A Tale of Three Expanse Customers

Marshall Kuypers

By Marshall Kuypers, Senior Director, Cyber Risk 08.19.2019

LINKEDIN

The Internet is a small place. Attackers can scan the Internet in under an hour and get a list of every RDP, database, and abandoned web server out there. Because attackers can find exposed assets quickly, it’s important for organizations to reduce their attack surface so there are fewer opportunities for unauthorized entry. At Expanse, we specialize in discovering, and monitoring,  Internet assets for the world’s largest organizations so they can reduce their attack surface and lock down their perimeter.

Most organizations know their security isn’t 100% perfect. And they don’t want another alert or a longer list of assets to manage — they want to see results. That’s why at Expanse, our Mission Operations team works closely with customers to help them operationalize the information they get from the Expanse Platform and measure results over time. Without any software to deploy or configure, the Expanse Platform delivers immediate time-to-value.

To give you a sense of how organizations have defined and measured results with Expanse, check out these three examples of Expanse customers: 

The Fixer

This global pharmaceutical company had a chaotic network when it started its engagement with Expanse. Nearly 250 critical exposures were scattered across its perimeter, core network, cloud hosting providers, and subsidiaries’ networks.

Initially, it was challenging for the Fixer to know where to start given uncertainty in asset ownership and reluctance to change. Expanse was able to help prioritize low-hanging fruit, such as egregious exposures on core network ranges that were clear violations of policy. After some initial wins, the Fixer became more confident in the data and gained momentum by expanding to other more difficult investigations.

Ultimately, the Fixer was able to get down to zero critical exposures. Moving forward, the organization is planning to tackle certificate hygiene.

The Shrinker

This major financial institution had a comparatively large Internet presence before becoming an Expanse customer. With about 20,000 total IPs and over 1,000 responsive IPs, the Shrinker had a huge number of systems to monitor and secure. 

To start, the Shrinker decided to prioritize decreasing its attack surface area. This would make the organization a smaller target for attackers while simultaneously simplifying asset management, vulnerability management, and patching needs. 

Within months of engaging with Expanse, the Fixer reduced its surface area by over 85%.

The Sentinel

This Fortune 10 retailer leveraged Expanse during a massive clean-up effort in 2017, eventually reducing its critical exposures to close to zero. But the work didn’t stop there. The company created policies and SLAs so that when new exposures occurred, they would be identified, assessed, and remediated within hours or days.

And it’s a good thing the Sentinel did. Organizational churn, changes in their network, and the inevitable rogue developer in AWS routinely exposing a new asset. But with Expanse, these small blips are stamped out, instead of building up into a huge list of exposures seen at many other organizations. Security isn’t ever complete; companies like the Sentinel continue to stand guard over their networks to quickly identify and remediate new vulnerabilities.

All three of these customers saw meaningful and measurable improvements in their security posture and IT operations processes with Expanse. With global, continuous monitoring of their Internet assets and exposures on those assets, they could drive change to make their organizations more secure and efficient.

Want to learn more about how Expanse can help your organization? Contact us today to schedule a demo.