Palo Alto Networks is releasing Xpanse Active Attack Surface Management, a new tool built into the cybersecurity solution provider’s Cortex platform designed to help security teams actively find and fix known and unknown internet-connected risks.
According to the Santa Clara, Calif.-based company, Xpanse Active Attack Surface management (Xpanse Active ASM) is designed with automation to give organizations an edge over attackers and help remediate security risks before they can be exploited by attackers.
Attackers use frequent, automated probes to find vulnerable or exposed assets, giving them both a head start and more visibility into attack surfaces of potential victims. Xpanse Active ASM is designed to essentially bring those same capabilities to defenders by refreshing its internet-scale database several times a day and using supervised machine learning to map vulnerabilities back to an organization.
Palo Alto Networks says this gives organizations an outside-in view of their network, putting them on level playing field with attackers.
Xpanse Active ASM also provides active learning capabilities that continuously process discovery data and map new systems to the people responsible for each system. The solution analyzes and amps stream discovery data to understand and prioritize top risks in real time to help organizations close down the riskiest exposures first.
However, perhaps the most important component of Xpanse Active ASM highlightes by Palo Alto Networks are the active response capabilities that automate remediation to help IT and security teams stay ahead of attackers and save response time by eliminating the manual step of creating a ticket for analysts to track down the owner of the affected system and resolve to the vulnerability.
Automatic remediation is natively embedded in the Xpanse Active ASM, making use of active discovery data and active learning analysis to automatically shut down exposures before they allow threats into a network, the company says. The tool executes ASM-specific playbooks to triage, deactivate and repair vulnerabilities automatically.
The active response module also includes built-in end-to-end remediation playbooks that can automatically eliminate critical risks, such as exposed Remote Desktop Protocol servers and insecure OpenSSH instances without any manual labor, according to Palo Alto Networks.
After weaknesses are fixed, the tool automatically validates success by scanning assets, compiling audited actions and placing investigation details into clear dashboards and reports, the firm says.
Organizations need to be faster than attackers, but the attack landscape is changing too rapidly for security teams to keep up, says Matt Kraning, chief technology officer of Cortex for Palo Alto Networks.
“As the leader and pioneer in the ASM market, we realize that customers need complete, accurate, and timely discovery and remediation of risky exposures in their internet-connected systems,” Kraning says. “With Xpanse Active ASM, we give defenders the ability not only to see their exposures instantly but also to shut them down automatically with no human labor required.”
Cortex Xpanse Active ASM from Palo Alto Networks is now available globally with full support.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!