Mapping organizations’ attack surface, one scan at a time

Censys: How a university project became a major commercial security platform

“In the lifecycle of vulnerability management, where investigation, response, and remediation have all changed from a periodic to a continuous model, discovery has lagged behind,” muses Zakir Durumeric, assistant professor at Stanford University and co-founder of security platform Censys.

In 2013, Durumeric was a 24-year-old student at the University of Michigan and was part of a research group studying the security of internet-connected devices.

The research led to the development of ZMap, a network scanner that discovers devices and services exposed to the internet.

ZMap, featured at the 2013 Usenix Security Symposium, earned Durumeric a spot in MIT Technology Review’s coveted list of 2015 Visionaries under the age of 35.

Since then, ZMap has grown and remains a popular tool for security experts and threat hunters.

And Durumeric has built on that experience to co-found Censys, a security platform that helps companies monitor their online assets and discover vulnerable devices before malicious actors do.

From academic research to company launch

“We were interested in how internet hosts behaved en masse (e.g, the cadence of software patching and how the internet responds to massive vulnerabilities like Heartbleed),” Durumeric says about the research that led to the development of ZMap.

ZMap can scan the entire public IPv4 address space in under 45 minutes on a single computer with a gigabit connection.

With a 10gigE connection, the scan time can be reduced to just five minutes. The data it gathers from internet-connected devices can then help find and patch vulnerabilities in networks.

ZMap was later merged into the ZMap Project along with several other tools, including ZGrab, a Go application-layer scanner.

Zakir Durumeric is co-founder of Censys

Censys co-founder Zakir Durumerick

“The demand for this data grew over time, as did the need for an easier way to query what the internet looked like, so we created Censys to allow our team and the broader research community to instantly answer their questions about the composition of the internet,” Durumeric says.

Built on top of ZMap and ZGrab, Censys is a search engine for internet-connected devices and services.


Read more interviews with some of the world’s leading lights in infosec


After its launch, Censys quickly gained commercial popularity, amassing tens of thousands of users. In 2017, Durumeric teamed up with entrepreneur David Corcoran to launch Censys as an independent company based out of Ann Arbor, Michigan.

Corcoran, an information security graduate from Purdue University and long-time consultant of tech companies and government agencies, is now the CEO of Censys.

After its launch, Censys has made several key hires. This includes Derek Abdine, previously head of labs at Rapid 7, as its CTO, and Lorne Groe, former CFO/COO at Deepfield, as COO.

Censys has also hired several security experts from Duo Security, Arbor Networks, Tenable, and the US government.

Tracking the internet

ZMap and ZGrab were designed to help users understand the state of the internet at a specific point in time for a specific service.

Censys, however, has a much broader goal of tracking all services and devices on the internet across time.

The team had to gradually transition away from ZMap and develop more sophisticated scanning and attribution engines for Censys.

Over the years, the company has developed technology to continually scan internet changes, track new services, identify new devices, and map them to their respective organizations.

“Today, Censys is focused on helping companies understand their internet-facing assets, which requires us to be able to quickly identify what companies own on the internet as well,” Durumeric says.

“Our industry-leading datasets provide a powerful foundation, which our team has been building on with algorithms and logic for mapping an organization’s complete attack surface and assessing its risks.”


LATEST SECURITY TOOLS JARM fingerprinting software helps network defenders identify malicious servers


Last year, Censys launched its cloud-based enterprise-level attack surface management platform.

Since its launch, the platform has grown from a niche technology for security vendors to a tool of choice for CISOs from various sectors, including retail, telecoms, finance, utilities, healthcare, government, and insurance.

Earlier this year, Censys also secured $15.5 million in Series A funding. The company is now focused on hiring more security talent and scaling its platform.

“As the company has grown, we’ve evolved to solve the visibility problem rather than simply providing customers raw data,” Durumeric says.


RECOMMENDED ‘As long as people are the ones writing code, there’s going to be insecure code’ – Tommy DeVoss on his post-jail bug bounty exploits