Like most large financial institutions, this Fortune 100 financial services company has a complex network. From M&A activity to cloud development to securing critical suppliers, it was challenging for the company to identify and monitor all of its Internet-connected assets. And without a complete and accurate IT asset inventory, it was even more challenging to secure those assets.
Blog
What Keeps Security Leaders Up At Night
It’s easy to focus on the threats that you know about, and easy to ignore the ones that you don’t see. When organizations conduct vulnerability scans, they get a weekly reminder of all of the unpatched and out-of-date devices on their network. Spam and phishing emails come in daily and are a constant reminder of… Continue reading…
5 Reasons You Need a Global View of Your Attack Surface
In the past, the vast majority of an organization’s attack surface was based on static ranges that were registered to that organization. This made it relatively simple to monitor the attack surface for signs of compromise and prevent intrusion by malicious actors. But things have changed. Today, most organizations have assets on so much more… Continue reading…
What We Got Wrong About the Internet
In order to effectively protect our customers, Expanse cultivates a deep understanding of the Internet. We use our global perspective to help our customers understand both what they own that is connected to the public Internet and how to keep their assets secure. Since joining Expanse as a software engineer, I’ve learned about many pervasive,… Continue reading…
Cloud Discovery Continues to Be Hot for IT Ops
Over the past decade, IT processes have become increasingly decentralized at most organizations. Because the control of Internet-connected assets is so dispersed, it’s an ongoing challenge for organizations to appropriately manage asset lifecycles and monitor for exposures. Few things have contributed to the decentralization of IT — and the asset management challenges that come with… Continue reading…
Think Cloud Visibility Is a Problem? You’re Not Alone
Organizations need to secure their assets in the cloud. But they can’t secure what they don’t know about.
Worried About Your Internet Presence? Focus on Your Attack Surface
The Internet has created myriad ways for people and organizations to connect with one another. Unfortunately, attackers will attempt to find and exploit the Internet presence of an organization. All of the connections, profiles, pages, and posts can be discovered and potentially weaponized in both targeted and opportunistic attacks. Your Internet Presence The classes of… Continue reading…
RDP and BlueKeep: What You Need To Know
On May 14th, 2019, Microsoft released a patch for a pre-authentication vulnerability affecting several versions of Windows. Microsoft even released a patch for end-of-life software because the vulnerability is so serious that it has the potential to create a WannaCry-styled global outbreak. In this post, we’ll talk about RDP, the vulnerability, and how you can… Continue reading…
3 Security Issues Every Organization Should Worry About
When I worked as a cybersecurity consultant at one of the Big Four auditing and professional services firms, I got a front-row seat to the security challenges facing enterprises today. I learned to be skeptical of the cyber maturity of the “big guys,” or the large and well-established enterprises that are connected to the daily lives of millions. While working with clients of all sizes across multiple industries, I realized very few organizations have even a decent grip on their actual cybersecurity posture.