Case Study: a Fortune 500 technology company reduces exposed cloud instances with Palo Alto Networks Cortex XSIAM and Xpanse

Fortune 500 technology company cuts exposed instances by 56% with Palo Alto Networks

A Fortune 500 technology company faced significant challenges in managing its vast, multi-cloud attack surface, which included over 700,000 computing instances across AWS, GCP, and Azure. Its Security Operations Center struggled with the rapid detection and remediation of unintentionally exposed remote access services like RDP and SSH, which posed serious risks such as ransomware. To address this, the company turned to Palo Alto Networks, implementing the Attack Surface Management (ASM) Module within the Cortex XSIAM platform.

The solution from Palo Alto Networks provided automated, proactive attack surface management. Using the ASM Module in Cortex XSIAM, the SOC gained rapid visibility and leveraged automation to identify service owners, check exclusion lists, and remediate exposures. Over six months, this approach discovered and remediated over 850 exposed RDP and SSH test instances within minutes, managed 700K+ instances centrally, and led to a 56% decrease in accidentally exposed instances through proactive notifications.