Ann Arbor-based cybersecurity startup Censys announced today that it has raised a $2.6 million seed round from investors led by GV and Greylock. The funding will be used as Censys, which just launched as a commercial company last year, seeks to collect more data and develop more paid services.
Censys is a search engine that monitors all the devices connected to the internet. Companies and their IT staff can use Censys to keep track of their devices, and which ones might be susceptible to vulnerabilities. Censys started as a research project at the University of Michigan in 2015, and spun out to become a private company in 2017 in order to make the product self-sustainable after research funding dried out.
“In the same way you think of a search engine like Google or Bing being a view into every web page, our goal is to index the world’s infrastructure information,” Censys CEO Brian Kelly told VentureBeat in a phone interview.”
Researchers including J. Alex Halderman and Zakir Durumeric, now Censys’ chief scientist and CTO respectively, first built an open-source tool called ZMap in 2013. ZMap was able to scan every IP address on the internet, thus creating a “map” of every device connected to the internet, in less than 45 minutes. Previously, the process took weeks.
Essentially, ZMap came up with a new way to encode the “requests” that it sent out to the IP addresses to determine if they’re connected to the internet. That way, ZMap eliminated the need to keep track of outstanding requests, which slowed down the scanning process.
In addition to IP addresses, ZMap collects information about what software a device is running. So researchers could use ZMap to do things like see which servers on the internet had migrated to https, and which servers got knocked out by Hurricane Sandy. The team then wanted to create a more user-friendly portal that researchers could use to sift through information collected by ZMap, so they created Censys.
Kelly, who was brought on as Censys’ CEO when it spun out in 2017, told VentureBeat that that the most well-known use case for Censys is for companies to see which of their servers have an operating system vulnerability that hasn’t been patched yet. In a recent blog post, Censys detailed how IT staffers could use Censys to search for servers that were affected by a vulnerability in Oracle Database by doing a search for servers running the versions of Oracle that contained the vulnerability, and limit those results to just their devices by entering ranges of IP addresses belonging to the company.
“Like a lot of people kind of Googling themselves, [users] are searching Censys for information about their organization and what their exposure looks like,” Kelly told VentureBeat.
Censys still allows its 50,000 registered users to make a limited number of queries for free, and academics can apply for a research license to get unlimited access to Censys. For companies that want to make more than 250 queries a month, Censys has subscriptions available from $99 per month to $1,000 a month. Censys says it currently has more than 60 paid customers including the Department of Homeland Security, NATO, FireEye, and Google.
Shodan, Censys’ main competitor, advertises subscriptions ranging from $59 per month for a freelancer to $899 per month for a corporation, though Shodan primarily charges users based on the number of search results they get, as well as how many IP addresses they scan each month.
The high profile ZMap has attained in the research community helped Censys while fundraising. Censys also got a boost from local entrepreneurs Dug Song and Jon Oberheide — whose enterprise security startup Duo Security was recently acquired by Cisco for $2.35 billion. Song invested in Censys, advises the company, and helped introduce Censys to GV, as GV had previously invested in Duo.
“The technical strength of the [Censys] leadership team is unparalleled, and we were drawn to the founders’ vision to create a new security solution to detect, view, and monitor entire network attack surfaces,” GV’s Karim Faris told VentureBeat in an email. Faris then connected Censys to Greylock Partner Asheem Chandna, who led the investment in Censys.
“There’s a growing interest from corporations and enterprise customers just in terms of having an outsider view of their networks and their assets …this company is really working on building out the richest and most comprehensive, highest accuracy data set around that,” Greylock’s Chandna told VentureBeat in a phone interview.
Greylock doesn’t have any other current investments in Ann Arbor, but Chandna said that Censys’ location didn’t concern him, and that he felt “confident that [Censys] can grow a quality engineering team there” thanks to its ties to the University of Michigan.
Censys currently has 15 employees, and Kelly said that over the next year Censys will be focused on adding “more context” within its platform to make it easier for users who don’t come from an academic background to understand the information collected by Censys, as well as honing in on identifying the right pricing model for its growing list of customers.