Case Study: Fortune 500 Technology Company achieves proactive attack-surface management — remediating 850+ exposed RDP/SSH in minutes and cutting accidental exposures 56% with Palo Alto Networks (Cortex XSIAM & Cortex Xpanse)

How Cortex XSIAM® helped a Fortune 500 technology company proactively manage their attack surface

A Fortune 500 technology company running more than 700,000 compute instances across AWS, GCP, and Azure faced repeated accidental internet exposures of remote-access services (RDP/SSH) in its test environments. With frequent cloud changes and hundreds of accounts to manage, the security team needed continuous, multi‑cloud visibility plus a highly configurable, automated way to identify owners, assess context, and remediate exposures at scale.

They deployed the ASM Module in Cortex XSIAM (backed by Cortex Xpanse) to automate discovery, owner identification, exclusions checks, and remediation via out‑of‑the‑box playbooks. Over six months the SOC automatically found and remediated 850+ exposed RDP/SSH instances in minutes, achieved a 56% reduction in accidental exposures after notification and automation, and streamlined incident triage across the organization’s 700K+ instances.