Actively Respond to Internet Emergencies with New Active Attack Surface Management Capabilities from Cortex Xpanse

Jun 27, 2023
4 minutes
81 views

Security teams must tackle new vulnerabilities and exposures while managing their ever-changing and fragmented attack surface. Our research shows that almost half an organization’s attack surface infrastructure changes monthly.

In this constantly evolving landscape, identifying critical exposures and prioritizing remediation efforts is exceedingly difficult. This challenge is particularly evident during internet emergencies like Log4j and 3CXDesktopApp where public-facing exposures may result in a high likelihood of successful exploitation.

When an internet emergency arises, organizations divert all of their resources to assess their exposure by looking through outdated asset inventories, manually updated spreadsheets, and other disconnected sources that are neither comprehensive nor current. Meanwhile, attackers begin to look for exposures they can exploit within mere minutes of a CVE announcement.

To address this issue, Cortex Xpanse is introducing new capabilities to help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows. These capabilities enable organizations to effectively manage and shrink their overall exposed attack surface.

Active Risk Prioritization:

Security teams can instantly respond to internet emergencies with the new Cortex Xpanse Threat Response Center. The Threat Response Center is the first place security teams can look to learn about the latest threats and identify the organization’s public-facing exposures. This provides security teams with the visibility and intelligence they need to make informed remediation decisions, such as threat summaries, vulnerability details, and potential exploit consequences if issues are not fixed.

Figure 1: Details view in the new Threat Response Center
Figure 1: Details view in the new Threat Response Center

Xpanse provides other powerful risk prioritization features to help security teams manage and proactively resolve risks, including:

  • Incident Risk Scoring: Security teams can now use adaptive risk scores based on threat and exploit intelligence to better prioritize and focus efforts on the exposures most likely to be attacked.
  • Security Rating Dashboard: Organizations can assess their security health and hygiene, track risk trends over time, compare their ratings with industry peers, and reduce cyber insurance premiums.

AI-assisted Incident Investigation:

Security teams can dramatically reduce their incident investigation timelines using several powerful investigation augmentation features that automatically enrich an incident to aid analysts. Using AI-powered investigation capabilities, organizations can now reduce mean time to respond (MTTR) for over 600+ types of attack surface risks.

With AI-powered playbooks and an array of new integrations, Xpanse automatically aggregates relevant context and information to identify service owners and give analysts all the information they need to investigate and remediate an issue in one place. The Active Response module also provides the options for full automated resolution, featuring configurable remediation rules designed to assist organizations in carefully implementing automation to resolve risks without any analyst input.

Additional Active Attack Surface Management features are included in the release:

  • IPv6 Asset Discovery: Organizations can gain expanded visibility of internet assets and now discover new IPv6 addresses through domain resolution (AAAA) and monitoring of known IPv6 addresses, related services, and incidents.

Along with these powerful risk prioritization and analyst investigation augmentation benefits, Expander 2.2 also brings:

  • Integration with Prisma Cloud: Your organizations now have an automated solution for discovering unknown cloud assets, which can then be monitored in Prisma Cloud for comprehensive cloud attack surface management.
  • Public API and Integrations: Your organization can also enhance your management, visualization, correlation, and alerting experience within your existing SOC workflow by pulling in Xpanse-discovered assets, services, and risks with efficient data retrieval.

Embrace active risk prioritization and AI-powered investigation capabilities with Cortex Xpanse, the industry-leading Active Attack Surface Management solution from Palo Alto Networks, to protect against known and unknown vulnerabilities. Cortex Xpanse protects over 200 large enterprises and several governmental organizations. To learn more about how you can secure your attack surface, visit Cortex Xpanse.

To learn more, join the Xpanse product team for a discussion and demo of these new capabilities. Register for the “Risk, Curated” webinar to save your spot!

 


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.