Censys, a cybersecurity startup that provides an attack surface management platform to high-profile companies including Google, has raised $15.5 million in a series A round of funding co-led by Google’s GV and Decible, with participation from Greylock Partners.
Ann Arbor-based Censys began life as a research project at the University of Michigan in 2015, and was spun out as a standalone company in 2017. In its original guise, Censys was like a search engine for internet connected devices, where companies searched for data around what their infrastructure exposure looked like. But last year, Censys launched an attack surface management platform, effectively becoming “the detective who finds it all for you,” Censys CEO David Corcoran told VentureBeat.
On the surface
An attack surface is essentially all the hardware, software, and cloud assets that can process or store a company’s data, and which can be accessed from the internet. This could be known assets such as websites or servers, or unknown assets such as “orphaned” technology that was set up and forgotten about. The attack surface also extends into partner organizations, which may unwittingly increase the attack surface through vulnerabilities in their own products.
Thus, attack surface management is the process of finding and monitoring all your external digital assets that may serve as an entry point for bad actors to access sensitive data — this becomes all the more pertinent with the rise of cloud computing, internet of things (IoT), and an increasingly remote workforce.
And this is where Censys is setting out to garner its share of the $112 billion cybersecurity market.
“Censys is all about discovery — we discover and we monitor every single device, piece of software, and any service that you’re running as an organization,” Corcoran explained. “We find it before your security team knows about it, we flag things for risk, and we do that to prevent major breaches.”
The main Censys dashboard is where security teams can visualize the entire dynamic attack surface, and is where they being their investigations into risks, misconfigurations, and anomalies.
Companies can drill down into the “risks” present on the attack surface, including the asset risk type, the number of hosts affected, and how critical the risk is.
Aside from Google, Censys claims a number of notable clients, including FireEye, NATO, Swiss Armed Forces, and the U.S. Department of Homeland Security.
Alongside its funding news, Censys also unveiled a new scan engine, which it claims “sees 44% more of the internet than any other cybersecurity company,” and which is the culmination of two years development.
“The biggest problem that companies are struggling with today is visibility,” Corcoran said. “Censys is really aiming to become that system of record of everything that a company has that can be risky to that organization. We are the only system out there that is continuously discovering the things you own, the things that produce risk to you, and is monitoring those constantly for risks.”
Prior to now, Censys had raised $2.6 million in a seed round of funding led by GV and Greylock back in 2018, and with another $15.5 million in the bank, the company said that it plans to double its headcount within the next year, growing its leadership, sales, and engineering teams.