Keep an Eye on Your Attack Surface
Decentralized Cyber Reconnaissance System (DCS)
Keep an eye on the external attack surface of your critical infrastructure, region or state.
Designed for Authorities
DCS is tailored to the needs of public authorities and national cybersecurity stakeholders:
The Decentralized Cyber Reconnaissance System (DCS) provides cyber situational awareness based on open-source intelligence and global internet scanning. By continuously scanning the global Internet, DCS helps organizations, governments, and critical infrastructure operators understand their external attack surface and assess how vulnerable their systems are.
DCS identifies IP addresses, websites, network ranges and services, analyzes the distribution of vulnerabilities, investigates entities belonging to critical infrastructure sectors, and evaluates cloud dependencies, outdated systems and patch timelines. The collected data is used to generate Cyber Situation Reports that support informed decision-making.
On-premise deployment
Full data sovereignty
No cloud dependency
High transparency and traceability
Suitable for classified or sensitive operational environments
Receive multiple updated views per day of your nation, region, or sector.
Analyze Vulnerable Software
Detailed analysis of vulnerable assets and software distribution.
Non-Intrusive Insights
See external attack surfaces without active scanning.
On-Premise Environment
All requests processed securely and locally.
216450272
Unique Hosts
270720471
Active Services
9506539
WhoIs Ranges
Precise visualization of the cyberspace through data enrichment
The collected scan data is combined with Whois data, IP prefix, Autonomous System (AS) information, certificate information, and geospatial information about the system’s IP.
Combining this information in a Big Data approach provides an exact picture of the cyberspace. This not only allows you to view the distribution of selected system versions of a particular network service or all detected industrial control systems (ICS) on a map, but also to select and aggregate systems by nationality, IP prefix and IP ownership information using dynamic charts. This gives you a quick overview of your own national or enterprise cyber infrastructures.
HOW DCS WORKS
Secure on-premise solution
As a national CERT or large enterprise, you don’t want to provide all of your external IP addresses or network prefixes to a third-party company for analysis purposes. We offer an on-premises solution where your searches remain on a local instance in your infrastructure.
DCS is designed as an on-premise solution. Global Internet scan data is securely pushed to the customer’s infrastructure every 24 hours. All analysis requests are processed locally, ensuring full data sovereignty and compliance with strict security requirements. The system consists of local storage for global scan data, a scalable analysis framework and a frontend for search, filtering, aggregation and visualization, enabling private analyses without exposing sensitive queries or results to external systems.
Data Transfer to the Client Site
Daily updates of relevant scan data to the customer’s infrastructure
Ensures authorities always work with up-to-date information
Full data ownership and sovereignty
On-premise analysis only, no external systems (ensuring strict security compliance)
Local Analysis and Visualisation
All analyses, correlations, and visualizations are performed within the customer environment
DCS provides: High-performance data processing and analytics framework
Search frontend
Aggregation, visualizations, interactive dashboards, tables, maps, and charts
Global Data Collection
Continuous, non-intrusive internet scanning (No exploitation of vulnerabilities or bypassing of security controls)
Identifies publicly accessible IP addresses, domains, services, and software banners
Enriched with WHOIS, ASN, geolocation, BGP, and CPE/CVE vulnerability data
CYBER RADAR
Keep everything on the radar with interactive dashboards
Cyber Radar helps you identify fundamental correlations of service distributions on the Internet. The scan results can be interactively grouped and analyzed by countries, Autonomous Systems (AS), IP prefixes or other domains.
This enables you to quickly identify new vulnerabilities or potentially vulnerable services spreading across your national cyber infrastructures. Interactive dashboards help you keep track of your critical infrastructures as a national CERT.
More info about Cyber Radar
This example provides a quick overview of the distribution of Telnet services and associated network structures or information. These distribution analysis of various protocols or vulnerabilities can also be performed for specific countries, continents or even companies. This means that it is possible to perform fast global factual correlations and infrastructure analysis.
The inner circle of the cyber radar shows the distribution of the identified Telnet services across the top 5 networks (autonomous systems) on the Internet.
The second circle shows the distribution of the top 5 matching WhoIs description entries. These WhoIs descriptions often indicate the purpose or location of the identified asset.
The third circle indicates which network prefixes belong to the previously displayed WhoIs descriptions.
The fourth layer visualizes aggregation of the different telnet service banners.
