Product Spotlight: Skybox Security Suite - 1st June 2016
Product Spotlight: Skybox Security Suite - 1st June 2016

We have watched these folks almost from their inception and we always have been impressed. Their mission is a rather grand one: manage the security on the enterprise's entire threat surface. To do this, they break down their tool's functionality into vulnerability and threat management. Within these broad categories there are individual modules that work together to accomplish the various tasks required to protect the attack surface. This is one of the very few products that we have seen that takes this comprehensive approach. It is integrated with nearly 100 third-party security tools and has its own built-in vulnerability intelligence feed.

While Skybox, like many similar products, does not do its own network discovery, the tool can consume topology maps in a number of formats. 

Skybox aggregates more than 20 threat and vulnerability feeds. Additionally, you can identify threat origins unique to your organisation. 

We were impressed by its internal vulnerability detection system. It is completely passive and uses the Skybox vulnerability dictionary. The tool contains two separate ticketing systems - one for change management and one for vulnerability management. 

Skybox collectors gather information from switches, firewalls, routers and scanners. These data are fed to the Skybox server where management consoles can see and manipulate the data. The system is agentless and it has APIs for integrating with third-party systems. It deploys as an appliance or a virtual appliance on-premises.

When we looked at Skybox, we dropped into a network topology map that was well-annotated and based largely on data flows. 

We view the ability to do attack simulation as one of the significant indicators of a next-generation tool. Just because an asset is exhibiting vulnerabilities does not mean that it deserves immediate attention. It may be a low priority asset where a high priority asset needs attention now. This form of triaging is critical to seeing where your risks actually lie.

You can perform firewall assurance using the Skybox configuration analysis or you can add in your checks using simple regex commands. The tool helps you perform cleanup on rule sets, in many cases eliminating redundant rules. Workflows are the heart of any of the types of tools that we looked at this month. Without a good workflow management capability, changes don't get made and problems don't get identified. Skybox has an excellent change management workflow. The ability to see the network topology and understand how it is supposed to be working, lets Skybox identify a compromised asset and then pivot off of it to see likely paths that the intruder could have taken. Finally, the Horizon dashboard - an add-in that is provided at no extra cost - shows indicators of exposure on a cool dashboard that quickly calls attention to any problems that Horizon sees.

Vendor Skybox Security 

Flagship product Skybox Security Suite

Price Base price £7,500

Web skyboxsecurity.com

Description This tool manages the security on the enterprise's entire threat surface.