Cybersecurity solutions vendor Palo Alto Networks has unveiled a new Cortex feature called Xpanse Active Attack Surface Management, or Xpanse Active ASM. This assists security teams in proactively identifying and mitigating their known and unknown Internet-related hazards. Organizations are given automation by Xpanse Active ASM to give them the upper hand over attackers.
Today’s cyber attackers would utilize highly automated techniques to locate and take advantage of holes in their target businesses swiftly – often only minutes after a new vulnerability is made public. When using manual tools, security teams would soon lag behind. Catering to the changing threat landscape, Cortex Xpanse Active ASM is now available globally with full support.
“Organizations need an active defense system that operates faster than attackers can,” said Matt Kraning, Chief Technology Officer (CTO) of Cortex for Palo Alto Networks. “As the leader and pioneer in the ASM market, we realize that customers need complete, accurate, and timely discovery and remediation of risky exposures in their internet-connected systems. With Xpanse Active ASM, we give defenders the ability not only to see their exposures instantly but also to shut them down automatically with no human labor required.”
Active Discovery, Learning, Response
Organizations may now benefit from the following tools and capabilities thanks to Xpanse Active ASM:
- Active Discovery – Organizations want solutions that provide them the same visibility that attackers have when looking for exposed and/or susceptible assets that are subject to regular, automated probing, stated Palo Alto Networks. Active Discovery employs supervised machine learning to precisely trace these vulnerabilities back to an organization, refreshing its internet-scale database many times each day. This would enable them to see their network from the outside in, the same perspective as attackers.
- Active Learning – Xpanse continuously processes discovery data, mapping new systems to the people responsible for each system. Active Learning continuously analyzes and maps the streamed discovery data to understand and prioritize top risks in real time. As a result, clients can stay ahead of attackers by closing down the riskiest exposures quickly.
- Active Response – While immediate vulnerability and/or exposure detection can provide security teams with a realistic risk picture, just identifying problems is insufficient. Automated remediation reduces response times in the SOC by removing the manual step of merely creating a ticket for analysts, who then must spend countless hours manually locating the owner of the affected system and patching the vulnerability. Automated remediation is essential for staying one step ahead of attackers. True automation involves completing the repair procedure from beginning to end without human involvement. Active Response is a crucial new tool for security teams because it has natively incorporated automated remediation capabilities that employ active discovery data and active learning analysis to automatically close exposures before they let attackers into a network. To automatically assess, deactivate, and fix vulnerabilities, it runs ASM-specific playbooks.
End-to-end remediation playbooks are already included with Palo Alto Networks’ Xpanse Active Response module. Without any extra work, these playbooks automatically eliminate serious hazards including unprotected Remote Desktop Protocol (RDP) servers and vulnerable OpenSSH instances.
By scanning assets, aggregating audited activities, and organizing investigative findings into understandable dashboards and reports, Active Response would automatically verify that remediation was effective once it has been completed.
