Release 25.1

Platform Updates

Automate outbound progressive enforcement states for tag sets

What to expect: A more flexible and controlled approach to implementing Zero Trust security policies in the environment.

Gradual Implementation: Organizations are not required to immediately enforce Zero Trust across all assets. Instead, they can apply coarser controls for larger tag sets like the entire production environment and more restrictive controls for smaller, critical tag sets like a CRM application. This approach allows you to iteratively improve security without needing complete knowledge of every application from the get-go.
Reduced Risk of Disruption: By configuring outbound communications to “Any” for broader environments (like production), you avoid disrupting thousands of assets and hundreds of applications all at once. For more sensitive applications, setting outbound progressive to “Zero Trust” ensures strict security without negatively impacting other parts of the environment.
Flexibility in Enforcement: Security admins can configure security rules at a tag set level, providing the flexibility to manage enforcement granularly.
Override Mechanism: If an asset is a member of multiple tag sets, the more restrictive “Zero Trust” setting will override the “Any” setting. This ensures that critical assets always have the highest level of security enforced.

Why this matters: This feature provides a balanced approach to achieving Zero Trust security, allowing organizations to iteratively enhance the security posture while minimizing the risk of widespread disruptions. It supports a smoother transition to Zero Trust, giving the ability to protect critical assets more stringently while maintaining operational flexibility.

Creating tag label rule with unknown subnets

What to expect: Users can create tag label rules with subnets which are unknown to the platform.

Why this matters: Implementation of micro-segmentation can be started even with small batches of assets by adding subnets which are not discovered by the platform yet.

Preserve Agent Telemetry information after asset decommission

What to expect: When an asset is decommissioned, the agent’s telemetry data which includes the agent logs, firewall decision logs & policy logs will be retained for 7 days.

Why this matters: Retaining this data for a short period ensures that there is a safety net to address any potential security, operational, or compliance concerns.

Ability to edit the Tags criteria in Segments

What to expect: Edit segment now allows to add & remove tags in segments. No need to clone a segment and edit tag criteria.

Why this matters: Reduced administrative overhead and the additional steps which were required when managing segments.

Ability to batch select assets for management

What to expect: Users can select multiple or all assets in the assets page for managing tags, templates and named networks.

Why this matters: Users can quickly manage multiple assets at the same time or to export the assets' details into a CSV file.

Vulnerability lookup and risk score assessment

What to expect: The risk score is computed using the vulnerabilities and exploits reported to the Xshield platform by vulnerability assessment integrations. Additionally, when the user clicks on the CVE Vulnerability number listed in the asset page, a new window pops up with the list of all vulnerabilities and their patch links.

Why this matters: Accurately measuring and scoring risks enables organizations to allocate resources effectively, prioritize actions based on risk severity, and strengthen overall security posture. It allows for more informed decision-making and efficient risk management.

UI & UX changes

What to expect:

The UI options - Manage Organization, Manage APIs, and Integrations are moved to the Settings tab & the Background Processes is moved to the Monitoring tab.
Refreshed sidebar navigation options from both visual and UX perspectives.

UI & UX changes for operations on CrowdStrike assets

Since customers could have a mix of assets running either CrowdStrike or Colortokens agent, these updates make way for easier identification and security management.

When the asset is managed by CrowdStrike agent, it will be mentioned on the asset details page.
A new core tag “Managed By” is added which helps filter CrowdStrike assets.
CrowdStrike tab added in Segments. Firewall and templates for CrowdStrike assets can be performed from the CrowdStrike segment.
Ability to add templates, named networks, breach impact scoring when creating CrowdStrike segments.
Users can now filter the ports by port range which reduces the steps while selecting multiple ports.
When users make policy updates, perimeter changes, etc., the Xshield console provides a warning prompt to review the changes.
A new column with CVSS scores for each asset is added on the assets page & Max CVSS score on the Unmanaged Devices page.

Why this matters:

Improved Navigation: By organizing related options under the "Settings" and "Monitoring" tabs, users can find and access the tools they need more efficiently, reducing time and effort spent navigating the interface.
Enhanced Usability: Grouping administrative functions logically enhances the overall user experience, making the system more intuitive and user-friendly.
Streamlined Administration: These changes promote a more structured and coherent layout, allowing administrators to manage and monitor their tasks with greater ease and efficiency.

CSV download for Templates

What to expect: Template with ports and path data can be exported into a CSV file from the templates page.

Why this matters: Exporting template data enables organizations to backup, recover, audit, migrate & troubleshoot purposes.

Added named networks for Huawei and Ali Cloud

What to expect: Huawei and Ali Cloud IP addresses are prepopulated in the named networks tab.

Why this matters: Makes it easier to identify and manage the IPs within the network. This can simplify troubleshooting and network administration tasks. Having named networks improves the documentation and clarity of the network infrastructure. This is useful for teams managing large and complex networks.

Agent Updates

New option in Agent CMD utility for removing the Firewall rule table

What to expect: Introduced an option for removing the complete Colortokens Firewall rules from within the asset.

Users who may want to remove the complete Colortokens firewall rule table can use the below command from the agent CMD line within the Windows asset.

Command: .\\ctagentcmd.exe resetrules –deleteProvider

Caution: Please consult with an Xshield expert before running commands in the agent

Appliance Updates

Gatekeeper High Availability

What to expect:

Active/Active support: Ability to have more than 2 Gatekeepers in a cluster. We now support both Active/Active & Active/Standby Gatekeepers.

Why this matters: Active/Active mode uses multiple Gatekeepers to distribute network traffic across a cluster, with each Gatekeeper managing one or more VLANs. This setup increases capacity and redundancy, as other Gatekeepers can absorb the workload if one fails. It provides higher availability and scalability, making it ideal for environments that require minimal downtime.

Gatekeeper Security

What to expect: Gatekeeper is locked down to minimal traffic it needs (Has micro-segmentation policies for Gatekeeper itself).

Why this matters: Provides strict traffic controls and isolation which leads to reduced attack surface & increase in performance by allowing only essential traffic. This also ensures better performance and reliability.

Gatekeeper rollback for upgrade failures

Why this matters: Rollback for upgrade failures ensures that if an upgrade causes issues, the system can revert to the previous stable state minimizing downtime & prevents disruptions.

Support for backup DHCP relays

What to expect: The Gatekeeper appliance can now be configured with Active/Active or Active standby DHCP relays present in the customer’s environment.

Why this matters: Previously, the gatekeeper appliance could only be configured with one active DHCP server. With the update, Gatekeeper can be configured with Active/Active or Active/Standby DHCP relays. If one DHCP server fails, the gatekeeper can switch to the active DHCP server.

Added support for the below Integrations

Nozomi Networks

Key features: Sync tags, device identification data and vulnerabilities from Nozomi API.

Siemens IAH

Key features: Sync tags and device identification data.

Why this matters: The integration is used to fetch the core tags from the respective providers and automate the policy enforcement process.

Platform Updates​

Automate outbound progressive enforcement states for tag sets​

Creating tag label rule with unknown subnets​

Preserve Agent Telemetry information after asset decommission​

Ability to edit the Tags criteria in Segments​

Ability to batch select assets for management​

Vulnerability lookup and risk score assessment​

UI & UX changes​

UI & UX changes for operations on CrowdStrike assets​

CSV download for Templates​

Added named networks for Huawei and Ali Cloud​

Agent Updates​

New option in Agent CMD utility for removing the Firewall rule table​

Appliance Updates​

Gatekeeper High Availability​

Gatekeeper Security​

Gatekeeper rollback for upgrade failures​

Support for backup DHCP relays​

Added support for the below Integrations​

Nozomi Networks​

Siemens IAH​