Censys raises $15.5 million to bring attack surface management to more companies

Censys, a cybersecurity startup that provides an attack surface management platform to high-profile companies like Google, has raised $15.5 million in a series A round of funding coled by Google’s GV and Decibel, with participation from Greylock Partners.

Ann Arbor-based Censys began as a research project at the University of Michigan in 2015 and was spun out as a standalone company in 2017. In its original guise, Censys was like a search engine for internet-connected devices, allowing companies to manually search for data pertaining to their infrastructure exposure. But last year Censys launched an attack surface management platform, effectively becoming “the detective who finds it all for you,” Censys CEO David Corcoran told VentureBeat.

On the surface

An attack surface is essentially all the hardware, software, and cloud assets that can process or store a company’s data and can be accessed from the internet. This could be “known” assets, such as websites or servers, or unknown assets like “orphaned” technology that was set up and forgotten about. The attack surface extends into partner organizations, which may unwittingly increase the attack surface through vulnerabilities in their own products. Mergers and acquisitions can also increase a company’s potential attack surface.

Attack surface management is the process of finding and monitoring all external digital assets that may serve as an entry point for bad actors seeking to access sensitive data. This becomes all the more urgent with the rise of cloud computing, internet of things (IoT), and an increasingly remote workforce, and Censys is eager to garner its share of the $112 billion cybersecurity market.

“Censys is all about discovery — we discover and we monitor every single device, piece of software, and any service that you’re running as an organization,” Corcoran explained. “We find it before your security team knows about it, we flag things for risk, and we do that to prevent major breaches.”

The main Censys dashboard lets security teams visualize the entire dynamic attack surface and begin investigations into risks, misconfigurations, and anomalies.

Above: Censys dashboard

Image Credit: Keeper Security

Companies can drill down into potential risks on the attack surface, including the asset risk type, the number of hosts affected, and how critical the risk is.

Above: Censys gives visibility into risks

Censys claims a number of notable clients in addition to Google, including FireEye, NATO, the Swiss Armed Forces, and the U.S. Department of Homeland Security.

Alongside its funding news, Censys today unveiled a new scan engine it claims can see “44% more of the internet than any other cybersecurity company” and is the culmination of two years of development.

“The biggest problem that companies are struggling with today is visibility,” Corcoran said. “Censys is really aiming to become that system of record of everything that a company has that can be risky to that organization. We are the only system out there that is continuously discovering the things you own, the things that produce risk to you, and is monitoring those constantly for risks.”

Censys had raised $2.6 million in a seed round led by GV and Greylock back in 2018. With another $15.5 million in the bank, the company plans to double its headcount within the next year, growing its leadership, sales, and engineering teams.