Shodan Founder: Using Search Engine to Find VulnerabilitiesJohn Matherly Describes Benefits of Probing for Network Flaws
John Matherly, founder of Shodan, a search engine that can find devices connected to the internet using a variety of filters, explains why some cyber insurers and companies considering mergers and acquisitions are using the search engine to probe for network vulnerabilities.
Some cyber insurers are using Shodan to help them assess whether potential clients have security shortcomings, Matherly says, adding that insurers want to address such questions as "Are you doing a good job patching your devices?" because that helps them to determine how much the premiums should be.
Companies considering acquiring another firm can use Shodan to help determine whether the acquisition target has adequate security measures, Matherly says.
And banks are using Shodan to help with fraud prevention, he says, "because if someone is trying to access a bank account from a refrigerator, that's very suspicious.”
In a video interview with Information Security Media Group, Matherly discusses:
- How defenders can use Shodan;
- Why Shodan use by attackers is not as prevalent as many assume;
- Efforts to make Shodan easier to use.
Matherly formed Shodan in 2009. It's the first computer search engine that lets users find internet-connected devices based on operating system, geography, software or network range. Previously, he worked as a freelance software developer and was founder of Lab Engine, an online project management service, as well as IM Feeds, an instant messaging service. He was co-founder of the tech firm Sonet Inc.