* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Prevent Critical Exposure...

# Prevent Critical Exposures for Employees on Unsecure Remote Networks Using ASM for Remote Workers Coverage

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fattack-surface-management-for-remote-workers%2F)  
[](https://twitter.com/share?text=Prevent+Critical+Exposures+for+Employees+on+Unsecure+Remote+Networks+Using+ASM+for+Remote+Workers+Coverage&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fattack-surface-management-for-remote-workers%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fattack-surface-management-for-remote-workers%2F&title=Prevent+Critical+Exposures+for+Employees+on+Unsecure+Remote+Networks+Using+ASM+for+Remote+Workers+Coverage&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/attack-surface-management-for-remote-workers/&ts=markdown)  
\[\](mailto:?subject=Prevent Critical Exposures for Employees on Unsecure Remote Networks Using ASM for Remote Workers Coverage)  
Link copied  
By [Abhishek Anbazhagan](https://www.paloaltonetworks.com/blog/author/abhishek-anbazhagan/?ts=markdown "Posts by Abhishek Anbazhagan")  
Oct 29, 2021  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[remote access VPN](https://www.paloaltonetworks.com/blog/tag/remote-access-vpn/?ts=markdown)  
[remote workers](https://www.paloaltonetworks.com/blog/tag/remote-workers/?ts=markdown)  
[VPN](https://www.paloaltonetworks.com/blog/tag/vpn/?ts=markdown)

Today, we are announcing ASM for Remote Workers coverage. Customers can now combine Cortex® Xpanse™ provided outside-in view with Cortex® XDR inside-out view to help secure their remote workers operating in vulnerable networks. Starting today, all customers of Palo Alto Networks using both Cortex Xpanse and Cortex XDR can gain deeper visibility in the vulnerabilities and misconfigurations of their remote worker environments.

### The Problem

The number of remote workers has skyrocketed over the past two years, and a larger percentage of workers being remote is the new normal. Unfortunately for IT professionals, this means more workers outside of the safety of the company network. Wherever your remote workers are---at home, a co-working space, or a coffee shop---can you be sure their devices are secure?

What about your critical employees? Your VP of Finance working with sensitive financial information, or your teams working with critical customer information? Do you know if they are connecting using routers with known vulnerabilities? Do you dynamically alter their access controls using policies based on where they are working from or are they still under the same generous access policies as though they were on your office network?

Organizations have limited visibility into the security of their employee's networks. This creates a gap in any [attack surface management](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management.html) plan because your Security Operations Center doesn't know how secure the network is for remote workers, whether there are unknown exposures, or critical issues accessible from the public internet.

Regardless of the security protocols in place, risks can arise from simple carelessness like working from an insecure network without a VPN, risks a worker wouldn't expect like an ISP leaving Telnet open for troubleshooting, or accidental misconfigurations. Without visibility into these exposures on corporate devices or remote networks, employees could be at risk to compromise, [including ransomware](https://www.paloaltonetworks.com/blog/2021/07/diagnosing-the-ransomware-deployment-protocol/).

Traditional endpoint solutions may be unable to help because they can't provide the visibility needed to identify external risks and exposures. [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse) helps organizations discover critical issues that could impact remote workers anywhere, whether they are located in the office, at home, or on the go, by integrating with [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr).

### The Solution

Cortex XDR can give you the critical inside-out perspective into remote employees, while Xpanse provides the outside-in view into the environments in which these endpoints operate. With this integration, Xpanse provides organizations an attacker's view of their remote worker's environment, so your Security Operations Center can secure a remote workforce no matter where they are.

Xpanse is an automated Attack Surface Management platform that continuously discovers and monitors assets across the entire internet to help ensure your security operations team has no exposure blind spots. Xpanse scans all 4.3 billion addresses of IPv4 space multiple times per day to build a comprehensive map of all internet-facing assets. This data provides the visibility to allow organizations to monitor and discover risks in remote work environments and ensure that insecure remote network configurations aren't opening up new risks.

As of Cortex XDR v3.0, Xpanse can now ingest Cortex XDR endpoint data for assets that have a public IP address and have been seen in the last 48 hours to identify remote workforce devices associated with your organization. All of the networks that your Cortex XDR devices are connected to will be visible and categorized, and Xpanse will even help you identify your endpoints that aren't protected by Cortex XDR.

### What is ASM for Remote Workers?

It is an API integration between Cortex Xpanse and Cortex XDR that combines an organization's endpoint details collected by Cortex XDR with public asset information discovered by Xpanse, allowing organizations to effectively identify and alert on security issues on their remote worker's systems and network environments.

This data will be cross-referenced with Xpanse's global scan data to identify risky issues and services running on the networks where your employees are located. Cortex XDR gives you internal insight into what's running on those devices while Xpanse gives you the external perspective and identifies what's exposed to the internet.

With out-of-the-box integrations with Cortex XSOAR and Cortex XDR, risks discovered by Xpanse can be remediated either directly on the device via Cortex XDR, via network configurations, or Xpanse can also send the data to Cortex XSOAR for further investigation and remediation.

The combination of Cortex XDR and Cortex Xpanse creates a solution in the market that can monitor your remote workers regardless of the network they are on because we combine Xpanse's ASM data with XDR's endpoint data. It allows organizations to monitor whether critical employees are using vulnerable or misconfigured hardware to connect to the internet, and it provides an attacker's view into misconfigurations and risks in a remote worker's environment.

### Outcomes from Early Adopters

One of the early adopters of this ASM for Remote Workers was a large financial services firm based in the US. Using data from a few endpoint solutions, Xpanse was able to provide the customer visibility into critical vulnerabilities in their remote worker's home network that they were previously unaware of.

During the period, the ASM for Remote Worker coverage found 56 open RDP servers which were accessible through the public internet and hence, susceptible to ransomware attacks. Xpanse also discovered 171 Telnet servers and over 1,000 unencrypted login pages exposed on employee-owned networks which could be compromised to execute a man-in-the-middle attack to steal the remote worker's credentials.

With the visibility provided by the ASM for Remote Workers coverage, the organization was able to prioritize these issues to remediate them and also educate its users about the insecurities in their networks and how they can secure them.

### Learn More

If you want to learn more about Cortex Xpanse and Cortex XDR, [download the whitepaper](https://www.paloaltonetworks.com/resources/techbriefs/asm-coverage-for-remote-with-cortex-xpanse-and-cortex-xdr.html).

*** ** * ** ***

## Related Blogs

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Enhancing Critical Risk Detection with Cortex Xpanse Attack Surface Rules](https://www2.paloaltonetworks.com/blog/security-operations/enhancing-critical-risk-detection-with-cortex-xpanse-attack-surface-rules/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Discover your WordPress Plugin Backdoor Exposures with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/discover-your-wordpress-plugin-backdoor-exposures-with-cortex-xpanse/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### How Palo Alto Networks Cortex Helps Federal Agencies Comply with CISA's Binding Operational Directive 23-01](https://www2.paloaltonetworks.com/blog/security-operations/how-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's Next in Cortex: New Innovations for Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-new-innovations-for-security-operations/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Get Ahead of Chrome Changes with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/get-ahead-of-chrome-changes-with-cortex-xpanse/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language