Expanse had a great 2019, and we’re happy that you came along for the ride. This post will focus on new products and capabilities we launched in 2019, but first, just a couple of important company milestones to highlight:
- We secured $70 million in Series C funding in April
- We made our first appearance in the Forrester Wave for Vulnerability Management as a strong contender, above most competitors of like size and maturity
- We launched our new website and Internet Operations Management message
A key contributor to our growth is a product and engineering team that listens to customers and responds quickly to requests. Many customers asked for greater support of cloud resources, which became an overarching theme of 2019. We shipped a number of cloud-related capabilities that provide the following benefits:
- Discovery and tracking of all cloud assets across all cloud providers, not just the big three
- The ability to quickly uncover unknown and rogue assets that are not part of sanctioned cloud accounts
- Continuous monitoring of global cloud providers for newly created assets that tie back to your organization
- Analysis of your cloud footprint to better understand and consolidate cloud asset management into sanctioned IaaS accounts
- Customers can identify providers hosting their assets that are outside company policy. These providers are not just traditional cloud service providers, they include telecom companies, small hosting companies, and CDNs:
- Microsoft Azure
- Google Cloud Platform
- 1&1 Internet
- Digital Ocean
- Dimension Data
- IBM Cloud
- Limelight Networks
- Liquid Web
- Media Temple Inc.
- Sakura Internet
Splunk Technical Add-On
The number one integration launched this year (with two version updates) was the Splunk Technical Add-on. Integrating with Splunk was a top priority for customers, as it is a market-leading SIEM used by many. Customers can now see all of their Internet Assets, configure and impose rules on these assets, and perform root cause analysis as necessary through their Splunk dashboards.
In September Expanse released v2 to include Events and Assets data and Behavior netflow data. It is available for download from Splunkbase. You can configure your own Expander data as a Splunk data input, configure the Technical Add-On to use a proxy, search your Expander data through the Splunk UI using Splunk data queries, and more. This allows you to:
- Gain greater ease of use for data querying in a commonly used SIEM
- Centralize alerting
- Have a single source of truth for security-related data
- Correlate Expander Exposures with internal events tracked in Splunk
- Create custom reporting, dashboards, and visualizations
- Gain context for IPs and Exposures observed on your network perimeter
The Events API now includes cloud exposure appearances and disappearances so customers can be aware of new exposures appearing on their cloud assets. This data will also be available in the Expander Splunk Technical Add-On v2, so that customers can integrate cloud exposure data into their SIEM for alerting, enrichment, and visualizations.
New Exposure Types
Expanse also released 20 new exposure types, covering additional critical, warning and routine services. These protocols will make it possible to see details beyond just an asset type. These exposure types include:
- VNC over HTTP Server
- Hadoop Server
- SharePoint Server
- Rsync Server
- Redis Server
- Postgres Server
- pcAnywhere Server
- NTP Server
- MultiCast DNS Server
- MongoDB Server
- IMAP Server
- IKEv2 Server
- CouchDB Server
- Cassandra Server
- RPCBIND Server
We launched the ability for customers to annotate IP range assets with tags, POCs, and notes at the /32 level. This allows customers to capture business classification and context that is specific to a single IP or group of IPs that make up part of an IP range in the Assets view.
Asset Inventory Views
We replaced Cloud IPs and Cloud Domains with superset views called Certificates, Domains and Cloud Resources. These views support operational tasks and orient towards IT functions, adding additional value to both IT and Security.
Organizations do not have comprehensive views of ephemeral Internet assets that need constant monitoring. Certificates in cloud-hosted environments can be particularly nasty exposures, as they typically expire without anyone noticing. Domains are nice to track for registration expirations and a variety of other possible unhealthy metrics. Expanse monitors all of these and lets you know when to take notice.
The Certificates view has a particularly interesting feature. Even if customers have views of these assets, updating status tends to be manual, requiring additional IT resources and often leads to errors. Expanse updates status and flags warnings automatically, mitigating one of asset management’s primary weaknesses.
Cloud Resources is another interesting view, as it discovers AWS services, making cloud governance a much more robust program across a customer’s entire organization. We plan to add other public cloud providers’ services in 2020, making the notion of multi-cloud governance possible and rooting out shadow IT for good.
Risky Device Types
Expanse rolled out the beta of Risky Device Types to all Expander customers. This feature discovers device types that are generally not intended to be accessed over the public Internet and may contain sensitive information or have unaddressed vulnerabilities. Initial device types that will be identified are:
- Building Control Systems
- Data Storage Devices
- Embedded Systems
- Networking Infrastructure
- Collaboration Devices
All in all, 2019 was an amazing year for product releases and feature updates. The roadmap looks even better in 2020, and the planned features should constitute several new milestones. Stay tuned for 2020 plans for details!