Cortex® Xpanse™ can ingest endpoint data from Cortex®
XDR™ to provide a consolidated view of your remote attack surface.
The Remote Attack Surface dashboard provides
a consolidated view of your remote worker attack surface using endpoint
data from Cortex® XDR™ combined with public Internet information
discovered by Cortex® Xpanse™. This API integration between Cortex
Xpanse and Cortex XDR enables you to identify and alert on security
issues on remote worker systems and network environments.
The Cortex XDR Agent can be installed on workstations, servers,
cloud instances, and mobile devices. Cortex Xpanse ingests this
data for all devices that have a public IP address and have communicated
with the Cortex XDR server in the last 48 hours to identify remote
workforce devices associated with your organization. Cortex Xpanse
displays all of the networks that your Cortex XDR devices are connected
to and categorizes each network as either Remote (if the network’s
IP address does not overlap with your organization’s asset map)
or Corporate (if the network IP address overlaps with your organization's
asset map). Cortex Xpanse also enables you to drill down into each
network to see the list of individual devices using it.
Cortex Xpanse cross references Cortex XDR endpoint data with
its own global scan data to identify issues and services running
on the networks where employees are located. This functionality
enables you to view the risky Services and Issues associated with
your remote worker networks and devices.
Security risks identified by Cortex Xpanse on your remote networks
can be remediated directly on the device via Cortex XDR or via network
The following sections provide details about Attack Surface Management
for Remote Workers, the Remote Attack Surface dashboard, and how
to configure the Cortex XDR API connector: