Risky Business podcast: Integrations for cloud APIs and Censys

, by Thao Doan

Podcast Description: “This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys."

Risky Business

Questions from the interview

What’s new with Rumble?

Since we last joined Patrick on Risky Business, Rumble’s released versions 2.6, 2.7, and 2.8. With the latest release focusing on cloud service API integrations and Censys data ingestion.

For Rumble 2.8, why did we focus on cloud and externally facing assets?

Cloud environments are becoming increasingly more wired to internal corporate networks through VPN connections. More people are looking for a complete view of what’s on their corporate network, what’s inside their cloud environment, and what’s visible externally using a service like Censys.

Why did we build cloud API integrations?

Rumble doesn’t take a credentials-first approach. Most of the value we deliver is through unauthenticated, fast internal discovery. We combine the results from active scans and the API results to enrich the data we have.

We started to hear about customers who were scanning entire RFC 1918 spaces and finding things they didn’t know about. Rumble would be able to tell them that it’s their AWS environment, and they’re actually routing their external AWS to their internal network. They were asking us questions like, “What instances are on it, what team owns it, what tag is on it?” Rumble has the ability to connect to the AWS instance, support multi-account, and enumerate subaccounts, which means teams can now add owners, tags, and tracking information to those assets.

What are the use cases for the Censys integration?

There are generally two use cases:

  • People who are scanning their external environments and want to see what’s visible in Rumble and visible from an external perspective.
  • People who are using external IP addresses internally and want to ensure those internal addresses aren’t reachable from the internet.

Is Rumble only an internal asset discovery tool?

If you have an IP address, Rumble can cover it.

There are even cases where Rumble knows about the asset even if it doesn’t have the IP address. For example, with our VMware integration, we can tell you which VMs are running–even if they aren’t on your network or attached to anything at all. We do this by getting information out of the guest networking tools and networking API.

How can Rumble help with advisories and breaking security news?

Rumble focuses on turning your network into a knowledge base you can search. For example, when there’s breaking news, like with the recent PAX point-of-sale or Hikvision vulns, you can quickly query your inventory for those devices via our Rapid Response program. With vulnerability management flows, it can take weeks as they’re figuring out what they have, scanning the network, and trying to identify things that are vulnerable. Rumble gives you the data ahead of time, so you don’t have to hunt it down.

Similar Content

May 19, 2022

Smashing Security: Knowing thy network

Podcast Description: “A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they’re up to? All this and much much more is discussed in the latest …

Read More

January 19, 2022

Risky Business podcast: How Rumble helped customers with Log4Shell

Podcast Description: “This week’s sponsor interview is with HD Moore, the founder of Rumble. We’re talking through what how he and his team helped customers respond to the log4j drama. They quickly added the capability to scan customer’s environments …

Read More

January 7, 2022

Panther Labs: How asset discovery can help with detection and response

Podcast Description: “Have you ever thought you could find more assets in your network that you thought you would have? Do you have segments that haven’t been scanned yet? Or maybe subnets that you have ignored? [Panther Labs] sat down with Chris Kirsch, CEO and …

Read More