Case Study

A Tale of Three Cortex Xpanse Customers

The internet is a small place. Attackers can scan the internet in under an hour and get a list of every RDP, database, and abandoned web server out there. Because attackers can find exposed assets quickly, it’s important for organizations to reduce their attack surface so there are fewer opportunities for unauthorized entry.

Cortex® Xpanse™ discovers and monitors internet assets for the world’s largest organizations so they can reduce their attack surface and lock down their perimeter.

Most organizations know their security isn’t 100% perfect. And they don’t want another alert or a longer list of assets to manage—they want to see results. That’s why the Mission Operations team works closely with customers to help them operationalize the information they get from the Xpanse platform and measure results over time. Without any software to deploy or configure, the Xpanse platform delivers immediate time to value.

To give you a sense of how organizations have defined and measured results with Xpanse, check out these three examples of Xpanse customers:


This global pharmaceutical company had a chaotic network when it started its engagement with Xpanse. Nearly 250 critical exposures were scattered across its perimeter, core network, cloud providers, and subsidiaries’ networks.

Initially, it was challenging for the Fixer to know where to start given uncertainty in asset ownership and reluctance to change. Xpanse was able to help prioritize low-hanging fruit, such as egregious exposures on core network ranges that were clear violations of policy. After some initial wins, the Fixer became more confident in the data and gained momentum by expanding to other more difficult investigations.

Ultimately, the Fixer was able to get down to zero critical exposures. Moving forward, the organization is planning to tackle certificate hygiene.


This major financial institution had a comparatively large internet presence before becoming an Xpanse customer. With about 20,000 total IPs and over 1,000 responsive IPs, the Shrinker had a huge number of systems to monitor and secure.

To start, the Shrinker decided to prioritize decreasing its attack surface area. This would make the organization a smaller target for attackers while simultaneously simplifying asset management, vulnerability management, and patching needs.

Within months of engaging with Xpanse, the Fixer reduced its surface area by over 85%.


This Fortune 10 retailer leveraged Xpanse during a massive clean-up effort in 2017, eventually reducing its critical exposures to close to zero. But the work didn’t stop there. The company created policies and SLAs so that when new exposures occurred, they would be identified, assessed, and remediated within hours or days.

And it’s a good thing the Sentinel did, with organizational churn, changes in their network, and the inevitable rogue developer in AWS® routinely exposing a new asset. But with Xpanse, these small blips are stamped out, instead of creating a huge list of exposures seen at many other organizations. Security isn’t ever complete; companies like the Sentinel continue to stand guard over their networks to quickly identify and remediate new vulnerabilities.

All three of these customers saw meaningful and measurable improvements in their security posture and IT operations processes with Xpanse. With global, continuous monitoring of their internet assets and exposures on those assets, they continue to drive change and make their organizations more secure and efficient.

To learn more about Cortex® Xpanse™, visit