Risky Biz Podcast, Episode 645: Integrations for cloud APIs and Censys

Questions from the interview

What’s new with runZero?

Since we last joined Patrick on Risky Business, [runZero’s] released versions 2.6, 2.7, and 2.8. With the latest release focusing on cloud service API integrations and Censys data ingestion.

For Rumble 2.8, why did we focus on cloud and externally facing assets?

Cloud environments are becoming increasingly more wired to internal corporate networks through VPN connections. More people are looking for a complete view of what’s on their corporate network, what’s inside their cloud environment, and what’s visible externally using a service like Censys.

Why did we build cloud API integrations?

runZero doesn’t take a credentials-first approach. Most of the value we deliver is through unauthenticated, fast internal discovery. We combine the results from active scans and the API results to enrich the data we have.

We started to hear about customers who were scanning entire RFC 1918 spaces and finding things they didn’t know about. runZero would be able to tell them that it’s their AWS environment, and they’re actually routing their external AWS to their internal network. They were asking us questions like, “What instances are on it, what team owns it, what tag is on it?” runZero has the ability to connect to the AWS instance, support multi-account, and enumerate subaccounts, which means teams can now add owners, tags, and tracking information to those assets.

What are the use cases for the Censys integration?

There are generally two use cases:

  • People who are scanning their external environments and want to see what’s visible in runZero and visible from an external perspective.
  • People who are using external IP addresses internally and want to ensure those internal addresses aren’t reachable from the internet.

Is runZero only an internal asset discovery tool?

If you have an IP address, runZero can cover it.

There are even cases where runZero knows about the asset even if it doesn’t have the IP address. For example, with our VMware integration, we can tell you which VMs are running–even if they aren’t on your network or attached to anything at all. We do this by getting information out of the guest networking tools and networking API.

How can runZero help with advisories and breaking security news?

runZero focuses on turning your network into a knowledge base you can search. For example, when there’s breaking news, like with the recent PAX point-of-sale or Hikvision vulns, you can quickly query your inventory for those devices via our Rapid Response program. With vulnerability management flows, it can take weeks as they’re figuring out what they have, scanning the network, and trying to identify things that are vulnerable. runZero gives you the data ahead of time, so you don’t have to hunt it down.

Meet Our Speakers

HD Moore

CEO and Co-Founder

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Resources

Oil and Gas Upstream
Huxley Barbee discusses why and how cybersecurity for operational technology (OT) and industrial control systems (ICS) including oil and gas...
Risky Biz Interview: Breaking apart OT protocols
runZero's Rob King on the how and why of reverse engineering for active discovery
ExpedITioners Podcast: The modern divergence of environments and security methodologies
In this episode, Zach and Huxley talk about the modern divergence of environments and security methodologies.
Infosec Toolshed: Metasploit: Why did he do it?
Every top 10 list of security tools includes Metasploit. But how did the project get started?

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved