1. Censys
  2. Censys Attack Surface Management
  3. Shrinking Your Attack Surface

Other Articles In This Section

In this article:

Assess Risks with Censys

  • Updated

One of the primary objectives of the Censys ASM Platform is to shrink your organization’s attackable surface area, so Censys proactively flags risks in order to draw your attention to vulnerable places.

Start by tuning risk default settings to fit your organization’s needs. Then, investigate and remediate risks in your network to improve your security posture.

Configure All Risks

As Censys maps and monitors your attack surface, it detects more than 120 different risk types.

You can set each type’s default severity to fit your security policies and investigative priorities, or disable a risk type if you do not want the platform to detect any instances of it.

Configure settings for all of the risk types that Censys identifies by clicking the Configure Risks button in top right corner of the Risks page.

Risk page showing configuration button
Figure 1. Click the configure button to go to the risk configuration page

On the configuration page, the list is ordered by default severity, but can also be sorted by name or with edited risks on top.

Select from the list to see details and remediation recommendations and to change the default severity of the risk type or disable the risk type entirely.

Configure risk severity
Figure 2. Configure risk severity

The Censys-recommended severity for each risk type is noted with the Recommended text. The Severity Selection menu allows you to choose the severity classification that fits your organization’s policies. From highest to lowest, the options include:

  • Critical — Indicates a severe risk which may result in compromise of the affected system or interruption of business objectives. Critical risks should be remediated as soon as possible.

  • High — Indicates a risk which may result in remote code execution or sensitive information disclosure. High risks should be prioritized when creating a risk remediation roadmap.

  • Medium — Indicates a risk which may be exploited in combination with other vulnerabilities to perform an attack. Treat medium risks as standard priority on a risk roadmap.

  • Low — Indicates a vulnerability which may provide an attacker with some information about or access to the affected system. Deal with low risks at the lowest priority.

The default severity set for a type will be assigned to any instance of that risk type found on any of your assets.

View Risks

After you have configured your risks and Censys has remapped your attack surface, head to the risks page of the app to start investigating.

Risk Table

The risk table lists exposed services and other vulnerabilities, such as end-of-life (EOL) software, weak TLS configurations, exposed storage buckets, and more that Censys believes you should remediate.

The default view shows all risks across your entire attack surface, but the tabs on the table allow you to view risks by environment.

Risks are ordered by severity, with the most severe at the top.

Risks table with host differentiation highlighted
Figure 3. Risks table with host differentiation highlighted

Click on the linked asset count in the Affected Assets column to go to the asset list page filtered by the risk.

Expiring Assets: Certificates & Domains

The expiring assets card shows two types of assets that can expire: TLS certificates and domains. s Each tab on this card displays a three-month calendar view, with the current date highlighted in blue. Dates on which assets expired or will expire are highlighted in red with the number of assets shown in the circle.

Expired certs
Figure 4. Risks page with expiring assets table with certs shown

Click on the linked asset count on the calendar day to go to the asset list page filtered by the expiration date.

Risk Instances on Details Pages

Risk instances are also shown on Host and Storage Bucket Details pages in a tab called Risks. Click the tab to see the details and remediation recommendations for any risks detected on the asset.

risk tab with default listing order
Figure 5. Details page with risks tab open

Default sorting order is by detection date. You can also chose to order by severity, with most severe on top.

Edit Risk Instances

If an individual instance of a risk requires a severity level other than the default because of its environment, importance to the business, or other contextual factors, you can override the default using the options on the cards in the Risk tab.

risk tab with severity override menu shown
Figure 6. Override the default severity of a risk instance

If an individual instance of a risk is not considered a risk by your organization and you wish to suppress its presence from risk lists, counts, report metrics, and the logbook, you can click the Accept this risk instance option in the top right corner of the risk card.

risk tab with severity override menu shown
Figure 7. Accept just one risk instance

After accepting a risk, an option to view or hide accepted risks is shown at the top of the list. You can toggle this option to "View" to keep the stub of the accepted risk instance in the list, or choose "Hide" to suppress it entirely.

At any time, you can undo your acceptance of an instance by unchecking the Acceptance check box on its card.

undo acceptance
Figure 8. Undo risk instance acceptance

Further Reading on Risks

See this reference article for a description of every risk that the Censys ASM platform identifies.

Related articles

Comments

0 comments

Article is closed for comments.