* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Know When Your Remote Emp...

# Know When Your Remote Employee Networks Are Vulnerable

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecure-remote-worker-networks%2F)  
[](https://twitter.com/share?text=Know+When+Your+Remote+Employee+Networks+Are+Vulnerable&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecure-remote-worker-networks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecure-remote-worker-networks%2F&title=Know+When+Your+Remote+Employee+Networks+Are+Vulnerable&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/secure-remote-worker-networks/&ts=markdown)  
\[\](mailto:?subject=Know When Your Remote Employee Networks Are Vulnerable)  
Link copied  
By [Abhishek Anbazhagan](https://www.paloaltonetworks.com/blog/author/abhishek-anbazhagan/?ts=markdown "Posts by Abhishek Anbazhagan")  
Jun 13, 2022  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[RDP](https://www.paloaltonetworks.com/blog/tag/rdp/?ts=markdown)  
[XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown)  
[Xpanse](https://www.paloaltonetworks.com/blog/tag/xpanse/?ts=markdown)

As companies embrace the new reality of remote and hybrid work, organizations need a plan to secure remote employees for the long term, starting with the networks they are on.

The global pandemic resulted in a mass exodus of employees away from the relative safety of corporate networks. Seemingly overnight, operations were migrated---some of them business critical---to home networks on multiple devices with little time to plan and execute security processes. Even now, remote workers are staying remote, but moving around and adding public networks to worry about, like cafes, hotels, etc.

This all puts large amounts of stress on corporate cybersecurity teams, protocols and systems, and it exposes technology gaps between corporate locations and remote home offices, especially in terms of the limited visibility into the security of the remote networks employees are on.

## **Remote Protocols and Networks are Insecure**

With employees, partners, and vendors working remotely, organizations face a greater risk to internal systems and data being exposed and attacked. This could be due to the increased usage of Remote Desktop Protocol (RDP) to support remote workers, employees using insecure networks, or increased usage of VPNs.

RDP routinely ranks as [the number one security issue](https://start.paloaltonetworks.com/2022-asm-threat-report.html) across the global attack surface, according to Cortex Xpanse data, and Unit 42 research found RDP to be the initial attack vector in [half of all ransomware attacks](https://www.paloaltonetworks.com/blog/2021/07/diagnosing-the-ransomware-deployment-protocol/). Consumer-grade networking hardware has also become the focus of cyberattackers, exposing more and more vulnerabilities putting remote employees at risk.

Additionally, while VPNs provide encryption, device security, and online privacy, concerns over their inherent security existed *before* COVID-19 making the huge bump in usage all the more worrisome.

The Cybersecurity and Infrastructure Security Agency (CISA), which is a part of Department of Homeland Security (DHS), issued an[alert](https://www.us-cert.gov/ncas/alerts/aa20-073a) pointing to specific work-from-home vulnerabilities and potential VPN attacks, encouraging users to implement multifactor authentication (MFA) and stronger password usage.

In CISA's alert, they offered the following considerations for teleworkers:

* As organizations use VPNs for telework, more vulnerabilities are being found and targeted in VPN software by malicious cyber actors.
* As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
* Malicious threat actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
* Organizations that do not use MFA for remote access are more susceptible to phishing attacks.
* Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel's ability to perform cybersecurity tasks.

To help reduce exposure and compromises, incorporating security best practices are critical. This includes:

* Ensuring that insecure network configurations aren't exposing risky services on corporate devices.
* Gaining visibility to dynamically change policies and alter access controls based on employee location.
* Identifying endpoints connecting through known vulnerable routers and assessing the need to deploy enterprise-grade hardware to key employees.
* Measuring the organizational risk associated with key employees working from home or temporary networks.

## **Secure Your Remote Employee's Attack Surface**

![Fig 1: Overview of your remote networks and vulnerabilities](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-16.png)

*Fig 1: Overview of your remote networks and vulnerabilities*

[ASM for Remote Workers](https://www.paloaltonetworks.com/cortex/cortex-xpanse/asm-for-remote-workers) is an API integration between Cortex^®^ Xpanse^™^ and both Cortex XDR and Prisma^®^ Access with GlobalProtect^™^ agents. It allows organizations to effectively identify and get alerts on security issues on remote worker systems and network environments using public asset information discovered by Xpanse. Some of the benefits include the ability to:

* Identify risks for key remote employees and deploy enterprise-grade hardware selectively.
* Use visibility to dynamically change policies and alter access controls based on employee location.
* Improve mean time to respond (MTTR) by providing additional network data to a given incident.
* Find the internal and external IP mapping of your remote workforce.
* Discover the gaps in coverage of Cortex XDR agents in your organization.
* Ensure employees are using an approved VPN service.
* Improve MTTR by providing additional network data to a given incident identified by Cortex XDR.
* Identify employees working from unapproved locations and employees not using VPNs.

## **How It Works**

### [**Xpanse + Cortex XDR**](https://www.paloaltonetworks.com/resources/techbriefs/asm-coverage-for-remote-with-cortex-xpanse-and-cortex-xdr)

**![Fig 2: Leverage either Cortex XDR or Prisma Access with Cortex Xpanse to protect your remote workers](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-17.png)**

*Fig 2: Leverage either Cortex XDR or Prisma Access with Cortex Xpanse to protect your remote workers*

The integration gathers endpoint data from Cortex XDR (only assets that have a public IP address and have been seen in the last 24 hours) to identify remote workforce devices associated with your organization. It then combines this data with Xpanse's global scan data to identify risky issues and services running on the networks where your employees are located, giving you a complete picture of your remote workforce.

Cortex XDR^®^ gives you internal insight into what's running on those devices, while Xpanse gives you the external perspective and identifies what's exposed to the internet. Teams can remediate risky issues identified on remote networks---either directly on the device via Cortex XDR or via network configurations.

### [**Xpanse + Prisma Access and GlobalProtect**](https://www.paloaltonetworks.com/resources/datasheets/asm-for-remote-workers)

**![Fig 3: Get granular visibility into your remote worker exposures](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/06/word-image-18.png)**

*Fig 3: Get granular visibility into your remote worker exposures*

The integration gathers GlobalProtect VPN client data/device data, which could come either through a Prisma Access deployment using GlobalProtect or from a GlobalProtect instance installed on an NGFW (only assets that have a public IP address and have been seen in the last 24 hours) to identify remote workforce devices associated with your organization. It then combines this data with Xpanse's global scan data to identify risky issues and services running on the networks where your employees are located, giving you a complete picture of your remote workforce.

With the visibility provided by these integrations, organizations can prioritize these issues for remediation and also educate users about the insecurities in their networks and how to secure them.

**To learn more about ASM for Remote Workers, download [the solution brief](https://www.paloaltonetworks.com/resources/techbriefs/asm-coverage-for-remote-workers). To Learn more about Attack Surface Management, [read our Cyberpedia article.](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management)**

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New in Cortex](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/how-cortex-defends-against-microsoft-sharepoint-toolshell-exploits/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's Next in Cortex: New Innovations for Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-new-innovations-for-security-operations/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Defending against Phantom Taurus with Cortex](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/the-rise-of-phantom-taurus-unmasking-a-stealthy-new-threat-to-global-security-with-cortex/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Cortex Xpanse Protects Against Malicious Domain Takeover Techniques](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-xpanse-protects-against-malicious-domain-takeover-techniques/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### What's New in Cortex: The Latest Innovations for the World's #1 SecOps Platform (Feb '25 Release)](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex-the-latest-innovations-for-the-worlds-1-secops-platform-feb-25-release/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language