Reposify Blog

The SolarWinds supply chain attack is one of the most sophisticated cyber attacks the world has witnessed in recent years.

Expired SSL Certificates Are a Risky Business

HAPPY HOLIDAYS FROM REPOSIFY!

We set down with Kfir Tzukrel, CISO at Direct Finance for a chat about the risks of Shadow IT and how to make cyber security awareness training engaging and fun. 

"Truly understanding the full scope of the business and its risks is a huge challenge. its constantly changing and you need to react quickly."

We’ve asked Reposify’s cybersecurity experts to share 31 of their best tips for reducing attack surface risks.

AWS's simple storage service also known as S3 is the most popular public cloud service and currently continues to hold the largest market share within the cloud services market.'

If you are using Shodan to search for your company’s assets or perform reconnaissance as part of blue or red teams routines - you need to keep reading. This blog unlocks insights that will help you eliminate more risks in less time and minimum effort.

Shodan (aka the hackers’ search engine) is a well known Internet search engine which allows you to check the exposure status and meta data of every public IP address. It is used by both hackers and organizations.

Shodan is great for attackers. Having the internet at your fingertips is exactly what you need when trying to find exposed assets to attack. But for organizations it's a different story.

In order to stay ahead of attackers you need a quick way to continuously map and monitor your ever-changing external attack surface. But trying to create an always up-to-date connected asset inventory by using an IoT search engine is like looking for a needle in the haystack while ignoring the rest of the barn. The inherent limitations of Shodan include manual searches, false positives, no prioritization and result in partial visibility of your real attack surface.

The only way to eliminate shadow IT risks and unknown exposures is through complete automation of the discovery, analysis, prioritization and monitoring processes.

10 years ago, Shodan was probably your best option, but today in 2020, using Shodan to search for your company’s assets is like trying to navigate at sea, with no GPS or sonars, relying only on the stars.

This blog presents a deep dive comparison of the use of Shodan vs Reposify’s External Attack Surface Management platform for mapping the attack surface and eliminating unknown risks .

We’ll examine and compare 4 main aspects:
1. Internet scanning capabilities
2. Asset discovery capabilities
3. Insights actionability (asset classification, security insights and risk prioritization)
4. Costs - is Shodan really that cheap?

Spoiler Alert