3rd Party Risk Management , Fraud Management & Cybercrime , Fraud Risk Management

Shodan Founder: Using Search Engine to Find Vulnerabilities

John Matherly Describes Benefits of Probing for Network Flaws
John Matherly, founder, Shodan

John Matherly, founder of Shodan, a search engine that can find devices connected to the internet using a variety of filters, explains why some cyber insurers and companies considering mergers and acquisitions are using the search engine to probe for network vulnerabilities.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

Some cyber insurers are using Shodan to help them assess whether potential clients have security shortcomings, Matherly says, adding that insurers want to address such questions as "Are you doing a good job patching your devices?" because that helps them to determine how much the premiums should be.

Companies considering acquiring another firm can use Shodan to help determine whether the acquisition target has adequate security measures, Matherly says.

And banks are using Shodan to help with fraud prevention, he says, "because if someone is trying to access a bank account from a refrigerator, that's very suspicious.”

In a video interview with Information Security Media Group, Matherly discusses:

  • How defenders can use Shodan;
  • Why Shodan use by attackers is not as prevalent as many assume;
  • Efforts to make Shodan easier to use.

Matherly formed Shodan in 2009. It's the first computer search engine that lets users find internet-connected devices based on operating system, geography, software or network range. Previously, he worked as a freelance software developer and was founder of Lab Engine, an online project management service, as well as IM Feeds, an instant messaging service. He was co-founder of the tech firm Sonet Inc.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.