Once the agency engaged with Xpanse, one of its first tasks was to solve the problem of the security team having responsibility for a network it didn’t have full ability to monitor and manage. At the time, it was the established practice across the agency for semi-autonomous field sites to make their own risk-acceptance decisions without adhering to centrally decreed security policies. This paved the way for internet-facing vulnerabilities that the security team didn’t know about and thus could not remediate. In its initial IP address list audit, Xpanse showed that the agency had 40% more IP addresses than it knew about and was actively monitoring.
The security team used Xpanse Expander to independently identify assets and exposures across the entire network perimeter of the agency, and enforce remediation actions at the individual field sites. In one case, a particular field site used a series of networked security cameras extensively. The field site had a legitimate business use case for the cameras, but was unaware that the cameras’ factory default configuration included File Transfer Protocol (FTP). These FTP instances were not encrypted or actively managed, and could have been accessed by unauthorized, malicious actors on the internet. In addition to exposed FTP, there were field sites with publicly exposed Telnet servers, which are unencrypted remote access protocols that are a favorite target of attackers. Xpanse discovered these exposures and empowered the agency’s security team to work with the field sites to properly configure, manage, and protect these devices and services.
With the Xpanse platform, the agency gained total visibility into its global internet attack surface. The security team no longer had to accept responsibility without visibility or authority—it could now discover, monitor, and track internet assets and exposures across the entire organization, resulting in a heightened security posture. Leveraging Expander from August 2017 to April 2019, the agency decreased critical exposures by over 58% and reduced the number of insecure certificates by 44%, and is driving toward full remediation.
With a significantly reduced attack surface and automatic discovery and monitoring of new internet-connected assets and exposures, the major U.S. agency is more secure and able to focus on its mandate in service of the American people.
To learn more about Cortex® Xpanse™, visit
paloaltonetworks.com/cortex/cortex-xpanse.