Picture this: Three experienced CISOs from different industry sectors are seated together on stage in front of a large audience. As the panel moderator, I’m on stage as well, armed with a series of questions designed to extract useful advice and guidance from the experts. At some point in the discussion, usually early on, I will ask this question: “Of all the safeguards and controls at your disposal, which do you consider the most important?”
Now, I’ve been in this situation many times, and the answers to this question will tend to vary based on the background and industry sector of each CISO. But in virtually 100% of cases, the CISOs will mention inventory. Yes – every CISO I’ve ever worked with will tell you that without a complete and accurate understanding of your assets, you’re essentially trying to navigate the security of an enterprise through the clouds with no instruments.
To that end, I spent quality time this week with Tim Junio, CEO and co-founder of Expanse. The company, which was founded in 2013 and is located in San Francisco, helps enterprise teams and government agencies create and maintain an accurate inventory of their network-based assets. My old AT&T boss, Dave Dorman, sits on their board, and he’d suggested that a discussion would be worth my time. He was 100% correct, and here is what I learned:
“Identifying the real attack surface of a company is what we do,” explained Junio. “We help our customers build an accurate and intelligent inventory of their Internet-based assets, and this includes resources located on-premise, in the cloud, and distributed across the supply chain. The goal is to create a meaningful playbook for teams to prioritize risks and to help operationalize their security workflows.”
The types of information that serve to populate an organization’s inventory include IP address ranges, public key certificates, Internet domains, cloud service instances, on-premise assets, applications and systems, and anything supported by third-parties. These are integrated and managed by the Expanse Internet Operations Management Platform, which provides visibility and control for security, network, and IT teams.
The Expanse platform is delivered across three integrated components: First, the Expander component uses current and historical indices as well as other facts derived from the public Internet to discover, monitor, and track Internet-based assets. “Most organizations using our solution report that they can substantially improve their understanding of Internet-visible assets,” explained Junio.
Second, the Behavior component continuously analyzes traffic, looking specifically for any patterns, deviations, or other indicators that something might be exposed. Such communication includes evidence of BitTorrent or Tor, connections to unusual or unexpected geographic areas, evidence that botnet C&C traffic might exist, or use of P2P and other risky software.
Finally, the Link component is focused on securing suppliers, by improving their operational security. The idea is to help them detect and fix any Internet-based issue with their assets or traffic. “Many of our customers use security ratings services,” Junio said, “but we take a very different approach. We try to help secure your supply chain partners, rather than just try to rate their risk.”
A unique aspect of the Expanse story is its impressive business success in the US Federal marketplace, especially the defense sector. The Expanse technology was originally funded by a DARPA grant, which is certainly has helped them understand the needs of DoD teams. But their success seems to derive more from how the platform solves a problem that is particularly urgent to military teams – namely, understanding their vast assets.
An interesting topic that came up during our discussion involved the foundational mission of Expanse. We spent some time on this issue, and Junio explained that the company is ultimately trying to help restore the original promise of the Internet. We also discussed how the collection of data about an enterprise serves as a good baseline for truth about the valued assets to be protected. This seems like an excellent purpose for an inventory-based solution.
Based on some data Junio shared with me, Expanse appears to be growing significantly. They recently completed a $70M funding round, with checks from Peter Thiel, Michael Dell, Sam Palmisano, and even Arianna Huffington. Expanse has signed more than a few customers now who pay more than $1M dollars in annual recurring revenue. In addition, the company books an impressive $100M in government contracts.
I asked Junio if he was worried that with increasing emphasis on applications, some companies might de-emphasize focus on underlying infrastructure-based inventory. “Actually, we see the shift from premise-based computing to hybrid cloud as a driver for needing to better understand where assets are located,” Junio explained. “This increase in complexity is one of the great drivers of our growth.” This sounded pretty reasonable to me.
It’s rare that I find a company with little to complain about – but Expanse seems to be in this category. I will admit to some bias given their focus on network-based inventory, primarily for larger enterprise teams: I come from that world. But even if I didn’t, I think it would be hard to find much amiss here. After all, just as our three CISOs on stage reported, the most valuable security control involves knowing your assets. Expanse is on the right track.
