* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/) * Actively Respond to Inter... # Actively Respond to Internet Emergencies with New Active Attack Surface Management Capabilities from Cortex Xpanse [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Factively-respond-to-internet-emergencies-with-new-active-attack-surface-management-capabilities-from-cortex-xpanse%2F) [](https://twitter.com/share?text=Actively+Respond+to+Internet+Emergencies+with+New+Active+Attack+Surface+Management+Capabilities+from+Cortex+Xpanse&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Factively-respond-to-internet-emergencies-with-new-active-attack-surface-management-capabilities-from-cortex-xpanse%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Factively-respond-to-internet-emergencies-with-new-active-attack-surface-management-capabilities-from-cortex-xpanse%2F&title=Actively+Respond+to+Internet+Emergencies+with+New+Active+Attack+Surface+Management+Capabilities+from+Cortex+Xpanse&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/actively-respond-to-internet-emergencies-with-new-active-attack-surface-management-capabilities-from-cortex-xpanse/&ts=markdown) \[\](mailto:?subject=Actively Respond to Internet Emergencies with New Active Attack Surface Management Capabilities from Cortex Xpanse) Link copied By [Abhishek Anbazhagan](https://www.paloaltonetworks.com/blog/author/abhishek-anbazhagan/?ts=markdown "Posts by Abhishek Anbazhagan") Jun 27, 2023 4 minutes [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [Active Response](https://www.paloaltonetworks.com/blog/tag/active-response/?ts=markdown) [Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown) [Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown) [Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown) [Risk Prioritization](https://www.paloaltonetworks.com/blog/tag/risk-prioritization/?ts=markdown) Security teams must tackle new vulnerabilities and exposures while managing their ever-changing and fragmented attack surface. [Our research](https://www.paloaltonetworks.com/blog/security-operations/understanding-drift-in-your-internet-attack-surface/)shows that almost half an organization's attack surface infrastructure changes monthly. In this constantly evolving landscape, identifying critical exposures and prioritizing remediation efforts is exceedingly difficult. This challenge is particularly evident during internet emergencies like [Log4j](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/)and [3CXDesktopApp](https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/) where public-facing exposures may result in a high likelihood of successful exploitation. When an internet emergency arises, organizations divert all of their resources to assess their exposure by looking through outdated asset inventories, manually updated spreadsheets, and other disconnected sources that are neither comprehensive nor current. Meanwhile, attackers begin to look for exposures they can exploit within mere minutes of a CVE announcement. To address this issue, Cortex Xpanse is introducing new capabilities to help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows. These capabilities enable organizations to effectively manage and shrink their overall exposed attack surface. ### **Active Risk Prioritization:** Security teams can instantly respond to internet emergencies with the new Cortex Xpanse Threat Response Center. The Threat Response Center is the first place security teams can look to learn about the latest threats and identify the organization's public-facing exposures. This provides security teams with the visibility and intelligence they need to make informed remediation decisions, such as threat summaries, vulnerability details, and potential exploit consequences if issues are not fixed. ![Figure 1: Details view in the new Threat Response Center](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/word-image-296891-1.png) Figure 1: Details view in the new Threat Response Center Xpanse provides other powerful risk prioritization features to help security teams manage and proactively resolve risks, including: * **Incident Risk Scoring:** Security teams can now use adaptive risk scores based on threat and exploit intelligence to better prioritize and focus efforts on the exposures most likely to be attacked. * **Security Rating Dashboard:** Organizations can assess their security health and hygiene, track risk trends over time, compare their ratings with industry peers, and reduce cyber insurance premiums. ### **AI-assisted Incident Investigation:** Security teams can dramatically reduce their incident investigation timelines using several powerful investigation augmentation features that automatically enrich an incident to aid analysts. Using AI-powered investigation capabilities, organizations can now reduce mean time to respond (MTTR) for over 600+ types of attack surface risks. With AI-powered playbooks and an array of new integrations, Xpanse automatically aggregates relevant context and information to identify service owners and give analysts all the information they need to investigate and remediate an issue in one place. The Active Response module also provides the options for full automated resolution, featuring configurable remediation rules designed to assist organizations in carefully implementing automation to resolve risks without any analyst input. Additional Active Attack Surface Management features are included in the release: * **IPv6 Asset Discovery**: Organizations can gain expanded visibility of internet assets and now discover new IPv6 addresses through domain resolution (AAAA) and monitoring of known IPv6 addresses, related services, and incidents. Along with these powerful risk prioritization and analyst investigation augmentation benefits, Expander 2.2 also brings: * **Integration with Prisma Cloud**: Your organizations now have an automated solution for discovering unknown cloud assets, which can then be monitored in Prisma Cloud for comprehensive cloud attack surface management. * **Public API and Integrations**: Your organization can also enhance your management, visualization, correlation, and alerting experience within your existing SOC workflow by pulling in Xpanse-discovered assets, services, and risks with efficient data retrieval. Embrace active risk prioritization and AI-powered investigation capabilities with Cortex Xpanse, the [industry-leading](https://www.paloaltonetworks.com/blog/security-operations/cortex-xpanse-only-leader-and-outperformer-in-gigaom-radar-asm-evaluation/) Active Attack Surface Management solution from Palo Alto Networks, to protect against known and unknown vulnerabilities. Cortex Xpanse protects over 200 large enterprises and several governmental organizations. To learn more about how you can secure your attack surface, visit [Cortex Xpanse.](https://www.paloaltonetworks.com/cortex/cortex-xpanse) To learn more, join the Xpanse product team for a discussion and demo of these new capabilities. Register for the "[Risk, Curated](https://register.paloaltonetworks.com/risk-curated-xpanse-launch-event?utm_source=LaunchBlog-GTM-global-cortex&utm_medium=social)" webinar to save your spot! *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Get Ahead of Chrome Changes with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/get-ahead-of-chrome-changes-with-cortex-xpanse/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Don't Let Your Ivanti Exposures Go Unpatched](https://www2.paloaltonetworks.com/blog/security-operations/dont-let-your-ivanti-exposures-go-unpatched/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Enable Proactive Incident Response With Adaptive Risk Scoring](https://www2.paloaltonetworks.com/blog/security-operations/enable-proactive-incident-response-with-adaptive-risk-scoring/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Pinpointing Pixels: Using Attack Surface Management to Identify Tracking Code That Violates GDPR](https://www2.paloaltonetworks.com/blog/security-operations/pinpointing-pixels-using-attack-surface-management-to-identify-tracking-code-that-violates-gdpr/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Automate Insecure OpenSSH vulnerability patching in Ubuntu AWS EC2 with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/automate-insecure-openssh-vulnerability-patching-in-ubuntu-aws-ec2-with-cortex-xpanse/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### MOVEit or Lose it: Securing assets from critical MOVEit flaw with Xpanse ASM](https://www2.paloaltonetworks.com/blog/security-operations/moveit-or-lose-it-securing-assets-from-critical-moveit-flaw-with-xpanse-asm/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language