|[July 17, 2012]
Skybox Security Introduces Next-Generation Vulnerability Management Solution
SAN JOSE, Calif. --(Business Wire)--
Skybox® Security, the leading vendor of proactive security risk
management solutions, today announced a 'next-generation' solution for
vulnerability management that detects network vulnerabilities in an
automated and non-disruptive manner, without an active scan, as well as
security metrics to measure the magnitude of the attack surface and
track effectiveness of remediation tasks. The new technologies are
embedded in Skybox Risk Control 6.5, the first integrated vulnerability
management solution that combines the capabilities to discover
vulnerabilities, prioritize risk automatically, and drive remediation
Vulnerability scanners have been the primary tool to identify network
vulnerabilities for the past 15 years. However, a June 2012 Skybox
Security survey of enterprise Vulnerability Management practices
revealed that enterprises don't scan as often as they would like, due to
potential network disruptions, non-scannable hosts, and a lack of
resources to analyze vulnerability data or apply patches more frequently.
"Enterprises rely heavily on active vulnerability scanning as the
primary way to determine and minimize the risk presented by
vulnerabilities in the IT infrastructure," said Gidi Cohen, CEO at
Skybox Security. "Unfortunately most enterprises respond to scanning
headaches by adopting a 'round robin' scanning approach that assesses
only a small portion of their infrastructure on an infrequent basis.
This may lead to fewer disruptions, but leaves a large window of risk
exposure that is wide open to data breaches and attacks."
Available in September 2012, Skybox Risk Control 6.5 with Vulnerability
Detector consolidates data from multiple sources, including Microsoft (News - Alert)
Active Directory, Microsoft System Center Configuration Manager (SCCM),
Windows Server Update Services (WSUS), and more. Using Skybox's
patent-pending Rule-driven Profiling technology, Vulnerability Detector
derives an accurate list of vulnerabilities without actively probing
"We have been using the Skybox solution to identify vulnerabilities
directly from Microsoft WSUS dta without a scan, and then prioritize
vulnerabilities and critical patches. We are pleased that this
capability has been integrated into the Skybox Risk Control 6.5
product," said Alejandro Villar, CISO at Repsol, a Spanish oil and gas
This scanless discovery approach can be used independently or in concert
with a traditional vulnerability scanner. When used together, Risk
Control augments weekly or monthly active scans with continuous updates
from Vulnerability Detector for highly accurate and up-to-date security
Skybox Risk Control 6.5 also minimizes the security analyst time
required to evaluate vulnerabilities and plan remediation steps. Attack
Simulation performs a virtual 'penetration test' in minutes to find all
vulnerabilities that can be exploited, taking into account all possible
attack vectors, available vulnerabilities, network topology, security
controls, and the value of assets. Remediation suggestions are generated
automatically, and security managers can track operational response with
new endpoint security KPIs (Key Performance Indicators).
"Attackers are becoming increasingly sophisticated, improving their
ability to find and exploit security weaknesses quickly within an
organization's network," said Anton Chuvakin, research director at
Gartner (News - Alert). "Vulnerability assessment technology is an integral component
of an organization's security infrastructure and if used properly and
frequently can help mitigate critical vulnerabilities ahead of an
Key benefits of Skybox Risk Control 6.5:
Performs non-intrusive vulnerability detection - uses system
configuration repositories and rule-driven profiler to derive
vulnerability data without an active scan, so enterprise risk is not
dependent on infrequent "scan windows"
Provides daily assessment of vulnerabilities - continuous
assessments and visibility requires less management time and delivers
greater network coverage
Reduces risk exposure - up-to-date information from highly
accurate data sources shrinks risk exposure levels by shortening the
time between identification of a vulnerability to remediation
Integrates vulnerability management processes - links
assessment, risk and exposure analysis, prioritization and remediation
Easy to deploy and manage - connect to one or a few available
data repositories, eliminating the need to touch every endpoint
For more information on Risk Control 6.5 and all of the Skybox Security
solutions visit www.skyboxsecurity.com.
About Skybox Security, Inc.
Skybox Security, Inc. is the leader in proactive security risk
management solutions, providing automated, non-intrusive tools that
detect, prioritize, and drive remediation of critical risks such as
exposed vulnerabilities and firewall configuration errors. Skybox
solutions prevent potential cyber attacks and data breaches by providing
IT decision makers with continuous network visibility and sophisticated
security analytics. Organizations in Financial Services, Government,
Energy, Defense, Retail, and Telecommunications rely on Skybox Security
solutions daily to reduce risk exposure, implement secure change
management processes, and achieve continuous compliance. For more
information visit www.skyboxsecurity.com.
NOTE: Skybox® Security is a registered trademark of Skybox Security Inc.
All other registered and unregistered trademarks herein are the sole
property of their respective owners. Product specifications subject to
change at any time without prior notice. © 2012 Skybox Security, Inc.
All rights reserved.
[ Back To TMCnet.com's Homepage ]