The Xylok Scanner is a one-stop solution for every DISA STIG or other benchmark your organization needs to complete without requiring the Xylok Scanner to be attached or installed onto the network being checked.
Screenshots and more features can also be found on our Features page.
Every Benchmark Integrated
We check every benchmark needed--we don't focus exclusively on one or two operating systems. When an organization purchases a Xylok Scanner license, we deliver an integrated solution for all their benchmarks, including basic OSes, software on those systems, and network devices. For checks that can't be truly automated--such as "ask the administrator" types of questions--Xylok provides a central location to store all of that information.
Track compliance status changes across your network throughout time and between machines.
To accomplish our no-network promise, the Xylok Scanner produces a machine-specific script for every device in your network. For Windows, this means a Batch or Powershell script. For Linux, this means BASH or other appropriate shell for the operating system. For network devices, we present a list of commands for the system administrator to run.
For you, this means everything occuring on your system can be examined by hand if needed--there's no unknown executables being introduced that you need to blindly trust.
Once your data is in Xylok, our deep RMF intregration means we can produce a wide variety of reports that tie directly to your organization's RMF Confidentiality, Integrity, and Availability levels and overlays.
How do we stack up? Also be sure to check out our full Features page for screenshots and more detailed descriptions.
|Deployment Options||Xylok Scanner||SCC||Nessus Professional||ACAS|
|Multiple Users||Multiple users can collect data, analyze, and report on the same instance||
|No install required||Can the software be used without installing and changing the baseline?|
|Benchmarks||Xylok Scanner||SCC||Nessus Professional||ACAS|
|Automatic Benchmark/STIG Updates||System automatically pulls new benchmarks and STIGs as available|
|Built-In Benchmark/STIG Viewer||Ability to see check requirements alongside results||
|DISA STIGs||DISA Security Technical Implementation Guide Benchmarks|
|CIS Benchmarks||Center for Internet Security Benchmarks|
|Custom Benchmarks||Ability to create a unique benchmark for custom devices or applications|
|Execution||Xylok Scanner||SCC||Nessus Professional||ACAS|
|Scan Risk||A "noisy" scan may destabilize your systems||
|Scan Scheduling||Schedule scans to occur at certain days and times|
|Analysis||Xylok Scanner||SCC||Nessus Professional||ACAS|
|Automatic Analysis||Tool automatically determines if your configuration does not match the benchmark||1||1||1|
|Access to Raw Results||Look at the output as if you are still on the computer|
|Post-Process Results||Write scripts to display only the data you need to see||
|Scan Tracking||Compare scans over time and see what has changed|
|Consolidated Results||All of your system machines and benchmarks in one location||
|Analyze Once/Mark Many||Anaylze one machine and benchmark and the database will apply the same status to similar items|
|Reporting||Xylok Scanner||SCC||Nessus Professional||ACAS|
|Multiple Report Formats||Output reports in XML, HTML, or CSV format|
|Checklist (CKL) export||Export data into the STIG Viewer CKL file for sharing with other tools|
|Security Assessment Report||Export directly into a Security Assessment Report (SAR) format used by A2/3/6|
|Plan of Action and Milestones||Export directly into a Plan of Action and Milestones (POA&M)|
|eMASS Export||Export resorts into a format ready to immediately import into eMASS|
|RMF Integration||Create scans and reports based off the CIA level of the system (overlays included)|
1. Auto Analysis gives only a binary 'yes/no' with no view into XCCDF-recommended output