New cloud services spin up daily, and many outside the view of security teams. While this accelerates innovation, it creates a growing number of internet-exposed assets and services that attackers can easily find—and exploit.

To close these visibility gaps, we’re introducing Cloud Attack Surface Management (ASM) as part of Cortex Cloud. Before diving into the technology, let’s look at why ASM is needed to secure the modern cloud.

What Attackers Know That You Don’t

Cloud environments don’t stand still. Teams regularly deploy new services, scale infrastructure, and adopt new tools—all of which reshape the external attack surface in real time. With each change, new exposures can slip through unnoticed.

According to the 2024 Unit 42 Attack Surface Threat Report, organizations add or update more than 300 cloud services every month. These new services alone are responsible for nearly a third of all high- or critical-severity cloud exposures.

Attackers move just as fast, scanning the entire IPv4 space in minutes for exposed vulnerabilities. Once inside, they often exfiltrate data within a single day. Many of these breaches begin with systems no one realized were publicly accessible.

Organizations have embraced cloud-native application protection platforms (CNAPP) to secure their clouds, but CNAPPs only protect the cloud environments they’re connected to. Anything outside that scope, like shadow cloud assets, remains invisible to security teams, opening blind spots that attackers can exploit.

Cortex Cloud for Attack Surface Management

Today, we’re introducing Cortex Cloud ASM to uncover the attack surface other CNAPPs miss with proven outside-in visibility from Cortex Xpanse, the world’s #1 ASM solution. It enables security teams to discover and secure internet-exposed cloud assets to reduce the external attack surface.

Unlike siloed tools, Cortex Cloud combines the internal visibility of a CNAPP with external attack surface intelligence, giving teams the visibility and confidence they need to secure their external cloud footprint.

Eliminate Cloud Blind Spots

Cortex Cloud continuously scans the internet across all 65,535 network ports using a CFAA-compliant engine that avoids intrusive behavior. Each scan uses purpose-built payloads—not penetration testing—to detect externally exposed assets, services and web applications across cloud environments.

Cortex Cloud automatically maps assets to your organization with precision using AI-driven attribution. It actively correlates internet scan observations with domain registration records, DNS data and SSL certificates to link each asset back to your environment, even when deployed outside of sanctioned processes.

Once it discovers an asset, Cortex Cloud adds it to an inventory of unmanaged cloud services actively running in your environment. Identified from an external attacker’s perspective, the unmanaged services might include VMs, storage buckets, databases, load balancers, serverless functions, identity services, APIs and other publicly accessible infrastructure across AWS, Azure and GCP. Though often operate outside the visibility of traditional tools, the assets become trackable, attributable and actionable with Cortex Cloud.

Prioritize Critical Exposures

Cortex Cloud ASM continuously detects and validates exposure risks across both managed and unmanaged assets. With over 800 built-in rules, it detects internet-facing vulnerabilities, misconfigurations and other exposures, helping security teams focus on real issues that increase their external attack surface.

Cloud ASM performs daily scanning using protocol-validated techniques. Every finding includes rich context such as IP address, port, certificate metadata, DNS records and cloud ownership—enabling security teams to assess and respond quickly.

Drive Attack Surface Reduction with Context

Cortex Cloud combines the inside-out configuration analysis of a CNAPP with the outside-in exposure validation of an ASM solution.

By linking externally exposed assets to internal context such as misconfigurations, entitlements and potential lateral movement paths, security teams gain the clarity needed to understand which exposures pose the most severe risk. Cloud ASM also verifies known exposures detected by Cortex Cloud’s network analysis engine, giving security teams high confidence insights.

By integrating ASM capabilities into a CNAPP, Cortex Cloud helps organizations cut through noise to focus on high-impact exposures and attack paths before they are exploited.

Experience Cloud ASM

Cortex Cloud is the first CNAPP to deliver ASM capabilities, helping organizations discover and protect their cloud’s internet attack surface.

Want to see Cortex Cloud ASM in action? Try our self-paced product tour to get firsthand experience. If you’re ready to speak to an expert about how Cortex Cloud can help your organization, then request a personalized demo.