Back to Basics: Knowing what you have connected
It's time to get back to the basics for network security. There are a lot of complicated security issues that modern companies need to deal with but that's not what I want to talk about. Instead, I'd like to take a minute to note that many people/ organizations are still struggling with knowing what they have connected:
And it's not just software engineers making mistakes when deploying servers. The number of industrial control systems directly connected to the Internet without any authentication has been increasing at a rate of about 10% every year. I've written on the subject many times, presented on it, reached out to CERTs and vendors but the numbers keep going up. And with the advent of smart TVs, smart refrigerators and smart toothbrushes we're seeing more and more insecure Internet of Things products on Shodan which traditional security products don't detect. Knowing what you have exposed to the Internet is required before any further security work can be done. And it shouldn't be difficult or expensive to do.
That's why I'm happy to announce our new website: Shodan Monitor. It provides an easy, fast way to setup external network monitoring, see what you're currently exposing to the Internet and get notifications when anything unexpected is discovered. We had a few main goals when creating Shodan Monitor:
Just The Facts: Focus on what matters and get rid of the noise. We give you the tools to monitor for things that actually matter to your security and don't bother you with minor, academic concerns.
Keep It Simple, Stupid: This isn't rocket science - create a service that can be fully configured within a minute with no further maintenance needed.
Reduce the Noise: You shouldn't have to check a dashboard every day and sort through a list of alerts.
Affordable: Shodan Monitor should be accessible to everybody - no excuses for lack of external network monitoring.
I believe we've been able to accomplish all of the above with our new service. And we're making it available to all of our customers (membership, API subscriptions or enterprise) at no additional cost. Try it out and let us know what you think!