Have more questions? Contact us!
Data Collection and Handling
Can I create custom benchmarks? How can I check the specialized requirements of my organization?
Custom benchmarks can be imported into Xylok and used just like any other default benchmark, including running any commands you might need and any post-processing necessary. If needed, Xylok personnel are able to help with this process.
Can I modify the scripts?
The scripts are produced by the Xylok Scanner on-demand from the “check commands” you enter for each benchmark check. For example, if the benchmark check requires you to verify the owner of the
root, the command would be:
ls -la /etc/shadow
Using the web interface, you can add, remove, and update commands, all without having to worry about the details of the data collection script. In addition, when new versions of benchmarks come out your commands will carry over if they still apply.
How do you handle applications that require a username and password? (i.e., an Oracle database)
Benchmarks that require additional information can ask for the information in advance or collect it when the data collection script runs. In the case of sensitive items like passwords, the data collection script will generally display a username and password prompt, ensuring that information is never stored in a central database. Xylok has a lot of flexibility in this area–if you have any questions or concerns, please ask!
How do you handle classified data?
If you are using an on-premise installation of Xylok Scanner, all data remains on site at the classification you and your SCGs require. If you contract Xylok LLC to perform an assessment for you, we can perform all data collection and analysis on-site, ensuring no classified data leaves your location.
How do you handle network equipment?
Xylok Scanner can ingest the output of a few select commands run on your switches and routers and post-processes them to allow analysis and reporting through the same interface as all other devices.
How do you not install anything on my systems?
Xylok Scanner’s data collection capabilities are built around operating system commands. The only items from Xylok that will ever touch your systems are human-readable command line scripts. For Unix-like systems a Bash script handles all data collection. Windows-based systems have DOS Batch or Powershell scripts and occasionally DISA-approved supporting executables like
dumpsec, depending on the exact version of the system under test.
For analysis and reporting, Xylok operates on a system completely disconnected from your network, ingesting results files output by the data collection scripts and transferred via CD.
Analysis and Post-processing
Is there any automated analysis? How does auto analysis work?
Yes! As you analyze your results–marking whether specific checks are findings or not–, Xylok will create a record of your markings tied to a specific output for that check. In the future, when Xylok encounters the same output on a check it can automatically mark it the same way and add the same comments.
This helps in two ways:
- For repeat scans of the same machine, if a particular setting didn’t change your engineers won’t need to look at it again. RMF continuous monitoring suddenly becomes instantaneous! Run your scans as often as your organization requires and you can know when your compliance status changes with no effort.
- For the same benchmark on a different machine, if the check result is the same as an already-analyzed machine it can be automatically marked. If you have 20 Windows 10 machines that should all be configured similarly, you’ll only need to look at the settings which change between them. On that note, Xylok makes it easy to compare the statuses of two machines.
What scripting language does post-processing use?
Python 3. We don’t require you to learn a domain-specific language, custom XML, or other obscure information. You have access to the full Python 3 library directly in your script, letting you manipulate the raw results into a format that best suits your needs.
Xylok as a Company
Can I perform all work in-house or do I have to contract Xylok personnel?
You can do either one. Xylok Scanner can be purchased as an on-premise installation for use by your own people or you can have Xylok, LLC come in and use the Xylok Scanner to assess your network. Please contact us to discuss what might work best for you!
- How is Xylok Scanner different?
Are you a certified ASCA? What ASCA licenses does Xylok hold?
Xylok, LLC holds both a General ASCA license for the Air Force and a Special ASCA license for Air Force Space Command. If you’re in the Air Force or fall under AFSPC and need certification, contact us. More information can be found on our press release.
Is the Xylok Scanner accredited?
The disconnected nature of the Xylok Scanner (see “How do you not install anything on my systems?”) means Xylok does not need an official accreditation. We will never touch your network with our system beyond what one of your own personnel could have run by hand.
What do we not do?
We don’t believe in selling you something that doesn’t meet your needs. You can see the things we do do on our Features page. We do not (currently):
- Perform vulnerability testing or patch level testing
- Examine IAVMs, currrent CVEs, and other similar resources
These are all fantastic resources for taking your cybersecurity posture to the next level, but don’t address the fundamental issues of basic security configurations on your network. Make your foundation stronger with Xylok first.
How do I maintain Xylok? How do I get updates?
If you have an on-premises installation, Xylok Scanner updates are delivered as a single Bash script that handles all necessary steps for you. STIG and other benchmark updates can be imported directly into Xylok through the web interface.
How do the STIGs and other benchmarks get updated?
The hosted version of Xylok Scanner automatically pulls in new STIGs nightly. Internally, it determines the changes from the previous version of the STIG and, where possible, ports the commands used for checking the old version to the new. Any changes or additions to the STIGs or other benchmarks are examined by Xylok personnel.
If you have an on-premises installation, updates to STIGs and other benchmarks can be delivered based on your needs.
Time and Resource Savings
How does this save people, time, and resources?
Xylok Scanner is designed to automate the most time-consuming portions of compliance testing:
- If two machines are identical, don’t make the user repeat work
- Make comparison between machines or over time a breeze–no need to manually compare spreadsheets
- Make mapping benchmark checks to RMF controls and CCIs a breeze
- Don’t require them to manually transfer data from scan results into eMASS–Xylok will generate the import spreadsheet for you
- No need for STIG Viewer or a separate tool for looking at RMF controls and CCIs
Beyond that, Xylok will be a one-stop shop for all your needs. If your organization currently relies on SCC or Nessus to do your compliance checking, you also have your personnel hand-checking each system to collect data those products miss and check for any false positives. Xylok’s goal is to eliminate that time sink.
Learn more over on our features page.
How many people can work on Xylok at once?
As a web-based application, anyone with network access to the Xylok Scanner can use the website to perform setup, analysis, and reporting. Data collection scripts can be produced and run simultaneously on all the systems on your network.
I have hundreds of devices on my network! Is Xylok Scanner and the Xylok team able to support that level of work?
Definitely. Xylok Scanner is a web-based application, meaning your whole team can access it to upload results, analyze, and report out at the same time. If you have Xylok personnel performing an assessment for you, the Scanner enables us to handle the work with a team far smaller than you’re used to.
Why wouldn't I just use Nessus/Security Center/ACAS?
Nessus and Security Center are ubiquitous tools in the cybersecurity world. The Nessus solution looks at much more than compliance, requires an install for most of their solutions. The tool can be difficult to learn and requires highly talented people to get the most out of it. Xylok’s goal is to let anyone check your system’s compliance.
We have a more detailed comparison available.
Why wouldn't I just use SCC/SCAP?
The SCC tool is designed to provide a binary answer and score your machine. The Xylok Scanner is designed to show you exactly how your system is configured without having to physically sit at the machine.
We have a more detailed comparison available.
What are the computer requirements to run Xylok Scanner?
For users of Xylok Scanner, the only requirement is a web browser. To run the server, an on-premises installation of Xylok Scanner runs on top of Docker and requires less than 1GB of RAM and 1GB of disk space. A multi-core CPU is recommended although not required.
Depending on your organizational preferences, Xylok Scanner could be installed directly on existing equipment, on Xylok-supplied hardware, or inside a virtual machine.
What does the learning curve look like?
It helps to be familiar with some of the terms and concepts from the compliance. Beyond that, the Xylok Scanner was designed to be used by engineers with only limited experience with low-level testing. In addition, Xylok provides extensively-tested instructions that allow personnel of all experience levels to utilize the system.