2 of 13

An active attack surface management solution that helps your organization actively discover, learn about and respond to unknown risks in all connected systems and exposed services.

Cortex Xpanse Overview

Active Discovery: Automatically, continuously scan the entire internet. Actively discover and index your unknown risks in all connected systems and exposed services.

Active Learning: Uses supervised machine-learning models to continuously map your attack surface and prioritize remediation efforts.

Fully Managed: MCNC’s Security Operations team will continue to monitor the Xpanse environment for vulnerabilities. This will continue to include regular (daily/weekly/monthly/quarterly) reviews and reporting on what you organizations should focus on through a vulnerability management lens.

Increased efficiencies for MCNC’s Security Operations team enabled by automation capabilities. The new service offering greatly reduces manual efforts on behalf of our team so we can more quickly support yours.

General Use - 2024

3 of 13

What’s Included:

Increased Visibility on Additional Types of Assets

(IPs, Domains, Certificates, Services, etc)

�

Attack Surface Rule Customization

�Active Discovery

Enterprise vulnerability scanning technology�

PSU Access to their own Business Unit

(Coming Soon)

Cortex Xpanse includes a few options for scan scope and cadence

Global is the current scan configuration.

KAM 300 is a goal but only after the asset validation is complete AND organizations have added the Scan IP Ranges to their allow lists.

Increased Scan Cadence

General Use - 2024

4 of 13

Service Update

Asset Discovery and Inventory Review

MCNC’s team provided NCREN IP space, site names and known customer domains to Cortex Xpanse as initial seed data
MCNC’s team audited discovered assets and grouped each into “Business Units”
Happening Now: PSUs to review their discovered Asset Inventory and to provide feedback to MCNC of any requested changes:

Week of February 11th, MCNC sent Asset Inventory and instructions for data validation
PSUs have until the end of February to provide feedback or MCNC will proceed with the existing Asset Inventory assets

Once data validation is complete, MCNC’s SecOps team will begin initial quarterly report type review and provide PSUs with recommendations based on that initial review

General Use - 2024

5 of 13

Asset Inventory

General Use - 2024

6 of 13

Classifications, Services, and Technologies

General Use - 2024

7 of 13

Attack Surface Rules

General Use - 2024

8 of 13

Incidents

General Use - 2024

9 of 13

Alerts

General Use - 2024

10 of 13

Threat Response

General Use - 2024

11 of 13

Threat Response

General Use - 2024

12 of 13

Certificate of Participation

NCDPI K12 Webinar Series - MCNC Attack Surface Monitoring Certificate of Participation for CEU:

https://docs.google.com/document/d/1QzqGPBKp6AVNtRCpd5IEjMkX7GBh8lKwWrCu6i1JKIQ/edit?usp=copy

General Use - 2024

1 of 13

2 of 13

3 of 13

4 of 13

5 of 13

6 of 13

7 of 13

8 of 13

9 of 13

10 of 13

11 of 13

12 of 13

13 of 13