Services to secure your global Internet attack surface.

Services from Expanse provide proven methodology, expertise, tools, and education to help ensure your organization’s success. Your Technical Account Manager, backed by Expanse Cyber Risk Analysts and Data Scientists, help you continually realize business value from your investment and reduce the risk of your global Internet attack surface.

Expanse provides rapid analytical support to defensive threat hunt and incident response missions, producing actionable leads based on minimal initial indicators of compromise or digital signatures. We start with trace evidence–even a single fact–and build associations between that evidence and all other Expanse data across the global Internet. This includes device identity, configuration, and related flows.

Threat Hunt assistance includes:

  • Enumeration of all assets on the public Internet that share digital signatures similar to the indicators of compromise (IOCs)
  • Discovery of communications between intrusion set assets, as well as with potential command and control (C2) nodes
  • Identification of attempted communications between intrusion set assets and those on your network
  • Multi-hop enumeration of an intrusion set’s campaign infrastructure
  • Surfacing of new intrusion set signatures that may have been previously unknown
Sample Multi-Hop Flow Analysis

Exposures are prioritized depending on what part of an organization they fall under. For example, a core asset communicating with a potential command and control (C2) node is higher priority than an unmanaged asset. Understanding how assets map to an organization is critical for identifying ownership, leading investigations, and shortening exposure windows. Expanse provides asset context so that customers can understand their highest priority exposures and remediate them efficiently.

IP Address Business Mapping provides context:

  • IP addresses are validated as organizationally-owned assets
  • IP addresses are classified by organizational unit
  • The point of contact responsible for each IP address is identified
Classification of Sample Customer IP Ranges

Companies are targeting acquisitions without having full visibility into the target’s assets to be integrated into their security ecosystems and the risks they’re acquiring as a result. An M&A Diligence report from Expanse can ensure your company is paying the right price, IT is allocating enough resources for integration efforts, and Compliance and M&A Security are accounting for all risks they’re subsuming.

M&A Diligence reports uncover:

  • Subsidiary network mapping, including identification of all IP addresses, domains, and certificates attributable to the subsidiary
  • The number of assets the subsidiary’s IT team did not know about
  • The number of critical exposures across the subsidiary’s network
  • The types and characteristics of those exposures, including those that are most risky
  • Compliance with your company’s IT policies
Sample Customer exposures over time

Companies are partnering with strategic suppliers without having full visibility into the supplier’s risks. A Strategic Supplier Diligence assessment from Expanse can ensure that CISOs and compliance leaders have an accurate and current understanding of their strategic business partners, context behind evaluations of supplier security and their specific risks, an improved security ecosystem through escalation of identified security risks with the suppliers, and complete visibility into the organization’s Internet Edge.

Strategic Supplier Diligence reports illuminate:

  • Strategic supplier network mapping to identify all IP addresses, domains, and certificates attributable to your suppliers
  • The number of critical exposures across your strategic supplier’s network
  • The types and characteristics of those exposures, including which are riskiest
  • Flow analysis to identify risky policy violations, such as unencrypted communications with your strategic suppliers
Number of cloud assets exposed by hosting provider

Companies are unsuccessfully divesting subsidiaries, and the result is that assets are still commingled and present ongoing security, brand, and legal risks. A Divestiture Diligence report ensures that IT is properly divesting assets.

Divestiture Diligence reports include:

  • Divestiture network mapping to identify all IP addresses, domains, and certificates attributed to the divestiture
  • Identification and tracking of divestiture status, including co-mingled items that contain both divested and parent organization assets
  • Flow analysis to determine if systems at the parent company and the divested entity are still regularly communicating when they shouldn’t be
Outstanding assets unsuccessfully divested