Over the past decade, IT processes have become increasingly decentralized at most organizations. Because the control of Internet-connected assets is so dispersed, it’s an ongoing challenge for organizations to appropriately manage asset lifecycles and monitor for exposures. Few things have contributed to the decentralization of IT — and the asset management challenges that come with it — more than the rise of the cloud.
At Expanse, we’ve seen first hand how many organizations struggle to get visibility into their cloud assets. And this challenge is increasingly being recognized by industry leaders. At Interop 2019, Expanse was proud to have our Cloud Module be given the “Best of Interop” award for both the Cloud and Security categories, demonstrating the importance of cloud asset visibility and management for organizations today.
A Solid Asset Inventory is the Foundation of All Other Processes
IT operations teams continue to be the groups responsible for maintaining asset lists. These are the same lists your security org uses as the foundation for what needs to be secured and monitored. But unfortunately, digital and ephemeral entities like IP addresses, domains, and certificates often aren’t considered assets and aren’t monitored and secured. But these assets also have lifecycles that organizations need to manage.
Your information security team cannot protect your organization without a complete understanding of what needs to be protected. Often, the assets that pose the highest risk are the ones that you don’t know about. Malicious actors are constantly scanning the Internet for vulnerable assets that aren’t under management. If you don’t have full visibility into all of your Internet assets, you are at risk.
By automating the discovery and monitoring of Internet-connected assets on-prem and in the cloud, IT operations and security teams can have confidence that they’re operating off of an accurate and up-to-date inventory of what needs to be managed and protected.
Cloud Continues to Be a Blind Spot
Legacy solutions aren’t looking for exposures and assets outside of known assets and accounts, and that becomes a serious problem when you consider the ephemerality of the cloud. You can’t protect what you don’t know about, and most organizations don’t know about all of their cloud assets.
Expanse, on the other hand, finds assets across all cloud accounts — both known and unknown — belonging to an organization. This capability is what led to our awards at Interop 2019. With our Cloud Module, we give you critical visibility into your cloud infrastructure so you can eliminate exposures and reduce shadow IaaS.
The following are examples of how the Expander Cloud Module has helped some of the world’s largest organizations improve their security posture in the cloud:
- A Fortune 100 information technology company had corporate policies that required company assets to be hosted within three approved cloud providers. The Expander Cloud Module showed them assets across more than 10.
- Another Fortune 100 information technology company discovered an internal development environment that was publicly accessible through the Expander Cloud Module module. It was backed by a self-signed certificate, signed by a remote developer at the company.
- For a large financial services organization in Australia, Expanse identified more than double the number of assets that they were already tracking in their known AWS accounts, helping them bring their unknown assets into known, monitored cloud accounts.
- A Fortune 500 commercial real estate company used the Expander Cloud Module to identify a development database server publicly exposed in cloud IP space, outside of the corporate cloud. This development environment was running multiple services, including critical remote access protocols (RDP).
If your organization is implementing a cloud risk or cloud governance program, Expanse can help ensure that you have the visibility into your true cloud infrastructure, including unknown and unsanctioned assets.