Skybox View Enterprise Suite v7.0
Strengths: The network-level tools and analytics and the visualisation capabilities.
Weaknesses: Would like to see this tie to more policy and compliance, even from a reporting aspect.
Verdict: A great IT risk tool empowering the people side of security.
SummarySkybox Risk Control is part of Skybox View, a complete portfolio of proactive security risk management solutions that automatically find, prioritise risks and drive remediation in a large or complex network before an adverse event occurs. It is sectioned off into two main components: network security management, that includes change management, policy compliance and optimisation/clean up; and vulnerability and threat management, that includes remediation, analysis/prioritisation and discovery. This tool plays in the IT risk management space.
Skybox provides comprehensive visibility of the security infrastructure and builds a virtual model of the network by collecting data from nearly 80 network and security devices and information sources. Skybox imports configuration logs and relevant data from firewalls, routers, IPS, vulnerability scanners, patch management systems, threat information feeds and security management systems. Skybox normalises and correlates the data updating the model continuously so the data is current without impacting the live network. Skybox runs IT risk assessments from the attacker's point of view and creates reports to show PCI DSS, NIST, NERC and compliance with other policies and best practices. Skybox give security teams the intelligence and network visibility needed to eliminate attack vectors and safeguard business data and services. The solution provides a context-aware view of the network and risks that drives effective enterprise-scale vulnerability and threat management, firewall management and compliance monitoring.
The product is easy to get up and running and provides valuable information in short order. The visualisation and analytics capabilities are powerful. The workflow tools help configure and collect information and then manage that information once in hand. Skybox has a strong vulnerability offering, starting with its own vulnerability database and then taking feeds from most of the common platforms, including active scan technologies. This tool take a different approach from the assessment-driven tools and collects all of its data off the network and compares it to the policies the user establishes. The what-if capabilities and attack vector analysis are a critical tool for any security analyst and this product delivers a lot of capabilities. There are some great search and drill-down tools that can help users rank, measure and prioritise risks. Part of the what-if capability is the ability to test changes through the change control module, allowing for a risk and vulnerability exposure mapping to be reviewed prior to making physical changes. Skybox also comes complete with an integrated ticket/workflow module to manage the remediation process (as well as integrate natively with most common platforms). The remediation centre provides a good way to manage the vulnerability lifecycle. Users can also tie specific vulnerabilities to IPS signatures, helping determine which ones should be in monitor and which ones to set up to block.
The Skybox solution provides a flexible, three-tier architecture with one or more data collectors, a centralised server and a management interface. The solution is typically deployed as enterprise software, as a preconfigured hardened appliance or run as a VM on either Windows or Linux operating systems. The software modules are licensed separately.
There are two levels of support available: standard is eight-hours-a-day/five-days-a-week and premium 24/7. The pricing is 18 percent and 22 percent of net license and hardware price. Both options include phone, email and website aid options. Prices are US-based, thus indicative only.