Palo Alto Networks Cortex Xpanse
Updated Jul. 19 2021

Together, Venafi and Xpanse deliver a full, dynamic certificate inventory that eliminates unnecessary or expired certificates and reduces the risk from unmanaged or unknown cloud assets.
Business Outcomes
  • Keep unknown certificates under control by identifying assets not under management but associated with the company

  • See and enforce certificate security policies with outside-in and inside-out visibility

  • Pinpoint risk of unintentionally exposed, managed certificate instances or rogue instances that can pose a risk

Integration Features
  • Audit current Venafi certificate inventory

  • Import newly discovered certificates from Xpanse into Venafi

Solution Overview

Today, certificates appear and disappear rapidly in a modern, ephemeral enterprise. Attackers actively search for expired certificates, which can be used in cyber attacks.

Cortex Xpanse is an automated Attack Surface Management (ASM) platform that provides a complete and accurate inventory of an organization’s global internet-facing assets and misconfigurations to continuously discover, evaluate, and mitigate an external attack surface, flag risky communications, evaluate supplier risk or assess the security of M&A targets. 

Together, Venafi and Xpanse delivers a full, dynamic certificate inventory that eliminates unnecessary or expired certificates and reduces the risk from unmanaged or unknown cloud assets. Xpanse provides a full manifest of all certificates--known and unknown--to ensure security teams are fully aware of risk coming from unmanaged assets. Then, enterprises gain visibility and control over the full manifest of certificates to dramatically reduce the risk of cyber attacks.

How-it-works

Xpanse scans & identifies all external-facing assets. 

There are two modes in which the Xpanse/Venafi integration can run:

  • Audit - Xpanse will produce a .csv file which will list the delta between certificates that Xpanse has identified that belong to the customer and those that are currently identified in Venafi. 
  • Import - in import mode, the integration will produce a delta as well as import all certificates into a targeted Venafi Policy that exist in Xpanse and do not exist in Venafi.