• slide
  • slide


Expanse shows you a complete, real-time view of all your Internet assets and what's talking to them.

Expanse is a SaaS company that continuously discovers, tracks, and monitors the dynamic global Internet Edge for the world’s largest organizations. In addition, Expanse is the first company to deliver off-premise analysis of network edge communications to identify customer systems that are making risky connections to out-of-policy services on the public Internet.

  • Deploy immediately: Expanse is a DISA approved agent-less SaaS solution available via DoD CIO Enterprise Software Initiative BPA
  • Identify high-value “edge case” risks, such as shadow IT in cloud hosting and risky or out-of-policy communications with external IP addresses and assets on the Internet
  • Receive global alerts to customer-specific accidental connections of sensitive IT, OT, and IOT devices to the public Internet, whether they occur at headquarter, at remote locations, or in commercial cloud hosting environments
  • Generate intelligence in support of proactive defensive cyber operations with Threat Hunt “as a service” data sources and analytics.
  • Remotely verify IT policy compliance of contractors, and key suppliers for supply chain risk mitigation


  • Edge Expander

    Edge Expander discovers all of your public-facing network edge assets, understands where they are and what risks they pose, and tracks successful remediation of their edge exposures. This provides an accurate, real-time picture of customers’ dynamic, global network footprint. Edge Expander combines mapping across IPv4-wide active sensing (port scan) data with global DNS, all registration records, and CDN data. Edge Expander data sources are “best-of-breed” to deliver a current, accurate, and complete knowledge of the customer’s global attack surface.

  • Edge Behavior

    Edge Behavior provides instant analysis of your network edge communications. Discover hidden communication in network edge flow data without the burdens of collection or costly infrastructure. Edge Behavior cuts through massive amounts of flow data noise to identify systems that are making risky connections to out-of-policy services like Tor and BitTorrent. It sees communications to C&C servers—even through obfuscated access points. Behavior shows you where your network policy gaps are and helps you keep them closed.

  • Threat Hunt

    Investigate potentially malicious network behaviors beyond your firewall.

    Expanse provides rapid analytical support to defensive threat hunt and incident response missions, producing actionable leads based on minimal initial indicators of compromise or digital signatures. We start with trace evidence – even a solitary fact – and build associations between that evidence and all other Expanse data across the global Internet. This includes device identity, configuration, and related flows.

    Threat Hunt assistance includes:

    • Enumeration of all assets on the public Internet that share digital signatures similar to the indicators of compromise (IOCs)
    • Discovery of communications between intrusion set assets, as well as with potential command and control (C2) nodes
    • Identification of attempted communications between intrusion set assets and those on your network
    • Multi-hop enumeration of an intrusion set’s campaign infrastructure
    • Surfacing signatures of new intrusion sets that may have been previously unknown
  • Strategic Supplier Diligence

    Protect your supply chain, weapons systems, Programs of Record, and strategic industry partners.

    Federal department and agencies are partnering with strategic suppliers without having full visibility into the supplier’s transitive cybersecurity risks. A Strategic Supplier Diligence assessment from Expanse can ensure that federal operational, policy, and compliance leaders have an accurate and current understanding of their strategic industry partners, context behind evaluations of supplier security and their specific risks, an improved security ecosystem through escalation of identified security risks with the suppliers, and complete visibility into the organization’s Internet Edge.

    Strategic Supplier Diligence reports illuminate:

    • Strategic supplier network mapping to identify all IP addresses, domains, and certificates attributable to your suppliers
    • The number of critical exposures across your strategic supplier’s network
    • The types and characteristics of those exposures, including which are riskiest
    • Flow analysis to identify risky policy violations, such as unencrypted communications with your strategic suppliers



GSA Schedule 70

Dec 20, 2011- Dec 19, 2021


May 01, 2015- Apr 30, 2025

Department of Defense ESI BPA Contract #N66001-18-A-0010

May 17, 2018- May 16, 2023


Massachusetts Higher Education Consortium (MHEC)

Aug 10, 2019- Jun 30, 2022


Archived Events


Latest News

Qadium, the first company to provide real-time discovery of customers' assets across the entire global Internet, today introduced the first product for detection of malicious network traffic from ...
October 25, 2018
We’re excited to announce that Qadium has become Expanse! We changed our name to better reflect our identity and priorities. “Expanse” communicates the idea of a massive area that is exciting to ...
Carahsoft Technology Corp., The Trusted Government IT Solutions Provider™, today announced that the U.S. Department of Defense (DoD) has awarded Carahsoft an enterprise-wide blanket purchasing ...
CEO Tim Junio started at the CIA, and Qadium began as an R&D lab for government projects.
Qadium, the first automated global Internet intelligence company, announced today that it has raised $40 million USD in Series B funding led by IVP. IVP is joined by new investor TPG ...
Qadium, a Peter Thiel-backed cybersecurity start-up from San Francisco, has raised a Series B of $40 million, as it expands its product that CEO and ex-CIA analyst Tim Junio claims can index almost ...



This white paper is intended to inform the upcoming Cybersecurity Maturity Model Certification (CMMC) domains for companies certifying at Level 4 or Level 5 by defining mature practices in asset management and continuous monitoring. Read More...


Threat actors have gotten smarter. They’re probing attack surfaces using an integrated operational approach including: sophisticated scanning technologies, weaponized vulnerabilities, automation, and commodity cloud infrastructure. They’re operating faster than your command decision-making p...

Product Brief

Expanse Edge Expander provides IT security teams with a continuously updated view of their Internet Edge and its exposures so they can be tracked and remediated to reduce risk, prevent data breaches, and stop ransomware attacks.

Edge Behavior dynamically analyzes communications across the global Internet to detect and stop risky and out-of-policy activities on your Internet Edge before they can be exploited, without the need for installation or configuration.


The webinar explored the strategic weaknesses inherent to the DIB’s cybersecurity posture and how DoD is taking assertive action to position cybersecurity as a cornerstone of future supplier sourcing decisions.

Matt Kraning is the CTO of Expanse, and in today’s show he describes the process by which Expanse maps the Internet.

Expanse continuously discovers, tracks, and monitors the dynamic global Internet edge for the world’s largest organizations.

Solutions Brief

Organizations face a non-stop onslaught of challenges posed by an increasing number of threats across their Internet Edge. As the severity and frequency of attacks increase unchecked, threat hunting has gained acceptance as a proactive approach to mitigating risk. Threat hunting is an important func...

The first item on both the CIS Controls and the NIST Cybersecurity Framework is a not-so-simple task: Identify your assets. Knowing your network is the most foundational step in building a secure organization, but many organizations overlook important edge cases and even mundane events that lead to ...

Solutions Brief
Bring Whole-Internet Visibility to Security and IT Ops