TrACE Shield

Most vulnerability management tools are designed to identify and report technical risks. However majority report risk in catch-all categories such as Low, Moderate, Important, or Critical. Unfortunately, some “Criticals” present more risk than others, and most vulnerability assessment tools leave audiences wondering which “Critical” items should be prioritized and addressed first in their environment. Without time-consuming analysis and significant practical industry knowledge, it’s impossible to know where to start.

TrACE Shield

TrACE Shield uses existing investments within an organization that can provide asset information to uniquely identify and enrich the data gathered for an asset. Using out of the box connectivity engine, it gather all related information from existing telemetry in the organization to first, uniquely correlate the assets based on discovered information, de-duplicate repeated assets and then correctly communicate the vulnerability risk using indicators that can be easily understood, measured, and acted upon. In the other words, TrACE Shield builds a clear inventory of your company’s systems and applications by linking asset information from your existing investment such as CMDB, asset management, IPS/IDS, AV, etc. Once correlated, it then allows business users to view the actual business risk of the technical vulnerabilities in order to prioritize the needed remediation.

Benefits for clients

  • Simplify audit and regulatory reporting
  • Ability to quantitatively analyze increased security risks
  • Early detection of privilege misuse or excessive access rights
  • Ability to centrally define, measure and enforce corporate security policies
  • Single point of control all accesses regardless of the application components
  • Centralized UAR and SoD for partners, vendors and internally or externally host applications
  • Streamline review process and flexible reviewer logic
  • Built in delegation and workflow engine
  • Plug-in for to commercial apps such as ServiceNow and AD for deprovisioning accounts


  • Ability to meet legal regulations and standard
  • Deterministic means to evaluate operative risk
  • Identify and account orphan and service accounts
  • Drive efficiency on provisioning and deprovisioning of accesses
  • Account and identity reconciliation
  • Data history and corporate wide trend analysis
  • Automate access controls for continuous monitoring

BENEFITS FOR system integrators

  • Connecting account provisioning and deprovisioning through TrACE Identity
  • Complement any of the existing IAM service
  • Allow integration of the workflow into SoC service queues
  • Inbound/Outbound API connectors for both provisioning and de-provisioning
  • Provide independent advise on intended privileges vs actual entitlements
  • Identifying abnormal access rights through “Role Mining” feature
  • Reduce the risk and cost of compliance
  • Remove complexity of meeting regulatory compliance such as SOX, PCI, HIPAA, GDPR, etc.
  • Minimize the time spend on dealing with audits
  • Integrate account access and removal
  • Detect policy violation on internal/external assets
  • Account reconciliations
  • Deliver operational effectiveness