Meeting the latest cybersecurity requirements at enterprise scale.
Yesterday we celebrated an important milestone in Telos’ corporate history: the general availability of Xacta.io™ — the next generation of our renowned cyber risk management platform.
I recently wrote about the rich 20-year history of Xacta® including a look at the industry trends and customer requirements that led to its development. Xacta.io is a direct response to the latest of these trends and to the pressing needs of the cybersecurity community.
Beyond the powerful cyber risk and compliance management capabilities that Xacta has always offered, security-conscious organizations can now do more with the security data they already collect — blending it with other types of data such as threat intelligence, content, and controls to gain the insights they need to make threat-informed risk decisions.
The new Xacta.io platform leverages leading development techniques and technologies to ensure massive scalability, easy access to more types of data at hyper scale, and the ability to deploy in any environment – cloud, on-premises, and hybrid.
Though compliance management remains a core mission, Xacta.io isn’t just for automation of authorization activities. Xacta.io will offer much more advanced capabilities, leveraging vast amounts of security and compliance data at scale to enable informed decision-making around cyber risk and compliance management.
Ultimately, Xacta.io will be a flexible platform that supports a broad range of modular services and pre-packaged applications that meet our customers’ requirements for cyber and information security, including:
- Asset Management: Account for cloud-based and on-prem hardware and software inventory, their physical and logical environment, and their configurations to help select the relevant security controls.
- Vulnerability Management: Ingest data from leading third-party on-premises scanners and firewall logs and from cloud security services to identify trends, make comparisons, and report on findings.
- Compliance Management: Map asset and vulnerability management data to controls frameworks as needed and conduct compliance campaigns to assess administrative and procedural controls, as well as harmonizing controls across commonly used frameworks and standards.
- Risk Management: Assess static risk based on asset inventory, configurations, vulnerabilities, and compliance posture as well as managing threat-informed risk by blending risk data with threat intelligence data and playbooks in workflow-driven processes.
- Remediation Management: Gain the information needed to respond and take the right actions at the right time in the face of threats and incursions and to monitor the status and effectiveness of remediation efforts.
Xacta.io: Engineered for Massive Security and Compliance Data at Scale.
Xacta.io has been developed using a microservices-based architecture and a modern tech stack, allowing for massive scalability. The microservices architecture offers more granular functionality segmentation, allowing organizations to select which functionality they want to use and expand over time as they choose.
The new Xacta.io platform also includes containerization technology that enables Xacta.io to be deployed in any environment — on premises or in any cloud that you choose.
Xacta.io offers an open API to enable partners to easily integrate with the platform. This makes it very easy to feed different types of data from any source such as scanners, agents, and various data into Xacta.io to support any number of security risk and compliance management functions as Xacta.io evolves.
What to Expect with the GA Release.
The initial release focuses on capabilities for asset and vulnerability management. Xacta.io will largely replace Xacta Continuum® by the end of this year and will offer even more powerful features to assure continuous assessment of your security and compliance posture on premises, in the cloud, multi-cloud, as well as hybrid environments. It offers a dashboard that allows organizations to make better use of their asset-related data via highly intuitive visualization techniques. The dashboard will also offer a number of widgets that are specific to Xacta 360. The dashboard will quickly evolve over time to include more visualization widgets, ad hoc reporting, and analytic features to assist with decision support.
In December, the Xacta.io integration with Xacta 360 will be enhanced to support assessment and authorization requirements such as automated asset inventory, auto-testing and continuous monitoring for NIST RMF and FedRAMP.
In time, Xacta 360 and Xacta Compliance Campaign Manager functionality will reside on the Xacta.io platform. And, Xacta.io’s dashboard, its ability to ingest new data types, its analytics functions, and other capabilities will enable Xacta.io to function as an enterprise cyber risk management platform for organizations that do not have an authorization requirement.
We are excited about bringing the next generation of cyber risk management to government and business customers that operate at an enterprise scale. Please let us know if you are interested in learning more about Xacta.io.
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.