Expanse Solutions for the Public Sector

Edge Expander discovers all of your public-facing network edge assets, understands where they are and what risks they pose, and tracks successful remediation of their edge exposures. This provides an accurate, real-time picture of customers’ dynamic, global network footprint. Edge Expander combines mapping across IPv4-wide active sensing (port scan) data with global DNS, all registration records, and CDN data. Edge Expander data sources are “best-of-breed” to deliver a current, accurate, and complete knowledge of the customer’s global attack surface.

Edge Behavior provides instant analysis of your network edge communications. Discover hidden communication in network edge flow data without the burdens of collection or costly infrastructure. Edge Behavior cuts through massive amounts of flow data noise to identify systems that are making risky connections to out-of-policy services like Tor and BitTorrent. It sees communications to C&C servers—even through obfuscated access points. Behavior shows you where your network policy gaps are and helps you keep them closed.

Investigate potentially malicious network behaviors beyond your firewall.

Expanse provides rapid analytical support to defensive threat hunt and incident response missions, producing actionable leads based on minimal initial indicators of compromise or digital signatures. We start with trace evidence – even a solitary fact – and build associations between that evidence and all other Expanse data across the global Internet. This includes device identity, configuration, and related flows.

Threat Hunt assistance includes:

• Enumeration of all assets on the public Internet that share digital signatures similar to the indicators of compromise (IOCs)
• Discovery of communications between intrusion set assets, as well as with potential command and control (C2) nodes
• Identification of attempted communications between intrusion set assets and those on your network
• Multi-hop enumeration of an intrusion set’s campaign infrastructure
• Surfacing signatures of new intrusion sets that may have been previously unknown

Protect your supply chain, weapons systems, Programs of Record, and strategic industry partners.

Federal department and agencies are partnering with strategic suppliers without having full visibility into the supplier’s transitive cybersecurity risks. A Strategic Supplier Diligence assessment from Expanse can ensure that federal operational, policy, and compliance leaders have an accurate and current understanding of their strategic industry partners, context behind evaluations of supplier security and their specific risks, an improved security ecosystem through escalation of identified security risks with the suppliers, and complete visibility into the organization’s Internet Edge.

Strategic Supplier Diligence reports illuminate:

• Strategic supplier network mapping to identify all IP addresses, domains, and certificates attributable to your suppliers
• The number of critical exposures across your strategic supplier’s network
• The types and characteristics of those exposures, including which are riskiest
• Flow analysis to identify risky policy violations, such as unencrypted communications with your strategic suppliers