Attack Surface Management (ASM) helps you discover and manage your public attack surface, providing visibility into all of your internet-facing digital assets, including on-prem and cloud.
The ASM add-on module for Cortex XSIAM brings industry-leading Attack Surface Management (ASM) capabilities to the XSIAM platform. ASM helps you discover and manage your public attack surface, providing visibility into all of your digital assets, including on-prem and cloud. With ASM in XSIAM, you can identify and remediate vulnerabilities, enforce compliance policies, and reduce the risk of cyberattacks.
ASM is integrated directly into the XSIAM user interface. ASM data and insights are viewable and actionable in several different places in the XSIAM interface.
Assets—ASM in XSIAM provides a searchable, filterable inventory of all the external internet-facing assets that have been attributed to your organization by Cortex XSIAM, including IP ranges, certificates, domains, cloud resources, and services.
Dashboards & Reports—ASM in XSIAM provides out-of-the-box and customizable dashboards and reports on the current and historical state of your organization's inventory, services, and incidents. This reporting delivers insight into trends and helps leaders identify key topics and business units to focus on to improve the security posture of the organization.
Detection & Threat Intel—ASM in XSIAM provides 800+ attack surface rules and hundreds of attack surface tests to identify actionable risky and vulnerable assets and confirm exploitability. The Threat Response Center is also available to track emerging internet threats, including zero-day CVEs.
Incident Response—ASM in XSIAM generates incidents and alerts are based on a flexible attack surface rules engine that identifies security and configuration risks within your organization's assets and services, and provides a workflow in which analysts can investigate, prioritize, track their efforts to remediate outstanding problems, and independently confirm they have been corrected.
ASM automation—Using curated, out-of-the-box playbooks available through the Marketplace, you can configure ASM in XSIAM to automatically take several actions that accelerate remediation and actually fix vulnerable devices. Playbooks can automatically query different systems to identify the likely owner of an asset, create tickets, or secure exposed assets by creating new firewall rules or blocking a cloud service at the port level.