With the unstoppable rise of the Internet of Things, and the still inevitable reality of their fundamental insecurity, knowing where, what and how secure they are is crucial for everybody.
There are already several IoT search engines out there (Shodan, Censys, Thingful, etc.), but Israel-based Reposify has created a new one.
“Our main focus is to extract the device characteristics in the most reliable way on a global scale and to let enterprises use our insights to build cybersecurity and business intelligence products. This is different from other services, which provide only a raw response and geolocation,” Yaron Tal, founder and CEO of Reposify, told Help Net Security.
“We built a scalable cluster that constantly discovers new devices connected to the public Internet. We have implemented many communication protocols to detect the type of device and its relationships with other devices and people. We seek out what technologies exist on each device, such as an accessible database, web server, or specific operating system.”
Discovering millions of devices
The company built the infrastructure to discover millions of new devices – constantly and with no limitations of scale. But there are other limitations, such as not being able to query devices behind a firewall.
“Currently, we detect only publicly reachable devices, but we have been working on a new way to combine public and private networks to let organizations manage their private and public devices with no added complexity. Customers with an Enterprise plan will get that capability,” says Tal.
IoT search engine integration
Reposify’s search engine comes with an API, that allows developers and companies to incorporate the capability into their products.
For example, by integrating with Reposify’s API, cybersecurity companies can monitor their clients’ networks to find misconfigured devices or devices with outdated software. Business intelligence (BI) companies can use it for competitive analysis – they can identifying new global trends, analyze technology markets, or quantifying market penetration of a certain product.
Pricing structure and free plan
The company offers four customer plans at different price points.
“Our pricing structure reduces the costs for vendors who want to protect or analyze IoT devices without building their own datacenters and clusters, allowing them to focus on their core products,” says Tal.
“Our startup plan is tailor-made for cyber and BI startup companies that want to start offering new features to their customers on a larger scale. The business plan is for large projects that need our device characteristics and technology stack detection. It offers entry-level access for companies to build security and BI solutions on a large scale. Our enterprise plan is for companies that want to use our insights as part of their core products, need specific protocols or customized protocols, or need to discover devices in real time.”
There’s also a forever-free plan for developers because they want them to build interesting projects based on Reposify’s insights.
The company is already working closely with a few cybersecurity and business intelligence companies to equip their products with Reposify, and is hoping to increase the developer community using it.
They are also trying to minimize the possibility of misuse of the search engine.
“Unverified e-mail accounts can only see partial information and are limited to 10 credits per session. We verify e-mail addresses and paid users go through verification process to ensure our product is not misused by potential attackers,” Tal noted.