Skybox Security Security Suite
Strengths: Very good functionality with solid control over its functions.
Weaknesses: Depending on your view, the use of passive vulnerability scanning might be a weakness. Remember, though, that the tool combines passive scanning with attack simulation giving users a risk-based view.
Verdict: While we are unsure of the actual performance – since we saw only a canned demo – this looks like a solid enterprise tool. This should not be passed over if you are considering a vulnerability management application. It is slick and very comprehensive.
Skybox Security Suite is many things besides vulnerability management and, perhaps, that is a major strength. Many of the modules interact in such a manner that the overall management of vulnerabilities - particularly analytics - is enhanced significantly. However, we were a bit disappointed with our evaluation. Everything that we were presented was pre-done. It was a lot like walking through slideware. Even when we review from a vendor's online demo system, we expect to be able to interact with it and we count on the networks and devices being real. In this case, we simply went through menus as we would a sales demo, which was not very satisfying.
That said, there is a lot to like about Skybox Security Suite. It is extremely feature-rich. However, that comes at a price. Configuration and management are not easy. It takes time and a good understanding of one's environment and the Skybox infrastructure to get the most out of the tool. Vulnerability control is one of several aspects, including ChangeManager, FirewallAssurance, NetworkAssurance and ThreatManager. All of these work together to give a broad picture of the state of the enterprise from a risk perspective. VulnerabilityControl and ThreatManager are part of the vulnerabilities and threats part of the platform, while the rest are classed as the security policy management piece.
The vulnerability management functionality uses passive scanning. In other words, quoting from the user guide, it uses "scanless deduction of vulnerabilities and attack simulation." The jury is still out somewhat on the effectiveness of passive vulnerability assessment. There certainly are advantages in terms of disruptiveness, safety (since certain kinds of attacks that would bring the system down never need be used) and the ability to scan 24/7, but, as well, there are questions about missing vulnerabilities. The attack simulation, though, is a major step in making passive scanning more reliable. Skybox uses a vulnerability dictionary comprised of vulnerability and threat data from its own labs and the labs of accepted industry resources.
We ran the Skybox installer in our VMware environment with no trouble at all. When we were set up and launched we had the ability to launch the demo model, which we proceeded to do. Going through the model it was plain that we were using a very powerful system. However, there was a lot about it that we could not test. For example, the specification shows that the tool supports a huge number of third-party products, but we had no way to test that.
The dashboard is what one would expect and it has a lot of options. Everything is under four main tabs: summary (the landing page), discovery centre, analysis centre and remediation centre. The discovery centre is the starting point. Everything in the enterprise should be discovered and displayed here. There are some quick eye-catchers here besides the graphs. For example, there is the last reported vulnerability occurrence, which shows vulnerabilities discovered over various periods of time. This along with the top new vulnerability occurrences by definition gives quick insight into the health of the enterprise.
The analytics centre shows details and metrics about vulnerabilities and exposures with good graphics and drill downs while the remediation centre helps admins track remediation against SLAs. Returning to the options tab, users have a collection of tools that can be used to tune the information in the other tabs. The data in the other tabs also is shown in summary and on the options menu one has the opportunity to tune all of the settings in the tool.
This appears to be a powerful set of capabilities and it certainly is priced right given its feature set. The website is very good with the resources one would expect. One interesting piece is its end of life policy. This is something most vendors ignore - until users receive an email that says their version is being fazed out so they'd better buy the latest. There are several levels of support from basic no cost to full premium support (at a cost, of course) and professional services.