Key Capabilities / Features

ColorTokens helps customers visualize network assets, applications, and dependencies with multi-dimensional flexibility, uncovering misconfigurations that expose organizations to risk. Using a single-pane-of-glass approach, Xshield administers microsegmentation for all possible points of breach, including datacenter servers, cloud workloads, user endpoints, Kubernetes containers, OT/IoT devices, and even legacy OS devices.

Some key capabilities and benefits of the Xshield platform include:
• Centrally control multiple policy enforcement points for all types of resources, including the hundreds (or thousands) of host-based OS firewalls in the environment, Kubernetes service mesh sidecar proxies for containerized applications, and the Xshield Gateway for IoT, OT, legacy OS devices, or wherever agentless enforcement is preferred.
• Immediately increase security posture with enterprise-wide controls on high-risk ports and sensitive flows—and progress to continuous security improvement with fine-grained application-specific controls.
• Use risk-scoring dashboards to report progress to relevant stakeholders.
• Implement microsegmentation using a non-disruptive workflow. This workflow separates policy authoring from policy push and lets users simulate policies on historical data before enforcement.
• Leverage automated templates so users can define traffic policies to instantly shut down the spread of malware in the event of a breach.
• SaaS-based policy engine for quick deployment and up-to-the-minute updates.
• Unified administration console for policy definition and visualization for all types of enterprise assets and resources.
• Auto-tagging and multiple custom tags for assets.
• Automated policy recommendation for accelerated implementation.
• Template-driven policies for repeatability and accommodation of new assets.

How we are different

● Xshield gives organizations comprehensive microsegmentation protection for all types of enterprise assets. It provides a centralized policy decision point that controls different types of policy enforcement points, both agent-based and agentless, appropriate for various types of resources.
- For servers and VMs in the datacenter or cloud, it uses a host-based agent for policy enforcement.
- For Kubernetes containerized applications, it uses service mesh-based enforcement at the API level.
- For Internet-of-Things (IoT) and Operational Technology (OT) devices, it uses a Gateway Appliance to enforce traffic polices without the need for an agent.
- For user endpoints, it uses its host-based agent, or it integrates with existing EDR agents.
- For mainframes, legacy applications, and out-of-support operating systems, it uses its Gateway Appliance installed in the datacenter as a virtual machine.
Other solutions cannot deliver zero-trust microsegmentation for all types of enterprise assets with one solution, leading to tool proliferation, added complexity, and greater staffing costs.

● Xshield provides actionable visibility of all enterprise assets and traffic with its Visualizer console. It lets different user personas view the enterprise assets along many different dimensions, like location, application, business criticality, etc. This flexible approach to visualization lets security operations, application administration groups, and IT network infrastructure teams better collaborate to define the right zero-trust policies. It provides real-time risk measurements using dashboards and reports so leaders can see improvements in their security posture and share them with stakeholders and compliance authorities. It measures risk along the dimensions of blast radius, attack surface reduction and business criticality.

● Xshield provides a unique implementation approach for zero-trust microsegmentation that accelerates the time-to-value. It provides immediate security gains with enterprise-wide controls and ongoing incremental improvement using granular application-specific controls, allowing security leaders to demonstrate quick returns on cyber initiatives, with value realization within 90 days.