Censys announced an expansion of its Internet Map to include real-time DNS visibility, enabling security teams to pivot between domains, names and the Internet infrastructure behind them within the Censys Platform.
The addition of active DNS data brings together domains, DNS records, IP addresses, hosts, services and certificates in a single view. According to the company, the update replaces workflows that previously relied on multiple datasets and investigative interfaces with one platform.
The company said the new capabilities address a common challenge for security teams that often rely on fragmented external intelligence from multiple tools to investigate threats. "Security teams make critical decisions every day using fragmented external intelligence gathered from multiple tools," said Raj Sivasankar, Senior Director of Product Management at Censys. "By bringing DNS into the Censys Internet Map, we are providing defenders with a unified platform to understand the Internet infrastructure behind threats, providing the intelligence needed to make better security decisions and uncover broader adversary campaigns as attacks become increasingly automated."
Rather than treating DNS as a separate dataset, the platform integrates active DNS information directly into the Internet Map. This allows analysts to move between name-based and IP-based infrastructure while also examining how Internet infrastructure has evolved over time.
The expanded capabilities are intended to support multiple stages of security operations. During triage, analysts can validate suspicious domains by immediately viewing the infrastructure behind them to determine whether an incident requires escalation. During investigations, security teams can pivot between domains, IP addresses, hosts, services, certificates and historical infrastructure relationships to better understand the scope of an incident. The platform also enables threat hunters to begin with a single indicator and identify broader adversary infrastructure, while defenders can uncover campaign infrastructure to strengthen protections before attacks occur.
Censys said customers are already using the new DNS capabilities to identify phishing campaigns at the infrastructure level. During a recent investigation into a USPS-themed phishing attack, the company said a single malicious domain led analysts to hundreds of related phishing domains and the broader campaign infrastructure behind them, including historical DNS relationships that were no longer visible through live DNS. According to Censys, that allowed defenders to identify and respond to the broader campaign instead of reacting to individual indicators.
