Cryptographic discovery requires deep infrastructure expertise and big data

Last updated: January 2026

Cryptographic discovery requires deep infrastructure expertise and big data

The nature of startups—especially those that are bootstrapped—is that there is nowhere to hide. You're either solving a pressing problem for your customers, or you're not. If you're not, they will not be paying for your product and you will have a serious problem. Founders have to be good listeners in order for their startups to succeed.

This story is about how I learned to listen and built a cryptographic discovery platform by focusing not on security, but on how the core network infrastructure works and how web applications are put together.

In 2017, I founded a startup called Hardenize to solve the problem of infrastructure configuration and cryptography visibility. It started with one key insight, but, by the time it was acquired by Red Sift five years later, it finished with two. The founding insight was that, in order to provide any sort of visibility into the state of security, you have to become a networking expert.

Traditionally, security products provided insight based on network scanning, where you had to feed them your network ranges, after which they'd produce lists of open ports and services. This approach worked in the old days of private infrastructure, but it fell apart with the transition to cloud providers and outsourcing of a variety of services to third parties. Another problem was virtual web hosting, which allowed colocation of multiple web services on the same IP address. Good old network scanning offered no visibility in such cases.

Thus, to find the infrastructure, you have to start with a domain name, inspect it at the registrar, then walk up the tree of all configuration possibilities to soak up all the infrastructure details. You first start by examining the DNS configuration. From here you can move onto finding the services and supported protocols, find the email and web servers, find all related third parties, inspect TLS and PKI, and then finally examine the application layer.  

At Hardenize, we did all of this and packaged it as a beautiful report and a free tool. (You can still see this report on hardenize.com.) Everyone who saw our reporting loved it. Our deep inspection engine was saving them time, showing them things they didn't know existed, and they also loved the design and the presentation. The only problem was, they were not buying it. Like, literally.

We were at a critical point in a startup's journey, and here's where listening helped. Our customers liked what we had, but only as a starting point. Providing visibility of a single domain name was useful, but not enough, because our customers had hundreds, thousands, and even tens of thousands of domain names with infrastructure on them.

This struggle led us to the second insight, which is that a working solution needs two types of visibility: vertical visibility that provides depth of analysis for a single asset (domain name in this case) and horizontal visibility, that finds all assets.

Back to the drawing board, as they say. Figuring out horizontal visibility wasn't easy but we got there. As it turns out, the root problem was that organizations don't have good asset inventories. They're neither complete or up to date. The best organizations would have some lists, but even theirs weren't useful because of the fast pace of change. Asset inventory maintenance has to be automated and done continuously.

I'll be honest, understanding this was easier than fixing it. But we did fix it in the end, but first we had to start monitoring the foundations of the Internet—globally:

• Domain name registrations
• Network range allocation
• Passive DNS monitoring
• Certificate Transparency monitoring
• DNS configuration and delegations
• Web site configuration
• TLS and PKI

All of the above, plus a healthy dose of analysis and clever correlation, enabled us to provide automated asset inventory building for our customers. Upon opening their account they'd provide us with seed data, whatever they had, but we'd take over and do the rest. We'd instantly find their certificates and subdomains, then enable full monitoring to go deep, then build unique fingerprints of their infrastructure. With this process we'd then be able to go to our big haystacks of data to find the domain names even they didn't know about.

And all of this was necessary before we even got to a place when we were able to start providing useful and actionable security insights at scale. And our customers started to buy.