Skybox Security offers two methods to install Skybox Security Suite; they consist of a single-box testing installation and a multi-box production installation. The single-box installation is mainly suited for testing and demonstration purposes. Although it's technically possible to run a single box in a production environment, this is generally never a best practice. The multi-box production installation is what most companies will utilize, as the Skybox Security Suite and collector are both installed on a server, with the client manager on a windows machine.
We installed the single-box configuration, which had a demo included. This demo includes a pre-built organization with networks and machines. Before logging into the Skybox Security Suite, you must select one of four software modules that you want to access. Unlike other products having one dashboard to separate modules within their software suite, these dashboards are separate from each other. We selected the Skybox Vulnerability Control module which then prompted us to select the license file. We added the license and logged into Vulnerability Control with no issues. After verifying that setup was successful, we decided to call it a night and run our tests the following morning. However, the next day when we logged into Skybox Vulnerability Control, we received a license error. We attempted to restart the server services and the machine and after a bit of basic troubleshooting, we contacted Skybox support. We received a response within an impressive 15 minutes. Skybox mentioned that the cause of this could have been from a system clock change. Because of that error, they would have to send us a new license file.
We received the new license file quickly, and after updating the license file we could now login successfully. This product is very comprehensive, with many options to pick from in the management dashboard. However, there isn't an option plain and clear that states "scan my network", so if you are new to vulnerability management tools you may have to use Skybox's documentation for the initial setup. The documentation is easy to understand and flows well, so you should be able to setup your scans and find vulnerabilities rather quickly. Since this was a demo, there wasn't an opportunity to scan any live networks, but we could see the results of various demo scans.
In the dashboard, you will find four main tabs that include the summary, discovery center, prioritization center, and remediation center. This is where you can review all the information in your environment. The summary includes a discovery center, prioritization, and remediation center which are just high-level overviews of those tabs themselves. The discovery center shows your organization's average scan cycle and last-reported vulnerability occurrence by source. The prioritization center displays a pyramid graph with your risk level including imminent threats, potential threats, and any type of possible exploits. The remediation center displays those vulnerabilities found by SLAs, which includes security metric names, the percentage of that metric in SLA vulnerabilities, the security metric level, and how many assets are vulnerable just to name a few. Skybox does a great job in keeping the graphical data clean and concise. Before generating reports, you also have a wide range of customizability which is always a plus. The generated reports look clean, professional, and formatted in the manner one would expect from a professional report.
Support is included in Skybox's basic subscription cost which includes 8x5 with standard phone and email support; a support portal is also available. An annual subscription for Skybox Security Suite with 100 asset pack of vulnerability control with basic support is $5,250, plus $6,000 for an annual subscription license for the Skybox Server Software which is required.
- Matt Hreben with Dan Cure;
tested by Matt Hreben