This is, in some regards, the odd product in our bunch. It does not do its own scanning in the sense that other products we looked at do. But don't let that put you off. Skybox is, really, a security ecosystem where every module - not just the vulnerability management one - works with every other to give a complete security picture of your network. The tool's approach to vulnerability management is a sort of hybrid between passive and active scanning. In that respect, it is different from everything we've seen in this space.
First, the tool can consume the outputs of other vulnerability scanners. In addition, it has integrations with just about any other type of security tool you can imagine. That said, this is not a trivial product to deploy. If ever there was a poster product for "know your enterprise and your requirements in deep detail," this is it. You can get tangled up in a hurry if you don't do your pre-work. But if you do, you'll find that the tool installs cleanly.
In many ways, this is a solid intelligence analysis tool. The difference between it and other tools that make that claim is that much of the intelligence - though certainly not all - comes from security devices within the enterprise. If we focus on the vulnerability management, though, we see some unique features. For example, in a discovery scan it identifies the products present on the enterprise. It then compares the revision levels of those product to a list that Skybox keeps - and keeps very current - and assumes vulnerabilities if the products in the enterprise are not up to current patch levels. This, of course, is a valid measurement since a large percentage of breaches are due to unpatched products or products without the current patch level.
Along with patch and rev levels, Skybox also looks at past reported vulnerabilities and any vulnerabilities being reported currently by third-party scanners. There is an Exposure function that develops a risk assessment and plans the resulting remediation requirements.
We installed the server in our test bed and then ran the demo database. This consists of task lists that run in order to expose vulnerability data. The vulnerability data in the demo dataset is the same type of data that you would collect from the various collectors on your enterprise as well as data from third-party sources. In Skybox, just about everything is a task. Most of the tasks are pre-configured but you can set up your own as well.
Navigating the user interface takes a little practice but, although it is mostly intuitive, it requires a bit of moving around in it to find some of the most useful goodies that are buried a few levels deep. That said, we did not find it onerous and when we got a bit of help from support we figured out the roadmap very quickly.
There is way too much to this product to cover completely in our review but you can get a very good idea by looking at the demo data. In there you have every opportunity to run the product as if you had it in production. The demo data load simply is a collection of data from sources typical of those you would find in your own enterprise.
We found the documentation extensive with many screen shots and other useful information. However, even though it goes into detail about the feature set, it assumes that you will derive the differences between it and traditional vulnerability management. We didn't. But a five-minute call with Skybox support fixed that.
No-cost assistance at a basic level is provided and there are fee-based options as well. Although we found the website to be mostly marketing unless you are a registered customer, we did like the collection of use cases that are publicly available.