Expanse Rolls Out New Views for Expander

Asset Viewer now shows your known (and unknown) AWS Resources

Expanse is excited to announce three new views in Expander’s Asset Inventory View feature: Certificates, Domains, and Cloud Resources. Expanse customers now have comprehensive visibility across on-premises and cloud environments through Expander’s UI or API by automatic discovery and updating of these key Internet assets.

Having a rock solid inventory is the foundation for a number of critical IT and security processes. If you don’t know what assets you have, your IT operations teams can’t manage the lifecycles for those assets, and security teams cannot secure them.

But most organizations today do not understand the extent of their ownership of all their Internet assets and services. Across different teams, asset lists can differ. Your vulnerability management team may scan one set of IP addresses and host names, while your IT ops team tracks a different set of assets in your CMDB, while marketers set up new domains without adding them to any established inventory. Expanse routinely identifies anywhere from 30 to 70 percent more Internet assets than organizations previously knew about or were tracking.

Traditionally, IT asset management has focused on endpoints, software, and physical technology/devices. But what about domains, IP addresses, certificates, and cloud resources? These assets also have life cycles in the traditional sense and must be similarly managed and secured.

Expander, our flagship solution, was created to solve this problem. Our new asset views within Expander add further value to Expander by making three new asset types visible.

Within the new views, customers can see certificates on-prem and in the cloud, domains on-prem and in the cloud, and cloud resources. Right now, the Cloud Resources tab shows assets in Amazon Web Services, but expect to see additional cloud service providers here soon.

Under Certificates, we show all the certificates that we’ve attributed to your company. We’ve shown this sort of data before, modeled as an advertisement in the Exposures section (an advertisement is a unique certificate PEM and IP port pair). Under the Assets tab, we model certificates as unique PEMs instead. So, if the same certificate is seen on ten different IPs, Expander shows one certificate asset in the Assets tab and 10 certificate advertisements in the Exposures tab.

See the Certs that need attention

There are two export types for certificates. The first is to export a certificate via a CSV, which shows everything in the table view except the IPs that the certificates are advertised on (that would make the file too large and slow). The second is to select certificate advertisements, which will export certificates and the IPs they were advertised on. It will show provider information as well. This data can be used by existing scanners if a customer previously had an integration to scan the cloud IP’s export data.

We also show all the domains mapped to a customer. We don’t filter out any domains, but still enrich the table with subdomains using the passive DNS dataset. We can still collapse subdomains: If there are over 1,000 subdomains, they can be collapsed under one domain.

Similar to what we offer under the Certificates tab, we support a fast export for all domains and another for all domain resolutions.

We display all assets pulled from any AWS integration configurations, and show AWS as a provider, with the AWS service name, resource type, and region. These views are particularly helpful to heavy cloud users, as you’ll be able to see all the different AWS services that are available and used by your users. We expect to announce Google and Azure integrations later this year, making this particular feature even more valuable to multi-cloud customers.

Expander’s API supports all these Internet asset views, making it easy to pull this new data into CMDBs, SIEMs, scanners, firewalls, etc.

These new capabilities deepen Expanse’s position as a single system of record for all of an organization’s Internet assets. IT Operations and security teams can:

  • Discover unknown cloud exposures.
  • Drive alignment with a complete, current, and accurate view of all Internet assets.
  • Automate managing asset inventories instead of manually tracking asset lists in spreadsheets.
  • Streamline managing asset lifecycles with a single source of truth.

Having an accurate inventory of all your Internet assets on-prem and in the cloud—as well as knowing their associated exposures—is key to managing asset lifecycles and achieving meaningful attack surface reduction. Schedule a demo today to learn more about these new product capabilities and how Expanse can help your organization.