Skybox Security Suite is a collection of tools built from the ground up around a common platform.
There are two specific areas of focus in this market space: security policy management and vulnerability visualization. Skybox covers both. The Skybox Security Platform offers total visibility of the attack surface with security modeling, simulation and analytics. It automates and orchestrates workflows with a combined variety of information.
When addressing compliance, Skybox uses three separate engines that calculate compliance standards against either devices or network access to show the violations of these controls. Configuration policies are built between a combination of CIS benchmarks and vendor standards and references checks that come out-of-the-box. In fact, built-in mapping frameworks can focus on PCI and NIST benchmarks, although, these are a starting point and not currently up to date. Therefore, users should expect to configure these to take ownership of their network. Once configured, these can be set to validate controls based on what the user’s intent and needs are. If a control is violated, it is possible to see into the configuration and where on the network it occurred.
Another form of validation Skybox performs is that of the rule policies used for best-practices. This will help users remove controls that are too broad or redundant to reduce the complexity of their risk management process. The policy engine looks at the review data rules on an ongoing basis and can send tickets out for lifecycle management and recertification of rules. This is ideal for larger organizations seeking proactive rule management and review.
Policy changes are tracked for users because change management is an important part of compliance. The change manager integrates a workflow analysis on the backend to do risk assessment of changes while they are still in a proposed state. Overall, the change manager is a time-saving tool when it comes to proposal and implementation. The integration of the analysis engine and the change workflow in the backend is a huge asset for users looking to simplify their policy management and assessment process.
Skybox imports vulnerability data and shows how vulnerabilities will be exposed within a new portion of the network if a change control is implemented. This is a key activity of risk analysis. Once all changes in a ticket have been approved, analysts may observe the changes to the firewall and compare it them to the vulnerability data. Prioritization is at the core of this vulnerability control mechanism and covers the entire change lifecycle.
We got to look at the user interface for Skybox’s new web GUI. It has several dashboards ranging from overview dashboards to change tracking and more specific. All dashboards were very colorful and organized in their layout, making them intuitive and user-friendly. The dashboards are drillable and their view is fully customizable with sorting needs. The Remediation Center view gives users full visibility on how they are doing, where their vulnerabilities are and which ones are critical. Another display, Horizon Interface, offers an executive view of the network map and all geolocations around the globe. This shows how different engines are reporting so that analysts can drill into each one and access all types of vulnerability categories and trending information.
Ultimately, Skybox makes managing policy compliance across multiple vendors a feasible task. By taking information from a variety of different sources, Skybox gives users visibility on what they have in place, even across very large networks.