Skybox Security Skybox 4000 v1.0
June 01, 2010
starts at $9,000 for software subscription and increases per licensing option selected
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: This product offers great modeling with a strong correlated controls view, great simulator and graphical views of risk.
- Weaknesses: The only drawback is the lack of real-time analysis. This is an after-the-fact risk analysis tool.
- Verdict: A great operational risk tool that has everything you need to measure, manage and enhance your enterprise security posture. We make this our Best Buy in this group
Skybox 4000 v1.0 is an operational risk management platform that collects data from various network assessment tools and security products, normalizes that data into a single, common-view user interface, and provides risk analysis tools to map out risk and remediation options.
The product works by importing the configuration data from all the various network and security solutions deployed in the enterprise. The admin defines the targets for data collection using the web-based user interface. The list of supported devices should cover most environments. If your product is not supported, Skybox supports APIs for adding more collector tasks and for providing data to portals and external workflow/ticketing systems. Using the configuration data, Skybox creates a network map based on the combined and correlated sets of rules. The product automatically normalize the data into its database, building a virtual network model representing the topology and traffic rules. Skybox then overlays data from vulnerability scanners to create the risk analysis.
The user interface is a menu-driven web-style interface. Capturing configuration data from devices can be automatic or manual depending on the device. We really liked the normalized view of all the combined configuration information. This feature can allow a security team member that may not be familiar with all the various point interfaces to see a consolidated set of security rules in one common, easy-to-read screen. There is a very nice simulator feature that allows you to "test" configuration or rule changes and picture what those changes would do to the overall enterprise security posture.
The product is sold as client-side software and deploys on Windows or Linux server platforms. There is a server component, including a backend database, a client-side Java-based client, and collectors for the collection of network data.
Eight-hours-a-day/five-days-a-week support is included with the product and additional 24/7 options are available for a fee.
This is a real nice operational risk management tool. It gives admins a complete, easy-to-use view of risk and truly helps with remediation decisions. The only drawback is that it is an after-the-fact tool and not a real-time analysis tool.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards