Today, we are announcing the ASM for Remote Workers module. Customers can now combine Cortex® Xpanse™ provided outside-in view with Cortex® XDR inside-out view to help secure their remote workers operating in vulnerable networks. Starting today, all customers of Palo Alto Networks using both Cortex Xpanse and Cortex XDR can gain deeper visibility in the vulnerabilities and misconfigurations of their remote worker environments.
The number of remote workers has skyrocketed over the past two years, and a larger percentage of workers being remote is the new normal. Unfortunately for IT professionals, this means more workers outside of the safety of the company network. Wherever your remote workers are—at home, a co-working space, or a coffee shop—can you be sure their devices are secure?
What about your critical employees? Your VP of Finance working with sensitive financial information, or your teams working with critical customer information? Do you know if they are connecting using routers with known vulnerabilities? Do you dynamically alter their access controls using policies based on where they are working from or are they still under the same generous access policies as though they were on your office network?
Organizations have limited visibility into the security of their employee’s networks. This creates a gap in any attack surface management plan because your Security Operations Center doesn’t know how secure the network is for remote workers, whether there are unknown exposures, or critical issues accessible from the public internet.
Regardless of the security protocols in place, risks can arise from simple carelessness like working from an insecure network without a VPN, risks a worker wouldn’t expect like an ISP leaving Telnet open for troubleshooting, or accidental misconfigurations. Without visibility into these exposures on corporate devices or remote networks, employees could be at risk to compromise, including ransomware.
Traditional endpoint solutions may be unable to help because they can’t provide the visibility needed to identify external risks and exposures. Cortex Xpanse helps organizations discover critical issues that could impact remote workers anywhere, whether they are located in the office, at home, or on the go, by integrating with Cortex XDR.
Cortex XDR can give you the critical inside-out perspective into remote employees, while Xpanse provides the outside-in view into the environments in which these endpoints operate. With this integration, Xpanse provides organizations an attacker’s view of their remote worker’s environment, so your Security Operations Center can secure a remote workforce no matter where they are.
Xpanse is an automated Attack Surface Management platform that continuously discovers and monitors assets across the entire internet to help ensure your security operations team has no exposure blind spots. Xpanse scans all 4.3 billion addresses of IPv4 space multiple times per day to build a comprehensive map of all internet-facing assets. This data provides the visibility to allow organizations to monitor and discover risks in remote work environments and ensure that insecure remote network configurations aren’t opening up new risks.
As of Cortex XDR v3.0, Xpanse can now ingest Cortex XDR endpoint data for assets that have a public IP address and have been seen in the last 48 hours to identify remote workforce devices associated with your organization. All of the networks that your Cortex XDR devices are connected to will be visible and categorized, and Xpanse will even help you identify your endpoints that aren’t protected by Cortex XDR.
What is ASM for Remote Workers?
It is an API integration between Cortex Xpanse and Cortex XDR that combines an organization's endpoint details collected by Cortex XDR with public asset information discovered by Xpanse, allowing organizations to effectively identify and alert on security issues on their remote worker’s systems and network environments.
This data will be cross-referenced with Xpanse’s global scan data to identify risky issues and services running on the networks where your employees are located. Cortex XDR gives you internal insight into what’s running on those devices while Xpanse gives you the external perspective and identifies what’s exposed to the internet.
With out-of-the-box integrations with Cortex XSOAR and Cortex XDR, risks discovered by Xpanse can be remediated either directly on the device via Cortex XDR, via network configurations, or Xpanse can also send the data to Cortex XSOAR for further investigation and remediation.
The combination of Cortex XDR and Cortex Xpanse creates a solution in the market that can monitor your remote workers regardless of the network they are on because we combine Xpanse’s ASM data with XDR’s endpoint data. It allows organizations to monitor whether critical employees are using vulnerable or misconfigured hardware to connect to the internet, and it provides an attacker’s view into misconfigurations and risks in a remote worker’s environment.
Outcomes from Early Adopters
One of the early adopters of this ASM for Remote Workers was a large financial services firm based in the US. Using data from a few endpoint solutions, Xpanse was able to provide the customer visibility into critical vulnerabilities in their remote worker’s home network that they were previously unaware of.
During the period, the ASM for Remote Worker module found 56 open RDP servers which were accessible through the public internet and hence, susceptible to ransomware attacks. Xpanse also discovered 171 Telnet servers and over 1,000 unencrypted login pages exposed on employee-owned networks which could be compromised to execute a man-in-the-middle attack to steal the remote worker’s credentials.
With the visibility provided by the ASM for Remote Workers module, the organization was able to prioritize these issues to remediate them and also educate its users about the insecurities in their networks and how they can secure them.
If you want to learn more about Cortex Xpanse and Cortex XDR, download the whitepaper.