Skybox View Enterprise Suite v6.5
Strengths: Substantial attack explorer tool; great analyst toolset; risk dashboards
Weaknesses: A bit light on compliance content
Verdict: This solution will actually give analysts the resources and, more importantly, the time to focus on finding and mitigating risk
Skybox View Enterprise Suite v6.5 is a complete portfolio of proactive security risk management solutions that automatically find and prioritise risks and drive remediation. It enables continuous monitoring of security controls, vulnerabilities and risks, and includes predictive analytics to proactively assess the risk of attacks, and deliver intelligent, actionable security recommendations to make existing defences more effective.
The solution is delivered as on-premise software or as an appliance. It is usually deployed in a three-tier architecture with one or more data collectors, a centralised server and a management interface. It is typically deployed as an enterprise software solution, a preconfigured hardened appliance or run as a VM on either Windows or Linux operating systems.
Skybox View is designed to bring the human element back into security and risk. It delineates the network security controls by mapping the network, gathering configuration information and looking for compliance in those configurations. To provide complete visibility of the security infrastructure, it builds a virtual model of the network by importing configuration logs and relevant data from firewalls, routers, intrusion prevention system, vulnerability scanners and patch management systems.
The suite integrates directly with more than 70 network devices, management systems and threat information services. Additional device integration is provided through the platform's open API, which supports the vulnerability discovery function. Skybox also houses roughly 37,000 vulnerabilities in its threat dictionary.
It incorporates vulnerability content with intelligence about the likelihood and severity of potential attacks and runs IT risk assessments from the attacker's point of view to find, prioritise and fix network security risks, vulnerabilities and threats before they can be exploited. The predictive analytics use the collected information to deliver a risk assessment, including risk prioritisation and remediation planning.
There is an integrated change management capability that ties directly into the ticketing system workflow. One has the ability to run 'what if' analysis against policy or configuration changes, and can see a reachability report resulting from the proposed changes. There is some programming that goes into building out the ticketing system templates to support the feature.
Other features include scan-less vulnerability detection that gives users an option to gather data without agents, and 'attach simulation toll' that allows the analyst to do a real-time risk analysis with a visual representation of the possible attack points and progression of the threat.
Reporting is done well with numerous template and custom report capabilities. The network mapping tools are effective as a visual and allow for drilldown into specific devices and rules that tie to risks. There is an 'attack explorer' option that allows users to research from where a threat/attack could come and then test and map out paths to see where it might reach. This tool provides the information needed to remediate potential threats before they actually occur.
There are two levels of support available: eight-hours-a-day/five-days-a-week and 24/7 for 18 and 28 per cent of the licence and hardware price respectively.