* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Attack Surface Lessons wi...

# Attack Surface Lessons with Expanse - Know Your Asset Inventory

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fknow-your-inventory%2F)  
[](https://twitter.com/share?text=Attack+Surface+Lessons+with+Expanse+-+Know+Your+Asset+Inventory&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fknow-your-inventory%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fknow-your-inventory%2F&title=Attack+Surface+Lessons+with+Expanse+-+Know+Your+Asset+Inventory&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/know-your-inventory/&ts=markdown)  
\[\](mailto:?subject=Attack Surface Lessons with Expanse - Know Your Asset Inventory)  
Link copied  
By [Kane Lightowler](https://www.paloaltonetworks.com/blog/author/kane-lightowler/?ts=markdown "Posts by Kane Lightowler")  
Mar 01, 2021  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)  
[Asset Inventory](https://www.paloaltonetworks.com/blog/tag/asset-inventory/?ts=markdown)  
[Attack Surface](https://www.paloaltonetworks.com/blog/tag/attack-surface/?ts=markdown)  
[CISO](https://www.paloaltonetworks.com/blog/tag/ciso/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[Expanse](https://www.paloaltonetworks.com/blog/tag/expanse/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)

*Editor's note: Expanse has since been rebranded as Cortex Xpanse.*

In the supply chain discipline, inventory management has long been studied and optimized. Countless books, websites, and business school classes have been devoted to the art of inventory management. Yet, in information technology and security, inventory management remains elusive.

Case in point, one Expanse customer, a CISO, explained that having a complete and accurate inventory or "system of record" is the foundation of any security program. We've heard this statement repeated by security leaders across organizations of all shapes and sizes. "You can't protect what you can't see" comes to mind and in 2020, this became a huge problem for technology and security teams. As a result of COVID-19, digital transformation within organizations has moved to light speed. Organizations' assets have rapidly moved externally, become fragmented, and in many cases ephemeral.

A recent Gartner report summarizes the trend:

Most businesses have complex interconnections of servers, cloud instances, desktops, laptops, mobile devices, Internet of Things (IoT) and more. These assets are dynamic, seemingly borderless, and continuously moving and growing. As this footprint increases, so does the organization's threat exposure. Maintaining asset inventory is fundamental to any robust cybersecurity program and being cognizant of this inventory is fundamental to a vulnerability management program.

(Source: \*The Essential Elements of Effective Vulnerability Management,\*October 2020)

Let's explore the inventory problem in more depth. The enterprise shift from inside to outside has been driven by a set of rapid digital transformations, presenting unique opportunities and challenges:

* **Cloud**: At first, cloud adoption was driven by cost savings. However, with a pandemic, the cloud now brings accessibility. Whatever the driver, try walking into a physical data center these days.
* **Mobility**: With remote work, many enterprise assets are not set up for secure remote work, as laptops at home are often connected via insecure home routers potentially exposing corporate communications, data and more.
* **Website sprawl**: Many organizations have websites deployed across many hosting providers. How do you see and maintain them all? How can you ensure they conform to compliance and security standards?
* **Supply chain** : With the continued attacks against the supply chain, like the[SolarStorm attack](https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/), and the onset of[CMMC](https://www.acq.osd.mil/cmmc/) and[Section 889](https://acquisition.gov/FAR-Case-2019-009/889_Part_B), the importance of supply chain security has garnered significant attention this past year. Whether it is jointly owned, managed assets, or infrastructure wholly managed by a third party, many enterprises suddenly have to understand a completely foreign universe.
* \*\*Governance:\*\*Security teams need to develop governance standards and policies around all assets, even those they can't see.

There is one more thing to add into the mix. What are malicious actors doing? Take VPN as an example. Threat actors actively scan for issues. In fact, there have been [reports](https://us-cert.cisa.gov/ncas/current-activity/2020/09/15/iran-based-threat-actor-exploits-vpn-vulnerabilities) coming from the U.S. government [highlighting](https://us-cert.cisa.gov/ncas/alerts/aa20-107a) how nation-state threat actors exploit the VPN vector. Even ransomware gangs are exploiting vulnerable VPN infrastructure and RDP exposures to distribute their malware to exposed workstations. Our own research shows that attacks correlate with external exposures as well.

In security terms, this boils down to a CISO's worst nightmare, **an ephemeral attack surface**. Worse, the rate of flux for this attack surface is driven by cloud workloads being spun up and down, remote employees traversing networks with variable protection, and shadow IT. Protection remains elusive. As CISOs tell us, the rapid rate of change means that even organizations with mature vulnerability management programs can only identify around 80 percent of their attack surface. This situation leaves security teams struggling to answer "Where are my assets?" never-mind even asking, "How do I secure my assets?" In an increasingly common scenario, CISOs face going before the Board of Directors after a breach occurs and have to say, "I didn't know about that asset."

Here are some sample assets we've seen:

* An internal development environment that was publicly accessible. It was backed by a self-signed certificate, signed by a remote developer at the company.
* A development database server publicly exposed in cloud IP space, outside of the corporate cloud. This development environment was running multiple services, including critical remote access protocols (RDP).
* Multiple RDP exposures in cloud and consumer dynamic IP space.
* A firm allowed unauthenticated access and control to over hundreds of building subsystems, including security door locks, fire suppression systems, and power to multi-hundred ton physical power and cooling systems.
* The administrative interface for an actively used records management system exposed on the public internet.

So what is the prescription? Today, most major compliance mandates require a basic step one: asset inventory. In today's fast moving environment, this starts with the recognition that you have to look for externally facing assets and that you can see, at best, 80% of what you actually have. This requires first understanding what you have exposed externally by building a complete external asset inventory including:

* Devices including IoT and new remote work from home assets which often lack sufficient network security protection;
* Cloud infrastructure that is being spun up and down at a rapid rate;
* Third party and supply chain risk; and
* Certificates, IP addresses, risky services, and risky communications.

Inventory management has been a deeply studied area in supply chain management which teaches some valuable lessons for cybersecurity. As one noted supply chain expert put it, "'You can't improve what you can't measure' exemplifies the backbone of a sound inventory management system." Only with cybersecurity, the equivalent is: you can't secure what you can't see.

You can learn more through our white paper [here](https://go.expanse.co/WP_Attack_Surface-LP.html) about how to defend your attack surface by continuously discovering, tracking, and managing assets.

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### A CXO's Guide to Attack Surface Management](https://www2.paloaltonetworks.com/blog/security-operations/a-cxos-guide-to-attack-surface-management/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Why Do Our Adversaries Prey on Years-Old Vulnerabilities? Because You Let Them](https://www2.paloaltonetworks.com/blog/security-operations/why-do-our-adversaries-prey-on-years-old-vulnerabilities-because-you-let-them/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Discover your WS\_FTP Exposures with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/discover-your-ws_ftp-exposures-with-cortex-xpanse/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Discover Your GitLab Exposures with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/discover-your-gitlab-exposures-with-cortex-xpanse/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Enable Proactive Incident Response With Adaptive Risk Scoring](https://www2.paloaltonetworks.com/blog/security-operations/enable-proactive-incident-response-with-adaptive-risk-scoring/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Rage Against the (IP Enabled) Machines: Using Attack Surface Management to Discover Exposed OT and ICS Systems](https://www2.paloaltonetworks.com/blog/security-operations/rage-against-the-ip-enabled-machines-using-attack-surface-management-to-discover-exposed-ot-and-ics-systems/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language