- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Modern organizations have no defined perimeter anymore. Your attack surface spans on-premise, in the cloud, and across your supply chain, and it is constantly changing as internet-connected assets are created, moved, or configurations changed. Manually maintaining an accurate and up-to-date inventory of these internet-connected assets is an impossible task, but luckily you don’t have to do it alone.
Cortex Xpanse by Palo Alto Networks protects the world's largest organizations by discovering and monitoring every asset you have connected to the internet and provides complete visibility into everything you own, including IP addresses, domains, certificates, and cloud infrastructure. Xpanse gathers data from DNS records, domain registrars, business registration databases, and dozens of other data sources to not only comprehensively discover, but also accurately identify every single one of your internet-connected assets.
This data is used to create an intelligent, continuously updated inventory of assets unique to each organization, complete with potential exposures and attribution information. With this wealth of knowledge and information, you can easily identify, prioritize, and route issues to the relevant stakeholders for remediation. And you can also build resilient security processes to automate actions regarding risky services and exposures with Cortex XSOAR’s automation capabilities.
Cortex Xpanse and XSOAR work together to enable automated attack surface management. Xpanse’s global internet collection and attribution platform continuously discovers and monitors your organization’s attack surface for exposed internet assets and risky services. When integrated with Cortex XSOAR, the two products can help you discover and manage shadow IT assets that are exposing confidential services to the internet and automate the entire process of detection and risk mitigation to drastically reduce your attack surface.
Cortex Xpanse brings a unique level of visibility to security through the continuous scanning of exposed assets. Xpanse scans the entire internet for publicly exposed assets allowing you to discover, evaluate and mitigate cyber attack surface risks. You can also evaluate supplier risk and assess the security of acquired companies with Xpanse Link.
Because Xpanse provides a complete, accurate and continuously updated inventory of all global internet-facing assets, this ensures that your security operations team has no exposure to blind spots or assets that the IT staff may be unaware of or not monitoring. This includes exposure categories such as:
Palo Alto Networks Cortex product suite already provides enterprise-wide visibility, prevention, detection and response capabilities, and Xpanse extends these capabilities across exposed and untracked externally-facing assets. The Palo Alto Networks Cortex Xpanse content pack enables an automated approach to attack surface management and risk mitigation by operationalizing Xpanse’s findings to drastically reduce an enterprise’s attack surface.
The integrations included in the pack enable fetching and mirroring of Xpanse Issues into Cortex XSOAR incidents, and ingestion of indicators (IPs, domains, and certificates) referring to the corporate network perimeter as discovered by Xpanse.
Through a powerful set of playbooks, analysts can correlate the discovered information with data provided from internal security systems (Palo Alto Networks Cortex Data Lake, Prisma Cloud, and Panorama, Active Directory, Splunk SIEM, etc.) to pinpoint asset owners and automate remediation.
What does this content pack do?
For more information on the Cortex Xpanse Attack Surface Management Content Pack, visit our Cortex XSOAR Developer Docs
For more details on how you can maximize the entire Cortex product line, check out the blog “Building a Virtual SOC with the Cortex Suite of Products”.
Don’t have Cortex XSOAR? Download our free Community Edition today to test out this playbook and hundreds more automations for common use cases you deal with daily in your security operations or SOC.
If you like these ideas or would like to suggest other ideas, please collaborate with us through the Cortex XSOAR Aha page: https://xsoar.ideas.aha.io/ideas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |