The offering delivers proactive security risk management solutions to prevent cyber attacks and data breaches and maintain IT compliance. The suite enables continuous monitoring of security controls, vulnerabilities and risks, and includes predictive analytics to proactively assess the risk of attacks, and deliver intelligent, actionable security recommendations to make existing defenses more effective.
The solution is delivered as on-premise software or as an appliance. It is usually deployed in a three-tier architecture with one or more data collectors, a centralized server and a management interface. It is typically deployed as an enterprise software solution, a preconfigured hardened appliance or run as a VM on either Windows or Linux operating systems.
The product is designed to bring the human element back into security and risk, which is a good thing. Skybox delineates the network security controls by mapping the network, gathering configuration information and looking for compliance in those configurations. To provide complete visibility of the security infrastructure, the tool builds a virtual model of the network by importing configuration logs and relevant data from firewalls, routers, intrusion prevention system (IPS), vulnerability scanners and patch management systems. Skybox Security integrates directly with more than 70 network devices, management systems and threat information services. Additional device integration is provided through the platform's open API. This integration also supports the vulnerability discovery function. Skybox also houses roughly 37,000 vulnerabilities in its threat dictionary.
There is an integrated change management capability that ties directly into the ticketing system workflow. One has the ability to run "what if" analysis against policy or configuration changes, and can see a reachability report resulting from the proposed changes. There is some programming that goes into building out the ticketing system templates to support the feature. In addition, a scan-less vulnerability detection feature gives users an option to gather data without agents. The "attach simulation tool" is a clever feature, allowing the analyst to do a real-time risk analysis with a visual representation of the possible attack points and progression of the threat.
Reporting is done well with template and custom report capabilities. The network mapping tools are effective as a visual and allow for drilldown into specific devices and rules that tie to risks. There is an "attack explorer" option that allows users to research from where a threat/attack could come and then test and map out paths to see where it might reach. This tool provides the information needed to remediate potential threats before they actually occur.
There are two levels of support available: eight-hours-a-day/five-days-a-week and 24/7. The pricing is 18 and 22 percent of net license and hardware price. Both choices include phone, email and website options. - ML
This solution will actually give analysts the resources and, more importantly, the time to focus on finding and mitigating risk.