Through a network mapping process, Cortex XSIAM discovers and attributes assets to organizations.
Attack Surface Management (ASM) in Cortex XSIAM discovers and intelligently attributes assets to organizations, helping you discover and protect previously unknown internet-connected systems. Through this network mapping process, you will understand your organization's true public-facing network perimeter.
Asset discovery and attribution
Cortex XSIAM uses a variety of methods to discover and attribute internet-facing assets to your organization. These methods include:
IP Registration—An IP range’s registry information mentions information about your organization. Cortex XSIAM pulls from all regional internet registry databases, including ARIN, RIPE, APNIC, LACNIC, and AFRINIC. Registry information in your Cortex XSIAM instance is updated approximately biweekly.
ASN Advertisement—An autonomous system number (ASN) assigned to you advertises your IP range as a BGP prefix.
Domain Registration—Domain registry information mentions information about your organization. Cortex XSIAM pulls Whois registration information and updates it in your Cortex XSIAM instance approximately biweekly.
Certificate—An IP range advertised one of your certificates.
DNS—A DNS record points to an IP in your IP range. Cortex XSIAM gets its domains and DNS data from a combination of active and passive global collection techniques.
Self-Provided—The asset was on an IP address list provided by your organization or was attributed by Cortex XSIAM for a reason other than those listed above.
Human-in-the-loop
An expert analyst oversees a human-in-the-loop system which leverages our proprietary AI models to produce network maps of the highest confidence and completeness.
Your Internet-facing assets are always under attack from targeted and opportunistic attackers. Without a continuously updated, accurate inventory of those assets, you leave unknown or unmonitored assets exposed to threats. Cortex XSIAM discovers and helps remediate any exposures on those assets.
A primary advantage of Cortex XSIAM is combining leading-edge automated network mapping analysis with expert insights and validation. Cortex XSIAM experts understand the intricacies and idiosyncrasies of asset scanning and attribution. The end-result for Cortex XSIAM customers is fewer false positives and development of naming schemas and patterns that lead to broader asset discovery than what you see with fully automated scanning engines alone.
Does Cortex XSIAM include assets for vendors, partners, and subsidiaries?
Standard contracts for the ASM Module for Cortex XSIAM include mapping and reporting on your core company's attack surface as well as named subsidiaries. Depending on the contract, or an additional statement of work, we can map and report on additional vendors, partners, or acquisitions. Contact your customer success manager for more information.