Remote Attack Surface Overview

Cortex® Xpanse™ can ingest endpoint data from Cortex® XDR™ to provide a consolidated view of your remote attack surface.
The Remote Attack Surface dashboard provides a consolidated view of your remote worker attack surface using endpoint data from Cortex® XDR™ combined with public Internet information discovered by Cortex® Xpanse™. This API integration between Cortex Xpanse and Cortex XDR enables you to identify and alert on security issues on remote worker systems and network environments.
The Cortex XDR Agent can be installed on workstations, servers, cloud instances, and mobile devices. Cortex Xpanse ingests this data for all devices that have a public IP address and have communicated with the Cortex XDR server in the last 48 hours to identify remote workforce devices associated with your organization. Cortex Xpanse displays all of the networks that your Cortex XDR devices are connected to and categorizes each network as either Remote (if the network’s IP address does not overlap with your organization’s asset map) or Corporate (if the network IP address overlaps with your organization's asset map). Cortex Xpanse also enables you to drill down into each network to see the list of individual devices using it.
Cortex Xpanse cross references Cortex XDR endpoint data with its own global scan data to identify issues and services running on the networks where employees are located. This functionality enables you to view the risky Services and Issues associated with your remote worker networks and devices.
Security risks identified by Cortex Xpanse on your remote networks can be remediated directly on the device via Cortex XDR or via network configuration.
The following sections provide details about Attack Surface Management for Remote Workers, the Remote Attack Surface dashboard, and how to configure the Cortex XDR API connector:

Recommended For You