News, posts and events

Arctic Security helps to improve victim notification with Shodan integration

Written by Arctic Security | May 20, 2020

Owners of systems with unpatched vulnerabilities and faulty configurations must be notified before they get exploited by attackers. Arctic Security automates the victim identification and notification to help with this. With Arctic Security’s products, National Cyber Security Centers and Service Providers can warn their customers about the observed exposure and abuse on their Internet-connected systems. Enterprises use Arctic Security to monitor their Suppliers and Partners and notify them so they can fix problems before they compromise the supply chain.

The integration with Shodan automates the queries and augments the resulting data so that the victim organization can easily find and fix the problems. In addition to Shodan, Arctic Security harmonizes and categories over 100 other sources of abuse information including compromised machines, unpatched vulnerabilities, faulty configurations and leaked credentials from the dark web. 


In Arctic Hub, data from Shodan is first harmonized and then categorized and matched to the victim organization. The enriched data makes it easy for IT professionals to identify and fix the reported problems. Often, when you search on Shodan you get an ISP as the network owner and not the actual end users. Arctic Hub adds that information and then breaks the results down into vulnerabilities, open services, or compromised computers. This makes it easier to prioritize and remediate the observed findings.

Data Augmentation Example

Arctic Security creates vetted Shodan queries to find vulnerable and misconfigured systems in Internet-connected systems, such as the one shown in the Shodan query result below. In the actual integration, data is fetched through the Shodan API and processed automatically.

 

 

After collecting the data, it is harmonized, augmented, and enriched with data from other sources of Arctic Hub. Final result for this data item is shown below.

 

 

Users of Arctic Hub can then find the right recipients affected by the data, and send the processed information directly to them. This is something that is not available in the original data. Recipients can then act on data based on information from both Shodan and Arctic Security.

As shown in the list below, Arctic Security supports a growing number of integrated Shodan queries to identify and automatically notify the owners of vulnerable and misconfigured systems.