* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/) * [News and Events](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/news-and-events/) * Preventing Unplanned Outa... # Preventing Unplanned Outages Due to Faulty Certificates Using Cortex Xpanse [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fpreventing-unplanned-outages-due-to-faulty-certificates-using-cortex-xpanse%2F) [](https://twitter.com/share?text=Preventing+Unplanned+Outages+Due+to+Faulty+Certificates+Using+Cortex+Xpanse&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fpreventing-unplanned-outages-due-to-faulty-certificates-using-cortex-xpanse%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fpreventing-unplanned-outages-due-to-faulty-certificates-using-cortex-xpanse%2F&title=Preventing+Unplanned+Outages+Due+to+Faulty+Certificates+Using+Cortex+Xpanse&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/preventing-unplanned-outages-due-to-faulty-certificates-using-cortex-xpanse/&ts=markdown) \[\](mailto:?subject=Preventing Unplanned Outages Due to Faulty Certificates Using Cortex Xpanse) Link copied By [Abhishek Anbazhagan](https://www.paloaltonetworks.com/blog/author/abhishek-anbazhagan/?ts=markdown "Posts by Abhishek Anbazhagan") Oct 11, 2021 3 minutes [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [asset management](https://www.paloaltonetworks.com/blog/tag/asset-management/?ts=markdown) [Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown) [digital assets](https://www.paloaltonetworks.com/blog/tag/digital-assets/?ts=markdown) [digital certificates](https://www.paloaltonetworks.com/blog/tag/digital-certificates/?ts=markdown) [Xpanse](https://www.paloaltonetworks.com/blog/tag/xpanse/?ts=markdown) On September 30, 2020, one of the largest certificate providers, "Let's Encrypt'' saw their root certificate expire which required all their customers to upgrade their devices or face outages. Digital certificates are issued to organizations by trusted authorities like Let's Encrypt to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and avoid misleading unsuspecting customers. The problem with these certificates is that like most cybersecurity assets, they are procured and deployed with abandon. Most organizations still track their assets through a series of emails, spreadsheets, or outdated inventory/configuration management databases. While Let's Encrypt repeatedly advised its customers to make the necessary upgrades, one could safely assume that many were unable to as they did not have a granular view of all the certificates they owned. In a recent MIT Technology Review Insights^1^ survey of over 700+ cybersecurity executives, over 50% of organizations faced a cybersecurity incident from an unknown or unmanaged digital asset. Another 20% mentioned that while they hadn't yet had an incident on an unknown/unmanaged asset, they fully expected to see some in the near future. Several prominent organizations faced disruptions and outages as a consequence of not having visibility into certificates deployed on their attack surface. Organizations like Cisco Umbrella, Catcpoint, Monday.com, Auth0, Shopify, cPanel, and many others faced disruptions on account of their respective certificates expiring as fallout from the Let's Encrypt incident. Gartner estimates that business losses on account of unforeseen downtimes can be anywhere from $140,000 per hour to $300,000^2^ or more on average. How does your asset management team monitor the lifecycle of your certificates to prevent unplanned downtime? Do your teams know when their certificates are about to expire or have other misconfigurations? With Cortex Xpanse, organizations can prevent unplanned disruptions to their businesses stemming from known and unknown misconfigured certificates. Cortex Xpanse is a global internet collection and attribution platform that empowers CISOs to continuously discover, evaluate, and mitigate their external attack surface. Today, Xpanse customers collectively represent 12% of the overall IPv4 internet and include leading Fortune 500 companies as well as both US government organizations and military branches. ![Screenshot of Certificate Management inside Expander](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/10/word-image-9.png) *Fig 1: Screenshot of Certificate Management inside Expander* Certificates are one of the several assets which Xpanse helps organizations track and remediate. Cortex Xpanse automatically discovers an organization's known and unknown certificates. Xpanse applies policies on this discovered inventory of certificates to automatically identify certificate misconfigurations, including expiring and expired certificates. Xpanse also identifies self-signed certificates, certificates with a short public key, long expiration, wildcard, and domain-control validated certificates so that organizations can remediate them. Xpanse maintains a large repository of collected certificates, enriched with many of the fields referenced in RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Having access to this wealth of data, allows us to enumerate information like self-signed attribution, and other misconfigurations identified in this article. With Xpanse, organizations can secure their attack surface to improve operational efficiency by reducing mean time to discovery (MTTD) and mean time to remediation (MTTR). Xpanse also helps organizations reduce operational costs by being the single source of truth for your organization's public-facing assets and replacing inaccurate, incomplete, and manual processes. ### To learn more about Cortex Xpanse, [visit here.](https://www.paloaltonetworks.com/cortex/cortex-xpanse) ^1^ MIT Technology Review Insights, A game-changer in IT security, 2020 ^2^ https://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/ *** ** * ** *** ## Related Blogs ### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Enhancing Critical Risk Detection with Cortex Xpanse Attack Surface Rules](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/enhancing-critical-risk-detection-with-cortex-xpanse-attack-surface-rules/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Protecting the Attack Surface of Critical Oil and Gas Infrastructure](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/protecting-the-attack-surface-of-critical-oil-and-gas-infrastructure/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Disrupting Legacy Vulnerability Management](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/disrupting-legacy-vulnerability-management/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Cortex Xpanse Protects Against Malicious Domain Takeover Techniques](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-xpanse-protects-against-malicious-domain-takeover-techniques/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Xpanse Covers Top Vulnerabilities Warned of by CISA](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/xpanse-covers-top-vulnerabilities-warned-of-by-cisa/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### MOVEit or Lose it: Securing assets from critical MOVEit flaw with Xpanse ASM](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/moveit-or-lose-it-securing-assets-from-critical-moveit-flaw-with-xpanse-asm/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language