2 min

Cortex Xpanse Active ASM is generally available. The solution helps find and resolve vulnerabilities in internet-facing systems.

Cortex Xpanse Active Attack Surface Management (ASM) assesses a network from a hacker’s perspective. The solution finds vulnerabilities in internet-facing systems, which can be exploited without internal network access.

“Attackers use frequent, automated probes to find vulnerable and exposed assets”, Palo Alto Networks said. “Organizations need tools that allow them to have the same visibility.”

Cortex Xpanse Active ASM

Cortex Xpanse Active ASM provides detection and response with three components. The first is monitoring. The solution finds vulnerabilities with an outside-in assessment. Vulnerabilities are included in a clear report. Any system added to the network after the solution’s deployment is automatically recognized and scanned.

The second component is prioritization. The solution sorts vulnerabilities in order of severity. This is a welcome addition, as organizations are rarely capable of addressing all vulnerabilities in the short term.

The third component is remediation. The solution helps automatically eliminate found vulnerabilities. So-called ‘playbooks’ consist of actions that are automatically performed when the solution discovers a vulnerability. Think of adjusting an unsecured RDP server or OpenSSH instance.


Cortex Xpanse Active ASM is now generally available. Palo Alto Networks recently announced that the US Department of Defense has purchased the solution for the coming three years.

“Organizations need an active defence system that operates faster than attackers can”, said Matt Kraning, CTO of Cortex at Palo Alto Networks. “With Xpanse Active ASM, we give defenders the ability not only to see their exposures instantly but also to shut them down automatically with no human labour required.”

Tip: Qualys expands with external attack surface management