Skybox Security Skybox Risk Control
Strengths: Interesting and powerful new approach to threat management.
Weaknesses: Relies heavily on external data sources.
Verdict: Large enterprises and high risk environments will likely get excellent use out of this product. Administrators of smaller, low-risk networks will liekly find it to be overkill.
Skybox Risk Control from Skybox Security approaches vulnerability management from a different direction. Focusing more on total risk than individual threats, this product analyzes networks in a holistic manner, enabling security teams to first remediate threats to hosts that could cause the most damage rather than relying solely on criticality ratings.
Product setup was simple and straightforward. After unboxing and racking the appliance, we connected a keyboard and mouse and ran through the initial network setup wizard. We then connected to the device through a web browser and downloaded the client application.
Skybox Risk Control is comprised of a central server, a series of data collectors and the client application used to manage the system. It is available as individual software components or a hardened physical appliance. While the server and collector components can be installed on either Windows or Linux platforms, the client portion is a Windows-only application. User authentication can be handled internally or via the product's SiteMinder, RADIUS or LDAP integration features. Rather than performing vulnerability scans itself, the product imports data from system management tools, such as Microsoft's WSUS and System Center; vulnerability scanners, such as Nessus; and other tools, and analyzes that data comparing it to its own Vulnerability Dictionary. This is an important point: This solution is not an all-in-one vulnerability scanning and management system. It uses third-party data to perform risk analysis. We found this to be a potentially powerful approach, but users should be aware that they will need to have tools to generate that data in place before making use of this product. Coupling that data with the product's network mapping and attack simulation tools allows it to perform a risk analysis. The network risk analysis combines impact ratings from CVSS scoring with the product's own attack simulations to automatically determine risk, making it easier for security teams to remediate vulnerabilities based on risk to the enterprise, rather than relying on pure severity ratings. Once this analysis is complete, it generates a list of recommendations, such as IDS deployment, system patching or configuration changes.
Skybox offers excellent product documentation for this tool. And, the company offers two tiers of support: The standard package provides for phone and email assistance during normal business hours, as well as access to an online knowledge base and support portal. The premium upgrade includes all the options of the standard package, but expands the phone and email hours to 24/7. Skybox also offers a series of professional and deployment services designed to assist subscribers in all aspects of the installation and use of the product.
Skybox Risk Control starts at $13,300, which includes the Skybox 5000 appliance, Vulnerability Dictionary content updates, and 100 12-month subscription licenses. Standard support is priced at 18 percent of the net cost, while the premium upgrade will cost subscribers 22 percent of net.