ASM in XSIAM discovers and intelligently attributes assets to organizations, helping you discover and protect previously unknown internet-connected systems. Through this network mapping process you will understand your organization's true public-facing network perimeter.
Asset discovery and attribution
ASM in XSIAM uses a variety of methods to discover and attribute internet-facing assets to your organization. These methods include:
IP Registration—An IP range’s registry information mentions information about your organization. ASM in XSIAM pulls from all regional internet registry databases, including ARIN, RIPE, APNIC, LACNIC, and AFRINIC. Registry information in your ASM in XSIAM instance is updated approximately biweekly.
ASN Advertisement—An autonomous system number (ASN) assigned to you advertises your IP range as a BGP prefix.
Certificate—An IP range advertised one of your certificates.
DNS—A DNS record points to an IP in your IP range. ASM in XSIAM gets its domains and DNS data from a combination of active and passive global collection techniques.
Self-Provided—The asset was on an IP address list provided by your organization or was attributed by ASM in XSIAM for a reason other than those listed above.
ASM in XSIAM discovers cloud assets using domain and certificate observations because IP registration data is not useful for cloud-hosted assets. We can also pull in known cloud assets through integrations with cloud service providers, such as Azure, AWS, and GCP.
Human-in-the-loop
An expert analyst oversees a human-in-the-loop system which leverages our proprietary AI models to produce network maps of the highest confidence and completeness.
Your Internet-facing assets are always under attack from targeted and opportunistic attackers. Without a continuously updated, accurate inventory of those assets, you leave unknown or unmonitored assets exposed to threats. ASM in XSIAM discovers and helps remediate any exposures on those assets.
A primary advantage of ASM in XSIAM is combining leading-edge automated network mapping analysis with expert insights and validation. Cortex XSIAM experts understand the intricacies and idiosyncrasies of asset scanning and attribution. The end-result for ASM in XSIAM customers is fewer false positives and development of naming schemas and patterns that lead to broader asset discovery than what you see with fully automated scanning engines alone.
Does ASM in XSIAM include assets for vendors, partners, and subsidiaries?
Standard contracts for the ASM Module for XSIAM include mapping and reporting on your core company's attack surface as well as named subsidiaries. Depending on the contract, or an additional statement of work, we can map and report on additional vendors, partners, or acquisitions. Contact your customer success manager for more information.