In October 2022, the U.S. Department of Homeland Security(DHS), along with the Cybersecurity & Infrastructure Security Agency(CISA), issued Binding Operational Directive 23-01 (BOD 23-01), which instructs Federal agencies to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities.”
BOD 23-01 supports and enhances other recent cybersecurity directives, including Executive Order 14028 on Improving the Nation’s Cybersecurity and BOD 22-01, which introduced a list of Known Exploited Vulnerabilities (KEVs) that threat actors have exploited. In another blog post, we have previously highlighted how Cortex Xpanse can identify CISA-identified Known Exploited Vulnerabilities.
BOD 23-01 requires agencies to enhance asset discovery and vulnerability enumeration capabilities to secure their public-facing internet assets. This involves continuously and comprehensively discovering an organization’s known and unknown internet-connected assets to eliminate gaps in their security posture. Xpanse can help Federal agencies vastly scale their ability to perform these critical cybersecurity functions.
Federal cybersecurity leaders must be able to answer three critical questions in the event of an emerging threat, zero-day event, or vulnerability management initiative:
Palo Alto Networks Cortex capabilities, including Xpanse and Cortex XSOAR, leverage analytics, AI, and automation to discover and inventory agencies’ entire attack surface, identify potential misconfiguration and vulnerabilities, and stitch together internal and external data to drive rapid situational understanding and remediation action.
Xpanse can help Federal Civilian Executive Branch (FCEB) agencies rapidly comply with many of the new requirements put in place by BOD 23-01:
The Xpanse Attack Surface Management platform performs automated asset discovery across the global internet on a sub-daily basis and refreshes scan observations in the platform every 24 hours. Some cloud assets move rapidly between multiple IP addresses, making it difficult to track their movement across the internet with a less regular discovery cadence. Xpanse ensures that your attack surface data is always up-to-date.
Xpanse automatically surfaces more than 500 unique issues and inferred vulnerabilities across your attack surface and prioritizes those risks based on industry best practices. The Xpanse Cyber Research Engineering team can enumerate additional vulnerabilities through customized out-of-product techniques and may test for vulnerability status with legal approval from a duly authorized agency official.
Cortex XSOAR can ingest Xpanse observations and initiate scanning playbooks that integrate with internal tools and datasets, such as your organization’s vulnerability management scanner (e.g., Tenable Nessus, Rapid7 InsightVM, etc.).
All Expander data, including issue and inferred vulnerability data, is available via API and can be connected to a wide variety of tools and services via out-of-the-box integrations. Palo Alto Networks also offers professional services support to build custom integrations for products that do not have a pre-built integration.
In addition to Xpanse’s sub-daily scanning cadence, our Cyber Research Engineering team can perform ad hoc, on-demand scanning of customer assets. These scans are highly configurable to discover and identify specific services, devices, and associated vulnerabilities. Results are typically available within hours of the request.
Xpanse’s global asset discovery, identification, and attribution capabilities can enhance FCEB agencies’ existing tools and processes to continuously monitor the USG’s Federal Civilian digital attack surface. The Expander platform also creates a common operating picture for both users and integrated tools, serving as the single source of truth for the full universe of publicly accessible assets and helping to better target internal scanners and vulnerability management programs.
Xpanse creates a complete system of record of all of an agency’s internet-facing assets, detects potential vulnerabilities for immediate remediation, assesses internet asset compliance with CISA directives (such as BODs 18-01 and 22-01) and internet communication policies, and provides real-time, ongoing tracking and awareness with centralized reporting.
Leveraging XSOAR, agencies can automate the vulnerability management and reporting process by searching for vulnerable assets, correlating threat intelligence, identifying the asset owner, and verifying compliance using the agency’s VM scanning platform. Results can be reported in near-real-time via dashboards and other reporting.
As the foundation of a holistic cybersecurity ecosystem, Xpanse and XSOAR can rapidly improve agencies’ asset inventory and vulnerability enumeration capabilities and bring them into compliance with CISA’s new BOD 23-01.
To learn more about how Xpanse can help you address BOD 23-01, watch our product tour here.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.