Vulnerability Management

Integrated Vulnerability Management

ColorTokens Xshield empowers you with powerful micro-segmentation to safeguard your critical assets. We've significantly enhanced this protection by seamlessly integrating vulnerability management directly into the platform, providing you with clear and actionable insights into known operating system vulnerabilities across your entire environment. This comprehensive capability extends to both systems with the Xshield agent installed and agentless systems protected by the Xshield Gatekeeper.

This integrated vulnerability is supported only on modern Windows and Linux Operating Systems. It is currently unspported on AIX, legacy Linux Operating Systems and Solaris systems.

Leveraging Existing Vulnerability Management

To activate this powerful feature, simply select and enable one of your existing vulnerability management solutions from the integration page within the Xshield platform. After a 24-hour synchronization period, detailed vulnerability information will be readily available on the asset page. The Xshield user interface (UI) is updated every 24 hours with the most current vulnerability data.

Important Note: This integration is designed to provide comprehensive visibility into vulnerabilities reported by your existing solutions. It does not replace your current vulnerability management tools. Remediation actions must still be performed within your chosen vulnerability management platform.

In-Depth Vulnerability Analysis for Agent-Managed Assets

For assets with the Xshield agent installed, the agent diligently collects detailed operating system information, including the OS type, version, and applied patches. This data is then rigorously compared against the vulnerability database of your integrated solution. When a match is found, the asset page in Xshield will display:

• Number of Detected Vulnerabilities: A clear count of identified OS vulnerabilities.

• CVE Details: Comprehensive information about each vulnerability, including advisories, solutions, and tools, sourced directly from the NIST Vulnerability Database (NVD).

• Vulnerability Severity: Categorized as low, medium, high, or critical, based on the CVSS 3.1 score, providing a clear understanding of risk levels.

• Remote Code Execution (RCE) Indicator: Flags vulnerabilities that can be exploited by remote attackers, highlighting critical threats.

• Known Exploit Indicator: Identifies vulnerabilities with publicly available exploits from databases like Exploit-DB, enabling proactive defense against known attack vectors.

The Xshield UI provides robust filtering options, allowing you to quickly and easily search for assets based on vulnerability severity, CVE identifiers, RCE status, known exploit status, and more. This empowers you to rapidly identify and prioritize vulnerable assets for remediation.

Benefits

• Direct, centralized visibility into vulnerability information within the Xshield platform, eliminating the need to navigate multiple interfaces.

• Streamlined vulnerability assessment and prioritization, enabling rapid response to potential threats.

• Enhanced security posture through proactive identification and mitigation of vulnerabilities.

Extending Vulnerability Management to Agentless Systems Behind the Xshield Gatekeeper

For systems protected by the Xshield Gatekeeper, which do not have an agent installed, Xshield utilizes advanced protocol fingerprinting to identify operating system information. The Gatekeeper analyzes protocols like Modbus, S7, and EtherIP, which often contain valuable details about the OS version and model. This critical information is then meticulously compared against the NIST vulnerability database to identify potential vulnerabilities.

Enhanced Port-Level Vulnerability Visibility

ColorTokens Xshield now provides enhanced port-level vulnerability visibility. For protocols like RDP, SMB, and FTP, relevant CVEs are displayed directly on the ports page. This feature applies to both agent-managed and agentless systems protected by the Gatekeeper.

By providing vulnerability information directly within the Xshield UI, alongside the powerful visualizer, you gain a comprehensive understanding of potential attack vectors and can effectively reduce the attack surface of your critical assets.

Key Takeaways

• ColorTokens Xshield seamlessly integrates with your existing vulnerability management solutions to provide comprehensive vulnerability visibility.

• Vulnerability information is readily available within the Xshield UI, simplifying assessment and prioritization.

• The solution covers both agent-managed and agentless systems, ensuring comprehensive protection across your environment.

• Port level vulnerability information is shown directly in the UI.

• Remediation is handled by your existing vulnerability management solution.