Skybox Enterprise Suite is strongly focused on the risk part of GRC. It is heavy in analytics and it creates a model of the network to provide visibility of the attack surface. It imports data from firewalls, routers, vulnerability scanners, etc., consisting of configuration logs and other relevant data. It then normalizes the data for correlation and then applies it to the virtual model to avoid testing on the live production network. This allows identification of misconfigurations, vulnerabilities and access control violations. It uses a three tier architecture - data collector(s), centralized server and management interface - and can run on a physical or virtual machine.
We dropped into the system through a network map that gave us a clear picture of the enterprise including on-premises, distributed and cloud components. This is a top-level picture showing the various sites and some detail in the data center. Drilling down gave us more detail including access routes. These are very valuable when looking at misconfigured network communications devices. Further drill-down got us to the component level and each of the components can be selected to view such things as configuration. The entire operation is graphical and as simple as point-and-click.
We then selected a destination address and were able to see all of the other devices that had access to it as well as the details about those devices. This can be reversed to see what destinations a particular device has direct access to giving a point-to-point source-destination model. As well, we looked at various devices to see their vulnerability occurrences. This is provided on a table that gives the appropriate vulnerability reference - CVE, MS, etc. The use of the point-to-point model is effective for showing what internal devices can be reached from the internet, exposing potential holes in the perimeter. With the perimeter becoming increasingly porous this is a real benefit.
We extended that notion of accessibility to test an access policy between Amazon Web Services and the rest of the enterprise. Next we looked at the level of network assurance. This plays the flows and devices on the network against policies and standards. There is some level of GRC built into the Skybox product so it is not completely devoid of the compliance and governance pieces, but the real strength, as demonstrated in the network assurance report, is risk management.
In this report every individual device on the enterprise is played against policies and standards to determine configuration errors and vulnerabilities. The results are very clear and granular so one can fix discrepancies rapidly and then re-test. Sometimes, because of unintended consequences of a particular configuration, one might want to allow violations of a particular rule - acceptance of risk - and wouldn't want the violation appearing on every report. This can be fixed with the New Rule Exception process. This lets a user accept the risk and there even is a field that presents an explanation.
Building rules and policies is simple and any of the tables created as reports or dashboards can be exported in CSV format. Reports can be emailed automatically to those who need them. Everything in Enterprise Suite is a task, so one builds sets of tasks or can perform them individually from the Operational Console. Users can also set tasks to run automatically from the Daily Run Tasks console, a drill-down from the Operational Console.
Access rules are simple to write and review and there is a process for recertification of policies. There also is a module, called Change Manager, which is the link between workflows and policy actions. The Change Manager can quantify risk of particular rules. Besides running simulations within the model, Enterprise Suite can remediate vulnerabilities and monitor the results. One thing that we particularly liked was the attack map. This lets admins follow an attack between two points and determine how to interdict it.
There is both no-cost and premium support offered and the website is excellent.