Breach Impact Score
Overview
The Breach Impact Score in Xshield Security Platofrm is a dynamic, continuously updated metric that quantifies the security posture of an asset or tenant (organization) on a scale from 15 to 100:
- Score of 100: Represents the highest possible impact — typically observed in systems with poor configurations, unreviewed exposures, critical vulnerabilities, and no enforcement controls.
- Score of 15: Indicates the lowest impact (best possible security posture), typically achieved through comprehensive reviews, Zero Trust enforcement, and absence of exploitable vulnerabilities.
This scoring system provides actionable insight to operators, enabling them to visualize exposure points, prioritize hardening efforts, and validate the reduction in breach impact through progressive policy enforcement.
Scope of Application
The Breach Impact Score is computed and displayed at two levels:
-
Asset Level: The breach impact score for individual workloads or machines is visible on each asset's detail page, helping operators assess and improve the posture of specific systems.
-
Tenant Level: The aggregate breach impact score representing the entire organization is available on the Xshield Dashboard, providing a summary view of risk posture across all assets within the tenant.
This two-level visibility ensures that both granular and organizational perspectives on breach risk are available for decision-making.
Maximum Risk to Improved Posture
When the Xshield agent is first installed on a system, and no security policies are enforced, the system starts with a Maximum Risk Score. This score reflects the highest breach impact for an unprotected, internet-exposed asset with no mitigation measures.
From this starting point, the score improves — that is, reduces toward 15 — as the asset’s security posture is hardened through:
- Visibility and Review: Understanding and validating asset exposure (e.g., port and path reviews).
- Progressive Policy Enforcement: Moving from open states to Zero Trust enforcement.
- Vulnerability Mitigation: Identifying and addressing known vulnerabilities.
Each improvement step decreases the breach impact score, giving operators a measurable way to track posture evolution.
Key Factors in Breach Impact Score Calculation
The Breach Impact Score reflects the effectiveness of security controls applied to an asset. Each contributing factor reduces the overall score when appropriate security actions are taken. Below are the major components of the calculation, along with practical recommendations to improve each:
1. Port Review Completeness
What it means: Measures how many of the asset’s open ports have been reviewed and verified as required.
How it affects the score:
- No ports reviewed → high score (worst case)
- All ports reviewed → lowest score for this category (best case)
🔧 Recommendation to Improve: Review all open ports on each asset using Xshield’s visualization. Validate whether the ports are expected and necessary for business functionality. Aim for 100% port review completion to achieve the maximum score reduction.
2. Path Review Completeness
What it means: Indicates whether communication paths (inbound and outbound) associated with the asset have been reviewed.
How it affects the score:
- Less than half reviewed → no score reduction
- More than half reviewed → maximum score reduction
🔧 Recommendation to Improve: In the Xshield traffic map, review and annotate the communication paths. Prioritize assets with multiple active connections. Ensure at least more than 50% of the paths are reviewed for a positive impact on the score.
3. Inbound Security State
What it means: Represents the level of enforcement on incoming traffic to the asset.
How it affects the score:
- "Unsecured" → high score
- "Secure Internet" → moderate reduction
- "Secure All" → maximum score reduction
🔧 Recommendation to Improve: Configure and enforce inbound policies using Xshield to restrict access from both internet and internal assets unless explicitly required. Aim for "Secure All" to ensure the lowest breach impact from inbound exposure.
4. Outbound Security State
What it means: Represents how outgoing traffic from the asset is restricted.
How it affects the score:
- "Unsecured" → high score
- "Secure Internet" → moderate reduction
- "Secure All" → maximum score reduction
🔧 Recommendation to Improve: Apply outbound controls to limit destinations. Prevent unauthorized exfiltration or lateral movement by restricting all outbound connections unless business-required. Target the "Secure All" state for optimal risk reduction.
5. Progressive Enforcement State
What it means: Indicates how advanced the security controls are when inbound policies are in place.
How it affects the score:
- "None" or undefined → no reduction
- "Open Ports" → minor reduction
- "Active Ports" → moderate reduction
- "Zero Trust" → maximum reduction
🔧 Recommendation to Improve: Advance the enforcement stage by enabling progressive controls:
- Start with "Open Ports" enforcement
- Progress to "Active Ports"
- Finalize with "Zero Trust" enforcement, allowing only explicitly approved connections.
This progression yields significant breach impact reduction.
6. Business Value Classification
What it means: Scores the asset based on its assigned business value — representing the sensitivity or criticality of the workload.
How it affects the score:
- "High" or unconfigured → no reduction
- "Medium" → moderate reduction
- "Low" → maximum score reduction
🔧 Recommendation to Improve: Tag assets with appropriate business value in Xshield. If a system does not handle critical data or services, configure its value as "Low" to lower its relative breach impact. For truly critical systems, prioritize strong controls since value-based reductions will not apply.
7. Vulnerability Severity
What it means: Adjusts the score based on the severity of known vulnerabilities present on the asset.
How it affects the score:
- Severity 0 → no adjustment
- Severity 1–2 → minor increase
- Severity 3–5+ → significant increase (especially when base score is already high)
Scanned hosts trend higher in breach impact score than unscanned hosts with similar network posture. Comparisons and rankings will be skewed towards scanned assets being prioritized.
Vulnerability data only ever increases risk relative to posture-only scoring; missing data neither penalises nor boosts, so mixed coverage environments will appear skewed toward higher scores on scanned hosts.
🔧 Recommendation to Improve: Run regular vulnerability scans and correlate results in Xshield. Focus on:
- Patching high-severity CVEs
- Disabling or isolating vulnerable services
- Reducing the base score first, as vulnerability impact increases more on already insecure systems.
A combination of patching and policy enforcement provides the best results.
Score Interpretation and Impact Tiers
| Score Range | Impact Level | Description |
|---|---|---|
| 15–25 | Low Impact | Strong security posture with comprehensive controls and minimal vulnerabilities. |
| 26–50 | Medium Impact | Moderate enforcement and/or presence of known vulnerabilities. Improvements recommended. |
| 51–75 | High Impact | Incomplete enforcement, exposure present. Requires prioritization. |
| 76–100 | Critical Impact | High risk of breach due to poor security posture or severe vulnerabilities. Immediate action needed. |
Examples of Typical Scores
-
Ideal Security (~15–25):
- All ports and paths reviewed
- Zero Trust enforcement
- Low business value
- No vulnerabilities
- → Very low breach impact
-
Moderate Posture (~40–60):
- Some review and controls applied
- Partial progressive enforcement
- Moderate vulnerabilities
- → Reduced but not eliminated breach impact
-
Critical Exposure (~95–100):
- No port/path review
- No enforcement
- High business value
- Critical vulnerabilities
- → Highest breach impact score
-
Exposed Business-Critical Systems (~75–85):
- Incomplete enforcement
- Internet-facing asset
- High vulnerability severity
- → Significant breach impact
Conclusion
The Breach Impact Score is more than a number — it's a live reflection of the current exposure and security configuration of your environment. By continuously monitoring this score at both asset and tenant levels, operators gain:
- A way to track progress as policies are applied
- Insight to prioritize review and hardening
- A measure to validate Zero Trust enforcement effectiveness
The goal is clear: reduce breach impact from a maximum starting point to a minimum, defensible state — and the Breach Impact Score is your compass for that journey.