It’s one thing to know that you have a lot of Internet assets and that some of them might be vulnerable, but which ones do you tackle first? And how do you reduce false-positives efficiently? The logical answer is to prioritize issues based on criticality and timely exposures.
Expanse recently announced support for asset activeness for Expander, providing significantly more intelligence about critical exposures and issues to prioritize. This feature helps to reduce your attack surface by determining which discovered Internet assets are at greater risk based on their activity over the past 30 days.
Or another way to put it is you can determine if a discovered asset is relevant or not. Oftentimes discovered assets may not pose a risk, as they may not have had any traffic or requests, making it possible to deprioritize them, reducing unnecessary work for your SecOps team and saving valuable time.
Asset activeness includes the following:
- A filter/column for certificates assets if the certificate is advertised in the last 30 days
- A filter/column for domain assets if the domain resolved in last 30 days
- A filter/column for certificate and domain assets if the asset was observed with active services in the last 30 days
The two columns used to filter are “Resolves” and “Has Service”. If the request resolves, it is active, but it may not have a service, making it less relevant.
The detailed asset view includes this data, along with a link from to related exposures (seen in the second screenshot below).
To learn more about ways to leverage this new feature and many others to make prioritization more effective, please schedule a demo.