Assess Risks with Censys ASM
One of the primary objectives of the Censys ASM Platform is to shrink your organization’s attackable surface area, so Censys proactively flags risks in order to draw your attention to vulnerable places.
Start by tuning risk settings to fit your organization’s needs. Then, investigate and remediate risks in your network to improve your security posture.
Configure All Risks
As Censys maps and monitors your attack surface, it detects more than 50 different risks. You can adjust severities to fit your security policies and investigative priorities, or disable a risk altogether.
Configure settings for all of the risks that Censys identifies by clicking the Configure Risks button in top right corner of the Risks page.
On the configuration page, select from the list to see details and remediation recommendations and to change the severity of the risk (as a class) or disable the risk entirely.
The default severity for each risk is noted with the Recommended text. The Severity Selection menu allows you to choose the severity classification that fits your organization’s policies. From highest to lowest, the options include:
After you have configured your risks and Censys has remapped your attack surface, head to the risks page of the app to start investigating.
The risk table lists services and other vulnerabilities, such as end-of-life (EOL) software, weak TLS configurations, exposed storage buckets, and more that Censys believes you should remediate quickly.
The default view shows all risks across your entire attack surface, but the tabs on the table allow you to view risks by environment.
Risks are ordered by severity, with the most severe at the top.
Click on the linked asset count in the Affected Assets column to go to the asset list page filtered by the risk.
Expiring Assets: Certificates & Domains
The expiring assets card shows two types of assets that can expire: TLS certificates and domains.
Each tab on this card displays a three-month calendar view, with the current date highlighted in blue. Dates on which assets expired or will expire are highlighted in red with the number of assets shown in the circle.
Click on the linked asset count on the calendar day to go to the asset list page filtered by the expiration date.
Risks on Details Pages
Risks are also shown on Host and Storage Bucket Details pages in a tab called Risks. Click the tab to see the details and remediation recommendations for any risks detected on the asset.
Default sorting order is by detection date. You can also chose to order by severity, with most severe on top.
Further Reading on Risks
See this reference article for a description of every risk that the Censys ASM platform identifies.