What’s Automated Attack Surface Management?

Over the past several years, there has been an increasing incidence of threat actors using highly automated tools to explore and exploit cyber vulnerabilities in large and medium enterprises. Now, Palo Alto Networks has announced that its new service would help security teams to discover and remediate such risky exposures quickly. 

In a statement, the company says the new service aims to help cybersecurity teams in enterprises to get on top of such threats using the new Xpanse Active Attack Surface Management service. 

In the statement, Matt Kraning, CTO of Cortex for Palo Alto Networks says while the fundamental need for attack surface management hasn’t changed, the threat landscape today is much different. Organizations need an active defense system that operates faster than attackers can.  “With Xpanse Active ASM, we give defenders the ability not only to see their exposures instantly but also to shut them down automatically with no human labor required,” he says. 

Automation of cybersecurity with machine learning

The new service provides users with an “active discovery” module that refreshes its internet-scale database multiple times over a 24-hour cycle while constantly using machine learning to report vulnerabilities to users. In addition, it also includes an active learning module that processes the streamed discovery data to analyze and prioritize top risks. 

Then there is the “active response” module that includes embedded automatic remediation capabilities that ensures the shutting down of exposures based on the findings and analysis done by the “active discovery” and “active learning” modules. All of this activity happens without any human intervention. 

The statement said that the response module also includes built-in playbooks that automatically mitigate critical risks such as exposed Remote Desktop Protocol (RDP) servers and insecure OpenSSH instances, Palo Alto Networks claims. The concept of active attack surface management is Palo Alto Networks’ latest addition to its Xpanse suite. 

The platform is based on the company’s  2020 Expanse acquisition, which Palo Alto Networks later integrated into its artificial intelligence-based detection, prevention, and automation portfolio called Cortex. Last month, the company announced a multi-year, multi-million dollar deal with the US Department of Defense. 

Also a tie-up with Google Cloud on ZTNA 

Meanwhile, in related news, Palo Alto Networks also announced a tie-up with Google Cloud to provide cloud-delivered, next-generation zero-trust network access (ZTNA), aiming to secure access for a hybrid workforce. The service ties Google Cloud’s BeyondCorp Enterprise and Prisma Access from Palo Alto Networks, which delivers next-generation ZTNA.

It may be recalled that Google Cloud had introduced BeyondCorp Remote access in 2020 which is based on the zero-trust approach that the company uses internally. The service lets users access web apps from devices across locations without a traditional VPN. As for Palo Alto Networks, it has been preaching a shift to next-gen ZTNA for some time now. 

The company has claimed that its Prisma Access solution meets the ZTNA next-gen needs by identifying applications at layer-7 that allows access control of applications and sub-app levels while providing seamless trust verification, security inspection of traffic and data control across an entire suite of applications.