It is built on a common platform for data collection, network modeling, attack simulation and reporting. Skybox produces a comprehensive model based on network topology, assets, vulnerabilities and threats, and assists in identifying critical security concerns in large networks. Skybox solutions conduct risk and threat assessments and use attack simulation to identify risky access paths and exploitable vulnerabilities.
The product is sold as a software offering with deployment options. All components of the software can be loaded on a single server-class platform of the customer's choosing, on the Skybox 5000 appliance or on a virtual appliance. Operating systems supported for the customer-supplied server include Windows, CentOS or RedHat Linux.
The Risk Control portion automatically correlates vulnerability scan data with information about network topology, device settings, asset values and known threats. Risk Control uses attack simulation to find vulnerabilities and access paths that can be exploited. One can identify, prioritize and eliminate critical risks and vulnerabilities. There is an updated summary page in this version that is configurable, role-based and gives more granular levels of rule definitions. The main focus of tuning this is to deliver a highly prioritized view of risk so that users can most effectively deploy resources. There is a pleasing multitiered tool that provides options for suggested fixes. As well, there is an integrated workflow and ticketing tool for automating tasks. Assets can be imported from other asset management or GRC tools, though there is some work involved in initially setting up and classifying assets.
Skybox natively works with more than 38 vendors and devices, supporting firewalls, routers, switches and intrusion prevention systems. Skybox also provides a web-services API (iXML) to allow quick integration to unique or legacy devices. This integration allows users to easily gather layers 2 and 3 network information and configuration data.
There is a built-in change-management workflow tool and also a threat-management workflow tool. Users can set up their own threats in the dictionary without having to import information from a scanner. Reporting was good and included the ability to track to key performance indicators in a clean dashboard presentation.
The reporting roll-up was powerful, sorting and filtering by vulnerability type, vendor and more. Users also have a tool to perform what-if analysis and modeling-configuration changes prior to putting them into production. Users have a live, a what-if and a forensic work space to perform investigations based on past or other models.
There are two levels of support available: eight-hours-a-day/five-days-a-week and 24/7. The premium option has additional features, such as an assigned technical person with direct dial access. The pricing is 18 percent and 22 percent of net license and hardware price.
Looks at risk from the network aspect. Good tool for enhancing security posture. Very helpful in defining the threat/vulnerability landscape.