Risky Business podcast: Integrations for cloud APIs and Censys

Rumble Network Discovery is now runZero!

Podcast Description: “This week’s sponsor interview is with HD Moore. He’s the founder of [runZero], the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys.”

Questions from the interview #

What’s new with runZero? #

Since we last joined Patrick on Risky Business, [runZero’s] released versions 2.6, 2.7, and 2.8. With the latest release focusing on cloud service API integrations and Censys data ingestion.

For Rumble 2.8, why did we focus on cloud and externally facing assets? #

Cloud environments are becoming increasingly more wired to internal corporate networks through VPN connections. More people are looking for a complete view of what’s on their corporate network, what’s inside their cloud environment, and what’s visible externally using a service like Censys.

Why did we build cloud API integrations? #

runZero doesn’t take a credentials-first approach. Most of the value we deliver is through unauthenticated, fast internal discovery. We combine the results from active scans and the API results to enrich the data we have.

We started to hear about customers who were scanning entire RFC 1918 spaces and finding things they didn’t know about. runZero would be able to tell them that it’s their AWS environment, and they’re actually routing their external AWS to their internal network. They were asking us questions like, “What instances are on it, what team owns it, what tag is on it?” runZero has the ability to connect to the AWS instance, support multi-account, and enumerate subaccounts, which means teams can now add owners, tags, and tracking information to those assets.

What are the use cases for the Censys integration? #

There are generally two use cases:

• People who are scanning their external environments and want to see what’s visible in runZero and visible from an external perspective.
• People who are using external IP addresses internally and want to ensure those internal addresses aren’t reachable from the internet.

Is runZero only an internal asset discovery tool? #

If you have an IP address, runZero can cover it.

There are even cases where runZero knows about the asset even if it doesn’t have the IP address. For example, with our VMware integration, we can tell you which VMs are running–even if they aren’t on your network or attached to anything at all. We do this by getting information out of the guest networking tools and networking API.

How can runZero help with advisories and breaking security news? #

runZero focuses on turning your network into a knowledge base you can search. For example, when there’s breaking news, like with the recent PAX point-of-sale or Hikvision vulns, you can quickly query your inventory for those devices via our Rapid Response program. With vulnerability management flows, it can take weeks as they’re figuring out what they have, scanning the network, and trying to identify things that are vulnerable. runZero gives you the data ahead of time, so you don’t have to hunt it down.