The company partnered with Xpanse to tackle this challenge head-on. The company began using Xpanse Expander to discover, monitor, and track all of its internet-connected assets, including IP addresses, domains, and certificates. It also uses Xpanse Behavior to monitor for any risky or out-of-policy communications, like banned communications to Office of Foreign Assets Control-designated countries, cryptocurrency mining, and use of Tor, or peer-to-peer sharing services. When the security team gets an alert from Behavior, they are able to remediate the issue almost immediately and put systemic changes in place that would prevent the problematic behavior from surfacing again in the same place.
Using Expander’s cloud module, the security team discovered a previously unknown system that exposed a remote desktop protocol server on the public internet. The RDP server in question connected to automatic blinds at the headquarters building of an acquired company. The Fortune 100 financial services company had taken ownership of the building during the acquisition, but due to the complex financial terms of the deal, it was prevented from getting global visibility into all building subsystems, even post-acquisition.
Building control systems are common attack vectors because they often aren’t under active management by IT or IT security teams, but rather by facilities or operations teams that routinely lack cybersecurity expertise. The discovery of this RDP exposure was only possible because of Xpanse’s internet-wide visibility and ability to correctly attribute internet-facing assets back to the company.
Apart from this RDP exposure, the company has remediated more than 20 critical exposures with the help of Xpanse, including 16 audio and video teleconferencing systems, and eliminated or replaced hundreds of non-compliant certificates in its internet-facing infrastructure. The company has also reduced the number of its publicly accessible services on the internet from more than 1,200 to 175, greatly reducing its overall attack surface. With a significantly smaller attack surface and automatic discovery and monitoring of new internet-connected assets and exposures, the company is able to carry forward its mission of delivering the best possible financial products and services to customers.
To learn more about Cortex® Xpanse™, visit
paloaltonetworks.com/cortex/cortex-xpanse.