Brings in industry-leading prioritization techniques to score risk of vulnerabilities and assets, enhances security policy management automation and further improves user experience
Skybox Security has announced the launch of Skybox Security Suite 10. This latest product version further strengthens Skybox capabilities to simplify enterprise security management processes that oversee mass-scale, hybrid networks.
“The CISO’s biggest challenge is complexity,” said Gidi Cohen, Founder and CEO, Skybox Security. “It has become impossible for security teams to understand — let alone manage — security effectively in today’s multi-cloud, hybrid environments. The development behind Skybox 10 was done with the aim of making it easier to manage security policies in clouds, monitor risks to industrial control systems, and find important assets at risk. We want to help CISOs maximize the value of their teams and their technology to secure and support the business.” added Cohen.
Skybox 10 brings an intuitive, customizable user experience to simplify management of vulnerabilities, security policies, firewalls and changes from a central solution. Cloud and operational technology (OT) security insights are integrated seamlessly for uniform risk management across hybrid networks. Intelligent automation brings harmony and efficiency to multi-vendor environments, integrating data and yielding contextual insight. Customers can also use the new REST API to leverage Skybox intelligence in other tools and processes, increasing their ROI.
Skybox 10 also includes several new integrations including Splunk, ElasticSearch and ServiceNow, as well as Twistlock which provides visibility to the security of containers in cloud-native applications.
The biggest changes are found in the vulnerability management module, Skybox® Vulnerability Control, which just received Best Vulnerability Management Solution at the SC Europe Awards. The new release provides fast access to vulnerability insights through fully customizable dashboards and reports. New, flexible risk scoring allows users to replace generic severity scores with context-based scores unique to their environment; this prioritization method shrinks the workload to focus on exposed and exploitable vulnerabilities — typically less than one percent of an organization’s occurrences.
“Risk scoring is one of those things that’s so simple on its face, but in reality, there’s a hugely detailed process going on under the hood,” said Amrit Williams, VP of Products, Skybox Security. “Our methodology goes way beyond CVSS severity and exploitability, taking into account asset importance, exposure within the network and more. We make it easy to determine which assets are at risk and see if an existing security control can be used to protect against an attack, even without a patch. This is critical to knowing which risks require immediate attention and which ones can wait for scheduled remediation.” Williams added.
“For the last decade, accurate risk prioritization has been the thing that eludes enterprises and can lead to serious damage,” said Michael Osterman, Principal Analyst at Osterman Research. “Having a way to bring the right vulnerabilities — and vulnerable assets — to light with an approach that quantifies exposure and exploitability will be hugely valuable.”