SAN FRANCISCO, Nov. 5, 2019 – Expanse, the leader in Internet Operations Management for IT and Security, today announced that global security and aerospace company Lockheed Martin has selected Expanse Link as one of its adversarial-focused solutions to enhance the cyber posture of companies throughout Lockheed Martin’s multi-tier supply chain. Expanse Link enables global organizations to manage their strategic suppliers by accurately identifying and managing a strategic supplier’s Internet Assets and risks. With continuous visibility across the supply chain, organizations can drive operational improvements that reduce risk for both the organization and the supplier.
“Most breaches that disrupt operations start with an exposed Internet Asset, which unfortunately means an organization is only as secure as its least secure supplier,” said Matt Kraning, co-founder and CTO of Expanse. “Without a complete identification of Internet Assets, their global communications, and the ability to manage those assets, parent and supplier organizations have gaps and risk. Expanse provides a one-of-a-kind global Internet perspective by continuously tracking all publicly routable assets, services, and their configuration details for organizations’ traditional infrastructure. Expanse Link extends this visibility to strategic suppliers so the parent organization can hold them accountable to the same standards they insist on for themselves.”
Mike Gordon, Chief Information Security Officer (CISO) for Lockheed Martin explained, “We recognize that state-sponsored and other attackers are aggressively targeting suppliers at all tiers of the Defense Industrial Business supply chain in an effort to steal or alter intellectual property and DoD information residing on company networks. We have identified Expanse Link as part of a holistic solution for this critical need.”
Suppliers can pose significant operational and strategic risk to the organizations they work for. These risks include business interruption in the event of an attack on a supplier, loss of sensitive data or intellectual property shared with the supplier, or attacks that use supplier networks as a stepping stone into the organization’s network. Organizations have employed various strategies for supply chain security, but none have provided the continuous visibility needed to drive operational changes and improve security outcomes throughout the supply chain.
As a platform for shared governance between an organization and a strategic supplier, Expanse Link makes it possible for organizations to assist suppliers with remediation as well as to hold them accountable for security and policy lapses. The product uses proprietary mapping technology to discover Internet Assets and services relating to the supplier across registered ranges, commercial IP space, and even dynamic cloud environments, as well as to detect risky and out-of-policy network communications from any part of the network of any supplier. This data is then surfaced in a web portal and RESTful API, enabling organizations to integrate information about their supply chain into existing tools and processes. Organizations can then review, triage, and monitor any exposures or policy violations.
Key capabilities of Expanse Link include:
- Complete discovery of Internet Assets on-premises and across all cloud providers, leading to full visibility.
- Accurate attribution and full data transparency so that suppliers and parents can quickly determine if an exposed asset is business-critical.
- Daily data updates to quickly verify remediation.
- Remote detection of risky and out-of-policy network traffic across all global supplier networks without installing or configuring any local sensors.