Breach Impact Score
Overview
The Breach Risk Score in the Xshield Security Platform is a dynamic, continuously updated metric that quantifies the likelihood of an asset contributing to or being involved in a breach. The score ranges from 15 to 100, where:
- Score of 100 represents the highest breach risk, typically associated with assets that expose risky services, lack enforcement, and present exploitable attack paths.
- Score of 15 represents the lowest breach risk, achieved through strong port-level controls, Zero Trust enforcement, and minimized exposure.
The Breach Risk Score provides security teams with a practical, exposure-focused view of risk, enabling them to prioritize remediation efforts based on how attackers can realistically access or move through an environment.
Scope of Application
The Breach Risk Score is calculated and displayed at two levels:
-
Asset Level
Each individual workload or machine has its own breach risk score, visible on the asset detail page. This enables operators to identify high-risk systems and take targeted action. -
Tenant Level
An aggregated breach risk score is displayed on the Xshield Dashboard, representing the overall exposure and enforcement posture of the tenant.
This dual-level visibility supports both detailed asset hardening and high-level risk assessment.
Maximum Risk to Improved Posture
When the Xshield agent is deployed on an asset with no enforced policies, the asset begins with a high breach risk score, reflecting maximum exposure.
As security controls are applied, the score improves — reducing toward 15 — based on actions that materially restrict attack surface and lateral movement, including:
- Securing inbound and outbound ports
- Enforcing Zero Trust policies
- Restricting access to high-risk services
- Reducing exploitability through posture hardening
Each improvement step lowers the breach risk score, providing a measurable indicator of security posture maturity.
Key Factors in Breach Risk Score Calculation
The Breach Risk Score is driven primarily by port-level exposure and enforcement, combined with contextual risk multipliers. Each factor influences the score based on how effectively it limits breach opportunities.
1. Inbound Port Security
What it means: Evaluates how inbound ports on the asset are secured, with ports classified based on their risk level.
How it affects the score:
Inbound ports are grouped into risky ports and other ports:
- Risky ports are those associated with known lateral movement techniques or security advisories and carry the highest weight in the score.
- Other ports contribute lower risk but are still evaluated for exposure.
For both categories:
- Blocking or path-restricting ports results in maximum score reduction
- Allowing access only from intranet results in limited reduction
- Allowing unrestricted access results in no reduction
Recommendation to improve:
Identify and block or tightly restrict risky inbound ports wherever possible. Apply least-privilege access for all other inbound services.
2. Outbound Port Enforcement
What it means:
Measures how effectively outbound connections from the asset are enforced.
How it affects the score:
The score is reduced based on the ratio of outbound ports that are enforced, recognizing that uncontrolled egress can enable data exfiltration and lateral movement.
Recommendation to improve:
Enforce outbound policies to restrict destinations and protocols to only those required for business operations.
3. Progressive Zero Trust Enforcement
What it means:
Represents the maturity of enforcement applied to the asset as it progresses toward a Zero Trust state.
How it affects the score:
Progressive enforcement contributes to risk reduction, with the strongest impact achieved when the asset reaches Zero Trust enforcement. Partial or intermediate states provide proportionally lower benefit.
Recommendation to improve:
Advance assets through progressive enforcement stages and finalize with Zero Trust to achieve the lowest breach risk.
4. Business Value Classification
What it means:
Represents the criticality of the asset to the business.
How it affects the score:
Business value acts as a multiplicative factor in the score calculation. Higher-value assets retain higher breach risk unless strong compensating controls are in place.
Recommendation to improve:
Accurately classify asset business value and prioritize stronger enforcement for high-value systems.
5. Vulnerability Severity
What it means:
Accounts for the severity of known vulnerabilities present on the asset.
How it affects the score:
Vulnerabilities increase breach risk in proportion to their severity and the asset’s underlying exposure. Assets with weaker enforcement are impacted more significantly.
Recommendation to improve:
Patch high-severity vulnerabilities, isolate vulnerable services, and strengthen baseline enforcement to reduce overall exploitability.
Examples of Typical Scores
Low Risk (15–25):
- Risky ports blocked or path-restricted
- Outbound enforcement enabled
- Zero Trust enforcement applied
- Low vulnerability exposure
→ Minimal breach risk
Moderate Risk (40–60):
- Partial inbound or outbound enforcement
- Some risky ports still accessible
- Intermediate progressive enforcement
→ Controlled but improvable posture
High Risk (75–85):
- Risky ports exposed to intranet or wider access
- Weak outbound enforcement
- High business value or vulnerabilities
→ Elevated breach likelihood
Critical Risk (95–100):
- Risky ports openly accessible
- No effective inbound or outbound enforcement
- High exploitability
→ Severe breach exposure
Conclusion
The Breach Impact Score is more than a number — it's a live reflection of the current exposure and security configuration of your environment. By continuously monitoring this score at both asset and tenant levels, operators gain:
- A way to track progress as policies are applied
- Insight to prioritize review and hardening
- A measure to validate Zero Trust enforcement effectiveness
The goal is clear: reduce breach impact from a maximum starting point to a minimum, defensible state — and the Breach Impact Score is your compass for that journey.