Find and Fix Your Unknown Risk With Active Attack Surface Management

Dec 12, 2022
5 minutes
... views

Organizations are evolving to meet the demands of cloud and hybrid work, but this acceleration leads to an expansion in their unmanaged attack surface. Certain industries, including healthcare and insurance, saw a 20-25% increase in new risks on their unmanaged attack surface every month, according to the 2022 Attack Surface Threat Report. No industry showed a reduction in attack surface risks.

Attackers today can scan the entire internet in 45 minutes and have been known to start scanning for vulnerabilities within 15 minutes of a new Common Vulnerability and Exposure (CVE) being announced. Attackers are using automation to actively find the path of least resistance while security teams are still struggling to inventory all their internet-facing assets, and identify potential security risks across on-prem and cloud. Even if and when they do find those risks, security teams attempt to fix them with manual processes and are held back with a backlog of other needed repairs. Meanwhile, their attack surface continues to grow at alarming rates.

But, your organization can get an edge by actively discovering, learning about and automatically responding to known and unknown IT infrastructure exposures with Active Attack Surface Management (ASM) from Cortex® Xpanse™.

Active ASM Provides

Active Discovery – Automated, continuous scans to index the entire internet and actively discover your unknown risks in all connected systems and exposed services.

Active Learning – Use supervised machine-learning models to continuously map your attack surface and prioritize remediation efforts to reduce MTTD and MTTR without additional analysts.

Active Response – Immediately reduce your attack surface risks with built-in automated playbooks instead of merely raising IT tickets.

Xpanse helps your organization actively discover, learn and respond to unknown risks in all connected systems and exposed services. Your security teams can use the new capabilities within our Expander™ product to reduce the frequency and severity of your security incidents:

Reduce Risks with Active Response Module

When organizations identify internet-facing security risks, they usually have to sift through multiple data sources and tools to manually piece account owner and business impact information together, assuming the data is available to begin with. This process adds additional time before a security risk can be remediated. Meanwhile, risky exposure continues to exist as a potential vector for a security incident.

Screenshot of incidents being documented as alerts.
Figure 1: Analysts have multiple options to help resolve your attack surface risks.

With the new Active Response Module, your security team can go beyond mere attack surface visibility to help automatically resolve your attack surface risks using built-in automated playbooks. The Active Response module brings native automation experience to Expander to eliminate manual work, identify asset ownership faster, and remediate security issues before they become an incident. Your SOC can deploy the Cortex Xpanse Active Response Module:

  • Prevent the majority of ransomware breaches by removing RDP exposures from the public-facing internet.
  • Reduce analyst time spent on manual investigation tasks (e.g., doing searches in different systems, filing tickets, etc.).
  • Simplify analysis and next-step recommendations to help your team scale their SOC expertise.

Read the Active Response Module Datasheet to learn more.

Extend Coverage with Web Attack Surface Management

The accelerated move to the cloud has made it difficult for the security operations center (SOC) and application security (AppSec) teams to keep tabs on their external web attack surface. Lack of visibility into their website dependencies and their outdated artifacts create serious cracks in their web attack surface, putting their organization and customers at risk.

Your security teams can use the new Web Attack Surface Management (ASM) feature to get complete, current and accurate visibility into your public-facing web infrastructure without any manual work:

  • Identify your websites that are failing security best practices and putting users at risk.
  • Track and measure the risk due to third-party libraries or dependencies attributed to an organization’s web artifacts.
  • Identify websites serving sensitive content, such as personally identifiable information (PII) and payment forms using insecure protocols.
Screenshot of Cortex Xpanse asset inventory, listing website site details, categories, and security best practices analysis.
Figure 2: Complete, current and accurate visibility into your public-facing web infrastructure.

Read the Web Attack Surface Management Datasheet to learn more.

Seamlessly Deploy ASM at Scale

Since your attack surface risks typically span across teams – IT, OT, SecOps, DevOps, etc. – it is important to be able to easily deploy, manage and scale your attack surface management solution.

Your security team can now seamlessly deploy our internet-scale ASM solution across your entire organization and subsidiaries alike, using several enterprise-ready features. Xpanse now offers complete control of data access via robust role-based and granular scope-based access controls. Our new dashboarding and reporting center offers a number of out-of-the-box dashboards and reports, as well as the ability to drag and drop widgets to create custom dashboards and scheduled reports.

To learn more, join the Xpanse product team for a discussion and demo of these new capabilities. Register for the “Active Attack Surface Management with Cortex Xpanse” webinar to save your spot!


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.