Expanse for AWS Lets Users Secure Cloud-Facing Assets with Attack Surface Management

Expanse has optimized its attack surface management solution for Amazon Web Services. Expanse for AWS deploys automatically to provide full visibility into their public-facing cloud assets to limit unsanctioned accounts.

Tags: AWS, cloud, Expanse, IaaS, infrastructure, PaaS, security, visibility,

Expanse has optimized its attack surface management solution for Amazon Web Services. The new service provides customers full visibility into their public-facing cloud assets to limit unsanctioned accounts.


Expanse for AWS deploys automatically with no agents or installation required to continuously identify new cloud instances on a daily basis. Within moments of deployment, enterprises will see a full manifest of all sanctioned and non-sanctioned publicly facing cloud assets.


“Expanse's cumulative customer base represents more than 10% of the total Internet, giving unparalleled visibility into how cloud instances in the enterprise change in real-time,” said Tom Barsi, VP of Business Development at Expanse. “Today, the average enterprise uses more than five different cloud providers -- many unsanctioned. With our rogue cloud discovery and attribution capabilities, security and IT teams have a proven way to identify shadow cloud instances and streamline cloud deployment.”



Among Expanses features and benefits for AWS users are:

  • Full visibility into all public-facing cloud assets: Expanse establishes a centralized, continuously updating inventory of an organization’s entire cloud footprint regardless of provider.
  • Discovery of all rogue AWS assets: Daily alerting of any rogue development hosting company assets outside of sanctioned AWS accounts.
  • Consolidation of full cloud footprint: Migrate assets that are in random cloud providers to those sanctioned by corporate cloud governance policies.

With Expanse, security and IT teams get a complete and accurate list of an organization’s global internet-facing assets, enabling organizations to continuously discover, evaluate, and mitigate their external attack surface.


The release of Expanse for AWS comes as Expanse research found “enterprises are moving to the cloud fast, often unplanned and with little visibility.”


In specific, the company found on average, companies add 3.5 new publicly accessible cloud services per day – more than 20 per week or 1,300 per year. The company noted that these raw figures only account for ‘net-new’ public cloud services, not updates or redeploys.


In one extreme example, the research uncovered one organization added an astounding 693 new publicly accessible cloud services -- in a single day.


The study led to a simple conclusion: “Tracking an organization’s entire cloud footprint has become increasingly challenging as employees can easily create a rogue cloud instance with a personal credit card and email address.”


An Expanse blog called the challenge of cloud visibility ‘systemic,’ and shared some deeper perspective behind the focus on their solution.

The nature of cloud infrastructure and the changes in how enterprises are operating today have led us to this point. The movement toward agile product development and DevOps — which prizes speed to market above all else — can lead to people developing outside of known, managed systems. And because IaaS and PaaS are built to be self-service for developers, it’s easy for anyone with an email address and a credit card to spin up new infrastructure. These assets are then unknown to security teams and not monitored for adherence to security policies. Many high-profile hacks in recent years have come through these types of rogue infrastructure instances.


Organizational complexities like remote overseas offices, subsidiaries that operate independently, and acquisition events only increase the risk of not knowing and monitoring all of your cloud assets.


One major health insurance provider we spoke with said that every time they acquire a new company, they have to onboard dozens of IaaS accounts, and oftentimes they don’t fully complete this onboarding or integrate information about those accounts and assets into their other security tools.


Meanwhile, cloud responsibility is also often fragmented and spread across multiple security and IT operations teams, making it that much harder to identify and remediate issues quickly.

The rollout of Expanse for AWS coincides with news that Palo Alto Network will acquire Expanse, citing the fact that Expanse's data “provides CISOs with a view of the enterprise from the outside, representing the view an attacker sees as they probe for points of weakness.” 


Palo Alto Networks CEO Nikesh Arora said of the acquisition, "We are thrilled to add the Expanse platform to our Cortex product suite. By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organization's attack surface with an inside view to proactively address all security threats. We believe this will be a game-changer in security operations."