Skybox upgrades security risk management platform

Source: Skybox Security

Skybox Security, Inc., the leader in Security Risk Management (SRM), today announced the availability of Skybox View 4.0 - the Security Risk Management standard.

As a modular and scalable fourth-generation software platform, Skybox View 4.0 helps enterprises accurately pinpoint and prioritize areas of high risk and predict compliance exposures in just minutes. The unique combination of automation and advanced analytics enables enterprises to proactively visualize and eliminate IT security gaps and threats before they can be exploited. With Skybox View organizations can continuously and intelligently protect their irreplaceable brand while saving time and money.

Gartner recommends that IT security organizations link vulnerability management and compliance projects to ensure that compliance spending results in a more secure environment and lower operational cost.[ ] "Organizations should look for ways to improve the maturity of their risk and control programs through analysis and the intelligent application of controls. It's important to manage change in the control environment so that risk posture can be maintained to an acceptable level," added Paul Proctor, Research Vice President at Gartner.

Today's labor-intensive risk assessment and compliance analysis processes often result in unknown risk exposures and configuration errors because of network complexity, volume of information and frequent changes. Through automation and advanced analytics, security can be improved, security controls can be optimized and return-on-investment (ROI) can be achieved in a matter of months. Customers report dramatic results after implementing Skybox solutions:
  • Reduction of IT risk exposure window by 95%
  • Reduction of security compliance costs by 85%
  • Optimization of manual processes - time and labor savings of 80%-90%
  • Reduction of firewall compliance audit process to just minutes - 75% time and labor savings
  • Verification of control effectiveness - despite complexity and constant change

Skybox Surpasses 125 Customers
Skybox View has successfully deployed in over 125 leading global companies in highly regulated markets such as financial services, insurance, pharmaceutical, retail, government, technology and telecommunications. Skybox customers are some of the most security-conscious enterprises in the world who have mission-critical global networks. They include: Alliance and Leicester, AstraZeneca, Barclays Capital, British Energy, bwin, CISCO, Citi, Credit Suisse, eBay, E*TRADE, Merrill Lynch, National Grid, Reuters, Sony Ericsson, Standard Chartered Bank, USAID, VISA and Wellmark.

"In order to accurately assess the rapidly changing security risk and compliance exposure profile of a complex infrastructure, three key approaches are required: modelling, analytics and automation. Our deployments of Skybox allow us to combine these three across key IT components to help us focus our resources where they are needed most. By deploying Skybox solutions we have more answers than questions so we can prove to our auditors that we have preventive, detective and proactive controls in place and demonstrate to our management that our controls are effective and efficient," said Stephen Bonner, Barclays Head of Information Risk Management.

Leading Distribution Partners Powered by Skybox
Skybox Security's distribution partners have allowed the company to quickly scale its business by meeting the needs of a broader base of customers. Skybox channel partners include leading Systems Integrators, Managed Security Services Providers and Security VARs such as British Telecom, Cable and Wireless, FishNet, IBM, Integralis, Mitsubishi, VeriSign and Wipro. These partners resell Skybox products, provide comprehensive integration services and embed Skybox technology to deliver innovative new security and compliance services powered by Skybox View solutions.

"Skybox Security has been focused on delivering tangible business value to our customers since day one. Evidence of this focus is a customer base that is second to none. Over the past four years we have clearly enjoyed a technology leadership with no peers and have adapted the Skybox View software platform to reach the market through a variety of distribution and deployment models. As a result, our growing list of partners will enable us to effectively help customers anywhere in the world," said Tom Doyle, CEO for Skybox Security.

Availability and New Features of Skybox View 4.0
Skybox View 4.0 products will be available in June 2008 and are provided without charge to customers who have annual software maintenance contracts. The Skybox View SRM platform is composed of two product lines: Skybox Assure for network security compliance and assurance and Skybox Secure for risk lifecycle management. The Skybox Assure product line includes Firewall Compliance Auditor and Network Compliance Auditor. The Skybox Secure product line includes Risk Exposure Analyzer, Threat Alert Manager and Security Profile Advisor. These products can be deployed independently or together to solve a range of business problems.

Skybox View 4.0 was specifically designed to enhance the features and benefits of Skybox View 3.5 released in February of 2007. Major new product capabilities include:

Platform Enhancements for Enterprise and Managed Security Service Provider Needs:
  • Virtual firewall and router support: Complete visibility and analysis for both virtual and physical network devices
  • Scalability: Successfully analyze and model global networks with hundreds of thousands of hosts, millions of vulnerabilities and thousands of network devices
  • Expanded operating systems support: 64-bit Linux and Windows Servers and Windows Vista
  • User directory services integration: Integration with CA SiteMinder enterprise user directory services for scalable access control
  • Web Services API: Broad integration in managed security and enterprise environments

Network Security Compliance:
  • Payment Card Industry Data Security Standard (PCI DSS) support: Out-of-the-box compliance reports for network security compliance requirements as defined by PCI DSS
  • Rule and objects usage analysis for all leading firewalls: Check Point Firewall-1, Cisco PIX, Cisco ASA, Cisco FWSM, Juniper NetScreen
  • Policy violation and exception management: Understand, track and report network access policy violations and policy exceptions for compliance reporting and improved network security
  • Quick firewall compliance analysis: High-level view of firewall compliance analysis with quick drill-down and root-cause analysis
  • Configuration checks reporting: Centralized view of device configuration compliance with industry and vendor best practices

Risk Lifecycle Management:
  • Common Vulnerability Scoring System (CVSS v2) support: Consistent and accurate vulnerability severity ranking
  • Threat alerts and end-of-life event management: Scalable enterprise workflow for managing threats alerts through their life cycle from assessment to remediation
  • Security metrics, dashboard and alerts: Management visibility for vulnerability exposure level and remediation status

Comments: (0)