Attack Surface Testing - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Attack Surface Testing runs benign exploits against your externally facing assets to confirm the presence of vulnerabilities.

Cortex Xpanse Attack Surface Testing confirms the presence of a vulnerability on your external attack surface, enabling you to quickly and confidently prioritize risks. With your approval, Cortex Xpanse runs benign exploits against externally facing assets to confirm the presence of vulnerabilities. Rather than manually verifying inferred CVEs yourself, Cortex Xpanse Attack Surface Testing runs daily scans based on your preferences.

When you set up Attack Surface Testing, you select the targets for the testing, either all of a subset of your directly-discovered services (directly-discovered services are services for which Cortex Xpanse has a registration record tying your organization to the the service). Once you've selected targets, Cortex Xpanse runs attack surface scans daily. Attack surface test results are displayed on the Services tab in the Inventory, so you can review the data as part of your existing attack surface management (ASM) workflow. All attack surface tests are enabled by default, but you can view information about the tests and disable tests if needed from the Attack Surface Tests page.

Attack surface test results will impact an incident's risk score, but do not open or close alerts.

Cortex Xpanse attack surface tests

Cortex Xpanse has an extensive set of attack surface tests for the CVEs and other known risks that affect externally-facing services and can be confirmed using benign testing. Our vulnerability testing is layered on top of our existing ASM global scanning infrastructure, which distributes requests across a broad time range to minimize the impact to scanned and tested services. We perform external scans only, which means we only test directly-discovered services accessible from the public internet. Cortex Xpanse does not perform authenticated scanning or allow scans to change the state on a tested service. To further decrease test load and the possibility of impacting a service, we map attack surface tests to service classifications, enabling us to run tests only on the relevant services in your approved set of targets. For example, we only run Apache attack surface tests against your Apache services.

New attack surface tests are added at the discretion of the Cortex Xpanse Security Research Team when new vulnerabilities are announced.