StageSeries B | Alive
Last Raised$35M | 1 yr ago
Mosaic Score The Mosaic Score is an algorithm that measures the overall financial health and market potential of private companies.
+10 points in the past 30 days
Censys provides data-driven security used by researchers, corporations, and governments to find and analyze every device connected to the internet. Censys gives organizations the visibility to fight threats by continuously analyzing real-time internet data.
Missing: Censys's Product Demo & Case Studies
Promote your product offering to tech buyers.
Reach 1000s of buyers who use CB Insights to identify vendors, demo products, and make purchasing decisions.
ESPs containing Censys
The ESP matrix leverages data and analyst insight to identify and rank leading companies in a given technology landscape.
These companies offer solutions that monitor and manage a system of devices connected to the internet (e.g., store beacons, price scanners, point-of-sale systems, etc., known as the Internet of Things) to prevent and respond to attacks.
Censys named as Outperformer among 10 other companies, including ForeScout Technologies, Armis, and Axonius.
Missing: Censys's Product & Differentiators
Don’t let your products get skipped. Buyers use our vendor rankings to shortlist companies and drive requests for proposals (RFPs).
Expert Collections containing Censys
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
Censys is included in 3 Expert Collections, including Cyber Defenders.
Our selected startups are early- to mid-stage high-momentum companies pioneering technology with the potential to transform cybersecurity.Unicorns valued at $1B+, companies that have raised funding past the Series C stage, and companies that have not raised funding since 2017 are
Latest Censys News
Mar 9, 2023
The Akuvox E11 door phone/intercom is riddled with security holes. Enlarge / The Akuvox E11 The Akuvox E11 is billed as a video door phone, but it’s actually much more than that. The network-connected device opens building doors, provides live video and microphone feeds, takes a picture and uploads it each time someone walks by, and logs each entry and exit in real time. The Censys device search engine shows that roughly 5,000 such devices are exposed to the Internet, but there are likely many more that Censys can’t see for various reasons. It turns out that this omnipotent, all-knowing device is riddled with holes that provide multiple avenues for putting sensitive data and powerful capabilities into the hands of threat actors who take the time to analyze its inner workings. That’s precisely what researchers from security firm Claroty did. The findings are serious enough that anyone who uses one of these devices in a home or building should pause reading this article, disconnect their E11 from the Internet, and assess where to go from there. The 13 vulnerabilities found by Claroty include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users. As bad as the vulnerabilities are, their threat is made worse by the failure of Akuvox —a China-based leading supplier of smart intercom and door entry systems—to respond to multiple messages from Claroty, the CERT coordination Center, and Cybersecurity and Infrastructure Security Agency over a span of six weeks. Claroty and CISA publicly published their findings on Thursday here and here . All but one of the vulnerabilities remain unfixed. Akuvox representatives didn’t respond to two emails seeking comment for this article. WTF is this device doing in my office? Claroty researchers first stumbled on the E11 when they moved into an office with one preinstalled at the door. Given its access to the comings and goings of employees and visitors and its ability to spy and open doors in real time, they decided to look under the hood. The first red flag the researchers found: Images taken each time motion was detected at the door were sent by unencrypted FTP to an Akuvox server in a directory that anyone could view and, from there, download images sent by other customers. Advertisement “We were very surprised when we started and we saw the FTP,” Amir Preminger, VP of research in Claroty's Team82 research group, said in an interview. “We never imagined to find an FTP out in the clear. We blocked the device first, cut it off from everything, put it on its own island, and use it as a standalone. We’re in the process of replacing it.” While the analysis continued, the behavior of the FTP server changed. The directory can no longer be viewed, so presumably it can no longer be downloaded, either. A significant threat continues to exist, however, since FTP uploads aren’t encrypted. That means anyone able to monitor the connection between an E11 and Akuvox can intercept uploads. Another major find by the researchers was a flaw in the interface that allows the owner to use a web browser to log in to the device, control it, and access live feeds. While the interface requires credentials for access, Claroty found hidden routes that gave access to some of the web functions without a password. The vulnerability, tracked as CVE-2023-0354, works against devices that are exposed to the Internet using a static IP address. Users do this to connect to the device remotely using a browser. That’s not the only vulnerability that allows unauthorized remote access to an E11. The device also works with a phone app called SmartPlus that’s available for Android and iOS . It allows remote access even when an E11 isn’t directly exposed to the Internet but is instead behind a firewall using network address translation . SmartPlus communicates with the intercom using the session initiation protocol , an open standard used for real-time communications such as voice and video calls, instant messaging, and games.
Censys Frequently Asked Questions (FAQ)
When was Censys founded?
Censys was founded in 2017.
Where is Censys's headquarters?
Censys's headquarters is located at 116 1/2 S Main, Ann Arbor.
What is Censys's latest funding round?
Censys's latest funding round is Series B.
How much did Censys raise?
Censys raised a total of $53.1M.
Who are the investors of Censys?
Investors of Censys include Google Ventures, Greylock Partners, Decibel Partners, Intel Capital, Osage University Partners and 3 more.
Who are Censys's competitors?
Competitors of Censys include spiderSilk and 1 more.
Compare Censys to Competitors
Provider of realistic cyber-attack simulations. The company provides a proprietary machine-driven technology that simulates real-life cyber-attacks and advise on how to best protect against ever-increasing threats. The company focus on finding security exploits and vulnerabilities in applications residing on public and internal infrastructures.
BitSight Technologies manages cyber security risk with objective security ratings through its Security Rating platform. The company allows organizations to manage third-party/fourth-party risk, benchmark performance, security performance management and vendor risk management integrations. The company serves financial services, healthcare, technology, government, energy/utilities, retail, manufacturing and engineering industries. It was founded in 2011 and is based in Boston, Massachusetts.
Balbix offers a breach-risk platform that calculates and visualizes an enterprise's cyber-breach risk and resilience across all devices, users, and apps in its extended network.
Cymulate is a cybersecurity startup that conducts penetration tests. The company develops a platform enabling enterprises to simulate cyber attacks while testing the security system's resilience from the potential attacker's perspective. Among other things, it assesses an enterprise's readiness for ransom and phishing attacks and for detecting more complicated breaches through which hackers can take over an enterprise's computers and apps. The platform offers solutions such as security posture management, exposure management, phishing awareness, external attack surface management, and more. The company was founded in 2016 and is based in Tel Aviv, Israel.
Shodan is a search engine that provides data feeds on all devices directly connected to the Internet. The information is obtained via a globally distributed, real-time network of crawlers that find devices based on the software they run. For each device, Shodan stores the software it runs (including version), operating system, hostnames, location and much more. The processed data feeds are also made accessible through a public search engine website. Shodan is used around the world by researchers, security professionals, large enterprises, CERTs, and more.
RiskIQ is a provider of enterprise security solutions beyond the firewall. The company's technology intelligently interacts with websites and mobile applications, modeling user behavior to detect anomalies, policy violations and previously undetected threats. On July 11th, 2021, RiskIQ was acquired by Microsoft at a valuation of $500M.
Discover the right solution for your team
The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.