Documentation
Start typing to search…

Eliminate Shadow IT

Shadow IT is more than just a buzzword—it’s a real, growing risk. Developers spinning up test servers, cloud engineers trying new tools, or third-party contractors launching assets under your company’s name can all lead to an expansion of your attack surface. If your IT or security team isn’t aware of these assets, they may not be patched, monitored, or protected.

Traditional asset inventories often rely on manual reporting or internal tools that miss anything deployed outside official processes. Shadow IT often lives in:

  • Forgotten cloud instances (e.g., AWS, Azure)
  • Test environments never torn down
  • Misconfigured dev servers with open ports
  • Services created by contractors or M&A activity

These rogue assets are low-hanging fruit for attackers. They’re often unpatched, poorly configured, and completely invisible to your SIEM or EDR.

Use Censys to discover external assets

  1. To automate this, integrate with Censys Attack Surface Management (ASM). For detailed instructions, refer to our ASM Quick Start Guide.
  2. Explore discovered assets: You’ll see results like:
    1. Unexpected subdomains
    2. Open services like RDP or Elasticsearch are exposed to the internet
    3. Misconfigured SSL/TLS settings

Continuous monitoring

Shadow IT is not a one-time clean-up; it’s an ongoing battle. Continuous monitoring means your team is notified when new risks appear, so they can act before attackers do.
With Censys:

  • Set up automated alerts for new assets tied to your organization.
  • Use continuous internet-wide scanning to catch services as they appear or change.
  • Get insight into software versions, misconfigurations, or expired certificates.

Investigate and validate

Once Censys identifies a potentially unknown or unmanaged asset, it’s crucial to investigate its origin and purpose.​

  • Understand Discovery Paths: Censys provides a “Discovery Path” for each asset, illustrating how it was attributed to your organization. This helps in tracing the asset's origin. ​
  • Utilize Saved Queries: Create and automate saved queries to monitor specific asset attributes, such as geographic location or risk severity. This aids in identifying assets that deviate from your organization's standards. ​

Integrate and configure alerts

Once an asset is identified and validated, integrate it into your organization's security and IT management processes.

  • Integrate with ITSM Tools: Censys ASM can be integrated with IT Service Management platforms like ServiceNow and Jira, allowing for the creation of tickets directly from the ASM interface.
  • Sync with Vulnerability Management Systems: Integrate Censys with vulnerability management tools such as Tenable or Qualys to ensure newly discovered assets are included in vulnerability assessments.
  • Configure Alerts: Set up alerts for new or changed assets using Censys's automation features. Alerts can be sent via email, Slack, Microsoft Teams, or webhooks, facilitating prompt response.

Updated 2 days ago