Expanse is excited to announce a new milestone in the evolution of our product suite with the release of Issues, a new and improved way to manage your global attack surface in Expander. The Issues module makes it easier and faster for security teams to manage Internet-facing risks.
Expanse created Issues to provide customers with the following key benefits:
- Boosts productivity: Makes it easier for teams to take action on problematic Internet-exposed services, reducing employee hours spent and mean time to remediate
- Custom policy implementation: Provides a more customized experience based on specific security policies and concerns that are most important to the organization, including the ability to deploy custom rules based on organizational needs and/or certain compliance standards
- Rapid response to new threats: Makes it easier to add detection for additional security policy violations associated with new CVEs and other evolving threats
At the core of the Issues module is Expanse’s new policy engine. After Expanse discovers all Internet assets and associated services belonging to the organization, the policy engine detects security policy violations according to the unique needs of the organization. Policy violations are captured as individual Issues for security teams to review and address. The Issues module also comes with an array of new functionalities, such as a ticketing-style workflow, enhanced attribution evidence, improved filtering and sorting, bulk editing of Issues, and more.
In Expander, security teams previously managed the organization’s attack surface in the Exposures view. Exposures included a combination of expected, routine Internet services as well as items that could pose a risk to your organization. Exposures also displayed on-premises and cloud services separately. Issues, on the other hand, focuses specifically on problematic/risky Internet-accessible systems and services. This makes it easier for security teams to focus on what matters most. While Issues and Exposures will initially exist side by side in Expander, Issues will fully replace the Exposures view by 2021.
Within Issues, you’ll notice a number of new capabilities, including:
Assign a priority level to Issues individually and in bulk to help drive action on the most urgent exposed services.
Custom Rules and Compliance Packs
Working with their Engagement Manager, customers can deploy custom rules for different Issue types, business units, and other schema. Issues also makes it possible for customers to rules based on different compliance standards.
Assign Issues to users in a ticketing-style workflow to help drive action and simplify remediation processes. Continuous monitoring gives you independent confirmation that problems are fixed.
Filter Issues by priority, assignee, Issue type, activity status, progress status, tag, business unit, or hosting provider.
Bulk edit Issues to change assigned users, priority, or progress status. You can also add comments to multiple Issues at once.
Simplified Search and Sorting
Search for Issues based on content, domains, IP, or port number. Sort by name, activity, priority, progress, or date added.
Leverage more detailed scan results than the previous Exposures view, including validation information (attribution reason(s), business unit, and registration record) for the underlying assets that link to each Issue, enabling your team to jumpstart remediation.
Another core benefit of Issues is that it makes it easier and faster for Expanse to deploy new Issue types to respond to the evolving security landscape. When a new CVE is announced for a type of system or service that was previously not featured in Expander, Expanse is able to quickly fingerprint devices associated with this CVE so that customers can take prompt action. Over time, Expanse will add additional functionality to Issues to make it easier for customers to configure and deploy new security policies in a self-service fashion.
Let’s look at a few use case examples of how your security team would operationalize Issues.
A security analyst on your team logs in to Expander, and you apply a filter to look at only Issues with a priority of High. The analyst notices that there is a new MySQL server exposed on your network and she kicks off an investigation. She changes the status to Investigating and assigns it to her email address so the team knows that she is looking into it. After verifying that mitigating measures have been taken to protect the server, your security analyst changes the status to Acceptable Risk and the priority to Medium. Your team has now concluded your investigation into that Issue.
Your security analyst also notices a new Telnet server is exposed. Your analyst is particularly concerned about this, so she changes the priority to Critical, marks the status as Investigating, and assigns it to another co-worker. The co-worker investigates the Issue, and is able to bring the Telnet server offline. The security analyst then marks the Issue as Resolved. If that Telnet server ever appears again, Expanse will resurface it in Issues so your team can take immediate action.
With highly configurable and agile workflows, enriched asset context, the ability to rapidly respond to new threats, we’re confident Issues will add value for your security team. If you are a current customer, please contact your Engagement Manager if you have any questions about the benefits of Issues. And if you’re not a customer, schedule a demo with one of our experts to discuss how Issues can help your organization manage your attack surface with confidence.