Remote Attack Surface Use Cases

Cortex® Xpanse™ supports a number of use cases to protect your remote attack surface.
Cortex® Xpanse™ supports a number of use cases to protect your remote attack surface, including the following:
  • Reveal risks and reduce the attack surface related to the remote employee environment
    Xpanse ingests Cortex XDR™ endpoint data and combines it with its global scan results to find risky services and issues. Xpanse creates new Services and Issues in Expander, which you can remediate through XDR or network configuration.
  • Discover the gaps in coverage of Cortex XDR agents in your organization
    Cortex Xpanse can identify services running on core infrastructure that lack a corresponding Cortex XDR Agent. Within Expander you can filter Services and Issues by whether or not a Cortex XDR Agent is present.
  • Identify the internal and external IP mapping of your remote workforce
    For issues detected on networks where a Cortex XDR agent is installed, Cortex Xpanse will know the most recent internal IP address of the device, which can aid in investigation and remediation.
  • Ensure employees are using a VPN service
    Cortex Xpanse creates new Remote Device records for each Cortex XDR endpoint and maintains a history of IP addresses the endpoint has used. These IP addresses can be compared to your global VPN network to ensure employees are using the VPN service.

Recommended For You