visibility of your real attack surface.

The only way to eliminate shadow IT risks and unknown exposures is through complete automation of the discovery, analysis, prioritization and monitoring processes.

10 years ago, Shodan was probably your best option, but today in 2020, using Shodan to search for your company’s assets is like trying to navigate at sea, with no GPS or sonars, relying only on the stars.

This blog presents a deep dive comparison of the use of Shodan vs Reposify’s External Attack Surface Management platform for mapping the attack surface and eliminating unknown risks .

We’ll examine and compare 4 main aspects:
1. Internet scanning capabilities
2. Asset discovery capabilities
3. Insights actionability (asset classification, security insights and risk prioritization)
4. Costs - is Shodan really that cheap?

Spoiler Alert 

Read More

Topics: "Respoify IoT Scanner", "IT Security Audits", "Attack Surface Management", "Security Risk Assessment", IoT Search Engine

How to Avoid Hostile Subdomain Takeovers

Posted by Asaf Aprozper on July 27, 2020 3:33:53 AM EDT

What is a hostile subdomain takeover?

Read More

Topics: "IT Security Audits", "Attack Surface Management", "Security Risk Assessment", Hostile Subdomain Takeover

AWS EC2 Security Starts with Visibility

Posted by Lihi Ben Arie on June 24, 2020 1:35:05 AM EDT

Elastic Compute Cloud (or in short EC2) is an infrastructure-as-a-service offering and one of the widely adopted services in the AWS platform. 

Read More

Topics: "Attack Surface Management", AWS, EC2, Integration, Cyber Security

What Verizon’s 2020 DBIR findings mean for your Attack Surface?

Posted by Reposify on June 4, 2020 6:42:17 AM EDT

The Verizon’s 2020 Data Breach Investigations Report was recently published. This year’s report, all 119 pages of it, are full of interesting insights. Here are the report’s key findings and our take on them.

Read More

Topics: "Attack Surface Management", "Security Risk Assessment", data breach, verizon data breach investigation report 2020, shadow it risks

Risk elimination & score optimization done smart.

Posted by Reposify on June 2, 2020 5:32:12 AM EDT

The Reposify team is pleased to announce the release of Reposify Optimizer - a game changing capability built into Reposify’s Attack Surface Management Platform.

Read More

Topics: "risk assessment", "Attack Surface Management", "Shadow IT", "CVE"

ATTACK SURFACE STATUS - Week 18

Posted by Reposify on May 7, 2020 9:34:56 AM EDT

Millions of sensitive assets are left exposed to the internet every day, leaving organizations attack surfaces vulnerable to various risks which could results in a breach. 

Each week will be sharing fresh data, from Reposify's platform, on the most common exposures, CVEs as well as tips on how to avoid them.

Read More

Topics: "risk assessment", "Attack Surface Management", "Shadow IT", "CVE", "Weekly Patch"

“If I Can't See it it Doesn't Exist” - The blind spots in Your IT Security Risk Assessment

Posted by Koby Meir on April 21, 2020 1:29:31 PM EDT

Cyber security risk assessment is a fundamental building block in any cyber security program. It enables you to identify all the potential risks and security issues that your organization might face and ensure the right policies and tools are put in place to improve your overall security posture.

Read More

Topics: "IT Security Audits", "Attack Surface Management", "Security Risk Assessment"

127% increase in exposed RDPs due to surge in remote work

Posted by Asaf Aprozper on March 30, 2020 1:12:18 PM EDT

Remote access channels are one of the preferred attack vectors for criminals trying to obtain access to organizations’ internal networks. Recently, various vulnerabilities in enterprise VPNs were exploited in the wild during attack campaigns by malicious actors and nation-states.

Read More

Topics: "Respoify IoT Scanner", "Remote Access", "Exposed RDP", "Remote Work"

Is Your Enterprise VPN Secure?

Posted by Yaron Tal on March 18, 2020 5:24:56 AM EDT

In these days of uncertainty, while many, if not most of us are at home trying to balance working remotely and family life, DevOps, IT & security teams are doubling down on their efforts to provide the technical support needed to ensure business continuity. The task at hand presents a unique challenge which for many organizations is uncharted. 

Read More

Topics: "Respoify IoT Scanner", "VPN Security", "Remote Access", "Pulse VPN"

How We Hunted Cyber Criminals on Telegram Using Reposify

Posted by Asaf Aprozper on January 6, 2020 9:24:49 AM EST
 
Read More

Topics: "Yara Rules", "Telegram", "Respoify IoT Scanner"