- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
This blog written by Andrew Scott and published on June 30, 2024.
Organizations are constantly scaling their IT infrastructure to meet the demands of cloud and hybrid work, but this acceleration also leads to unintended growth in their attack surface.
According to our latest research, attackers successfully exploited some of the latest critical vulnerabilities and exposures within hours of their disclosure.
Attackers are using automation to actively find the path of least resistance, while security teams are still struggling to inventory all their internet-facing assets and identify potential security risks across on-prem and cloud. To help defenders fight back effectively, Cortex Xpanse has continuously evolved its industry-leading attack surface management (ASM) product.
Today, we are announcing an expansion to our Attack Surface Rules which help customers automatically find their critical exposures and risks. In our latest announcement, we delivered our 800th surface rule for our customers using Expander and the ASM Module in XSIAM.
Attack Surface Rules allow for the identification of risks on an organization's internet-facing attack surface. Our attack surface rules library consists of numerous rule categories, such as:
As a part of this release, the Cortex product and research teams have conducted a thorough review of all existing attack surface rules to ensure that no critical threat goes unsurfaced. As a result, we will adjust the default enablement status of many rules and update our operational guidance.
In July, we plan to approximately double the number of attack surface rules that are enabled by default. Our updated criteria for the default-enabled rules set includes:
This new methodology aims to ensure that customers do not miss any critical findings due to a disabled rule. Our analysis indicates that enabling these low-volume but high-criticality rules will have no downsides. However, missing these crucial misconfigured exposures could be disastrous for organizations. Since we have observed a low prevalence of the majority of these risks on the public internet, we expect this change to have minimal, if any, impact on most customers.
Current Expander or the ASM Module in XSIAM users who have made changes to their attack surface rules configuration will not have their changes overwritten by this update. Additionally, our 2.6 release includes several other improvements, such as automated inventory tag rules, additional inventory fields, new active response enhancements, an updated API, and more.
To learn more about these new capabilities and features, please see the Cortex Xpanse 2.6 Release Notes or contact your Customer Support Team.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |