Network mapping - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-10-11
Category
User Guide
Solution
Cloud
Abstract

Cortex Xpanse discovers and intelligently attributes assets to organizations using AI and human experts.

Cortex Xpanse  discovers and intelligently attributes assets to organizations, helping you discover and protect previously unknown internet-connected systems. Through this network mapping process you will understand your organization's true public-facing network perimeter.

Asset discovery and attribution

Cortex Xpanse uses a variety of methods to discover and attribute internet-facing assets to your organization. These methods include:

  • IP Registration—An IP range’s registry information mentions information about your organization. Cortex Xpanse pulls from all regional internet registry databases, including ARIN, RIPE, APNIC, LACNIC, and AFRINIC. Registry information in your Cortex Xpanse instance is updated approximately biweekly.

  • ASN Advertisement—An autonomous system number (ASN) assigned to you advertises your IP range as a BGP prefix.

  • Certificate—An IP range advertised one of your certificates.

  • DNS—A DNS record points to an IP in your IP range. Cortex Xpanse gets its domains and DNS data from a combination of active and passive global collection techniques.

  • Self-Provided—The asset was on an IP address list provided by your organization or was attributed by Cortex Xpanse for a reason other than those listed above.

Cortex Xpanse discovers cloud assets using domain and certificate observations because IP registration data is not useful for cloud-hosted assets. We can also pull in known cloud assets through integrations with cloud service providers, such as Azure, AWS, and GCP.

Human-in-the-loop

An expert analyst oversees a human-in-the-loop system which leverages our proprietary AI models to produce network maps of the highest confidence and completeness.

Your Internet-facing assets are always under attack from targeted and opportunistic attackers. Without a continuously updated, accurate inventory of those assets, you leave unknown or unmonitored assets exposed to threats. Cortex Xpanse discovers and helps remediate any exposures on those assets.

A primary advantage of Cortex Xpanse is combining leading-edge automated network mapping analysis with expert insights and validation. Cortex Xpanse experts understand the intricacies and idiosyncrasies of asset scanning and attribution. The end-result for Cortex Xpanse customers is fewer false positives and development of naming schemas and patterns that lead to broader asset discovery than what you see with fully automated scanning engines alone.

Does Cortex Xpanse include assets for vendors, partners, and subsidiaries?

Standard contracts for Cortex Xpanse include mapping and reporting on your core company's attack surface as well as named subsidiaries. Depending on the contract, or an additional statement of work, we can map and report on additional vendors, partners, or acquisitions. Contact your customer success manager for more information.