Skybox Security’s solution for Vulnerability and Threat Management provides organizations with an automated vulnerability management workflow encompassing comprehensive vulnerability discovery, assessment and prioritization, and remediation and tracking or oversight. It covers on-premises, cloud and OT networks.
Using the context of network, assets, business, and threat intelligence, it accurately determines risk and focuses remediation on the areas that need it most. It analyzes all 10 factors recommended by Gartner for prioritizing vulnerability remediation: severity, compliance, age, location, exploitability, prevalence, asset role, asset value, threats, and network topology. An organization is enabled to regularly query its infrastructure to accurately assess assets and vulnerabilities in dynamic network environments. This helps a company build a comprehensive network model and understand the security landscape by seeing what is in place, where critical data resides, and potential paths attacks may take.
Skybox is vendor agnostic, meaning it imports information from multiple data sources, including its own scan-less technology for vulnerability discovery. Organizations with more than one type of scanner, product system, or blind spots will benefit from this solution because it provides complete and accurate information on which vulnerabilities are putting their organization at risk.
Setup was time consuming and the instructional documentation we were provided was limited. While the interface includes an impressive plethora of extras, including network visualizing, this expansiveness does, however, lead to a steep learning curve.
The Prioritization Center shows imminent and potential threats in a cone graph. Risk is based on exposure and whether a threat vector exists from origin to host. Direct exposure versus indirect exposure is considered in the risk assessment and combined with NIST confidentiality and integrity ranking of assets. Vulnerability density is also factored in. The normalization factor allows the comparison of a group of many assets to a group with few assets as a means of seeing the risk per asset.
Skybox helps companies reach goals by looking at vulnerabilities in the context of the kill chain. This visualization of possible attacks is demonstrated in the Attack Center. These potentialities include details showing the vulnerability method, what the attack looks like, and different possible attacks. These can be further explored for granular occurrence details to ensure focus is where it is needed. Solution data is taken from their dictionary with data from threat intelligence and scanning data to enhance vulnerabilities.
This Vulnerability Dictionary is composed of approximately 92,000 vulnerabilities that have been rated with CVSS V3 scoring. This helps to understand where vulnerabilities are found in the real world, their severities, what platforms they affect, and any malware and exploits. Also featured is a view that allows you to look at IPs and compare signatures against vulnerabilities found within your own environment.
Starting price is $13,300. Support offerings include Standard and Premium options. Phone and email support are offered. Their website hosts a support feature, knowledgebase, and FAQ list.
Tested by Tom Weil