Skybox Security provides cybersecurity solutions including attack surface visualization, security policy management, vulnerability and threat management, and firewall assurance. Their solutions help organizations gain visibility of their entire IT and OT networks across physical, virtual, cloud and industrial environments. They identify vulnerabilities, misconfigurations, and risky access rules. Skybox integrates with over 120 technologies and has over 700 active customers globally across various industries.

1. Skybox Security
Overview

2. 2
Model the Attack Surface
DMZ
Security Controls Network Topology Assets Vulnerabilities Threats

3. 3
Who We Are
Silicon Valley HQ
Offices around the globe
Fastest–growing company
in our space
$270M funding since February 2016
5–star reviews
Vulnerability/Threat Management
Risk/Policy Management
700+ active customers
50 countries, all verticals

4. 4
Who Relies on Us
Financial
Services
Service
Providers
Government
& Defense
Energy &
Utilities
Technology &
Manufacturing
Healthcare Consumer

5. 5
Why We’re Needed
Limited visibility Non–actionable
intelligence and
data silos
Lack of resources
97% of breaches are avoidable through standard controls

6. 6
Why We’re Needed
Unparalleled visibility
and comprehensive
network modeling
Integration with
existing technologies
and added intelligence
Intelligent automation
and orchestration
Skybox helps bridge the security management gap

7. 7
Improve Existing Resources
120+
technology
integrations
Cloud/
Virtual
Endpoint
Security
Vulnerability
Management,
SIEM
Firewall/Network
Security &
Infrastructure

8. 8
Skybox Security Suite
Attack Surface Visualization
• Total visibility of the attack surface
– Physical, virtual, cloud and
OT environments
– Vulnerabilities and threats
• Measurable risk reduction
• Improved communication across
teams and up management chain
Integrated Security Management

9. 9
Skybox Security Suite
Security Policy Management
• Easy, efficient compliance reporting
• Intelligent workflows and automation
• Proactive risk assessments of security
and network changes
Integrated Security Management

10. 10
Skybox Security Suite
Vulnerability and Threat Management
• Vulnerability prioritization aligned to
the current threat landscape
• Exposed and exploited vulnerabilities
highlighted
• Resources directed where they’re
needed most
Integrated Security Management

11. 11
Skybox Security Intelligence Feed
Exploits in the wild
Vulnerabilities used in
ransomware, exploit kits, etc.
Attack vector details
700,000+ sites
in the dark web
30+ security
data feeds
Skybox Research Lab

12. 12
Security Policy Management
• Network topology
view
• Normalized data
from 120+
technologies
• Physical, virtual, cloud
and industrial
• Access simulation
• Cloud security tags
• Firewalls
• Rule and
configuration checks
• Network path analysis
• Rule optimization
• Change tracking
• Automated audits
• PCI DSS
• FISMA
• NERC
• NIST
• GDPR
• Custom policies
• Change request
• Tech details
• Risk assessment
• Provisioning options
• Reconciliation and
verification
Model
Network
Change
Management
Monitor
Compliance
Understand
Network Context
Confirm
Effective Controls
Document
Compliance
Continuously
Verify Rulebase
Analyze
Security Controls

13. 13
Vulnerability and Threat Management
• Scanless
vulnerability detection
(physical/cloud)
• Support for all third-
party VA scanners
• Threat-centric
vulnerability
management
• Hot spot analysis
• Attack simulation
• Business impact
• Network topology and
compensating
controls
• Threat context
• Imminent threats
(exposed/active
exploit)
• Potential threats
(known/available
exploit)
• Attack vector details
• Remediation planning
• Ticketing and
workflow
• Dashboards and
reporting
Same-Day
Identification
Highlight Assets
at Risk
Focus on Areas of
Greatest Impact
Respond
Quickly
Prioritize
Response
Discover
Vulnerabilities
Analyze
Attack Surface
Remediate
& Track

14. 14
Firewall Assurance
Comprehensive Multi-Vendor Firewall Management
1
Collect & Normalize
2
Analyze
3
Report & Act
Firewall
Security Assessment
How It Works
Continuous
Policy Compliance
Firewall Rule
Life Cycle Management

15. 15
5
Verify
1
Request
4
Implement
3
Assess
Change Manager
Secure, Automated Firewall Change Management
Change Management
Automation
How It Works
Automated Risk
Assessment
Rule Recertification
Workflow
!
Identify
2

16. 16
Network Assurance
Complete Visibility and Command of Hybrid Network Access and Routes
3
Analyze in Context
2
Create a Model
1
Collect & Normalize
Network Model
How It Works
Security Analytics
Network Compliance
Verification

17. 17
Vulnerability Control
Threat-Centric Vulnerability Management
Scanless Assessments
How It Works
Network + Threat Context Exposed and Exploited Vulns
1
Assess
2
Analyze
3
Prioritize
4
Remediate
1
2
3

18. 18
1
Collect & Normalize
Threat Manager
Threat Intelligence Analysis and Response
Consolidated Threat
Intelligence
How It Works
Contextual Threat
Assessment
Focused Threat
Response
2
Check Relevancy
3
Track Remediation

19. 19
March April May June Current
Last 4 Months
Visualize Your Entire Attack Surface From
Multiple Perspectives
Unsecure
Device
Configuration
Exploitable
Vulnerabilities
Risky Access
Rules
Exploited
in the Wild
Vulnerabilities
US
311 Assets
5 Firewalls
Site Details
Vulnerability
Exposure
Unsecure Device Configuration (Total: 72)
Name: UDP reply packets – filtered
Policy: Checkpoint FW Standard Policy
#Violations: 1
Name: Encrypted Line Password - required
Policy: Cisco IOS RTR Standard Policy
#Violations: 1
Name: IP source routing - prohibited
Policy: Cisco IOS RTR Standard Policy
#Violations: 1
Name: Password Encryption Service - required
Policy: Cisco IOS RTR Standard Policy
#Violations: 1
Name: SNMPv3 Group - required
Policy: Cisco IOS RTR Standard Policy
#Violations: 1

20. 20
Skybox Horizon
Attack Surface Visualization
Unsecure Device Configuration
Misconfiguration enables the
continuation and spread of attack
Risky Access Rule
Allows inbound access from DMZ
to deeper in network
Exploited in the Wild Vulnerability
Vulnerability with available and active
exploit is attacked

21. 21
Attack Surface Model
Context: Asset Exposure/Criticality
Prod FW
Main FW GatewayEastA
Vulnerability
Intelligence
Main Router
Backbone Core Router
GatewayEastA
IPS
Attack Surface Model
Context: Asset Exposure/Criticality
Prod FW
Main FW GatewayEastA
Main Router
Backbone Core Router
GatewayEastA
IPS
Threat-Centric Vulnerability Management
Vulnerabilities
+
Exploits in the Wild

22. 22
Attack Surface Model
Context: Asset Exposure/Criticality
Prod FW
Main FW GatewayEastA
Vulnerability
Intelligence
Main Router
Backbone Core Router
GatewayEastA
IPS
Attack Surface Model
Context: Asset Exposure/Criticality
Prod FW
Main FW GatewayEastA
Main Router
Backbone Core Router
GatewayEastA
IPS
Threat-Centric Vulnerability Management
Vulnerabilities
+
Exploits in the Wild
Analytics Prioritize
Imminent Threat
High-priority
remediation/mitigation
Potential Threat
Gradual risk
reduction

23. 23
Security in Multi-Cloud Environments
Complete Visibility
End–to–end path analysis
Policy compliance across networks
in a single dashboard view
Out–of–the–box regulatory
compliance checks
Threat–centric
vulnerability management
AWS Azure
NSX
(Private)

24. 24
Security in Industrial Networks
OT
Production Control
System Network
IT
Business/
Corporate Network
Visibility and path analysis
for combined IT and
OT networks
Risk analysis
Vulnerability detection Internet
RTU/PLC/DCS
Controller Units &
Field Devices Neighboring
Utilities
Util
C
Util
E
Util
A
Util
B
Util
D

25. 25
GDPR—How Skybox Can Help
Data Protection
By Design
Article 25
Record
Processing
Activities
Article 30
Security
of Processing
Article 32
Breach Notification
to Supervisory
Authority
Article 33
Breach Notification
to Data Subject
Article 34
Data Protection
Impact Assessment
Article 35

26. 26
Take Control of Your Attack Surface
Automation and
Orchestration
Threat and
Vulnerability
Intelligence
Attack Surface
Visibility and
Analytics

27. Thank You

28. 2828
Skybox Security
Technical Overview

29. 29
Skybox Architecture

30. 30
• Integrates with existing
infrastructure
• Automation, workflows
• Not a scanner, Agentless
• Built-in ticketing system
• APIs for integration with
third-party systems
• Appliance, virtual appliance,
software only
Deployment Diagram

31. 31
Network Model Visualization

32. 32
A Comprehensive Network View
• Network context
• Network size, complexity
• Multi-vendor environment
• Routers, LBs, FWs, Assets
• Routing tables, ACLs, IPS
• NAT/PAT, VPNs, Tunnels
Detailed Model Complex and Changing Network
Device-Level view

33. 33
Network Path Analysis
• Routing/PBR
• NAT/PAT/VPNs
• Load Balancing
• Firewall rules
• Multiple routes
Access Analyzer
Understands

34. 34
Continuous Compliance Monitoring
–Access Compliance
–Configuration Compliance
–Rule Compliance
• PCI, NIST, Custom Policies
• Vendor best practices
• Track exceptions
Automated
Compliance Checks

35. 35
Optimise Rules
• Spot shadowed and redundant
rules quickly
• Gather log data to analyse
historical rule usage
• Tighten the rule base, improve
security and effectiveness
• Have a consultative conversation

36. 36
Zone-to-Zone Access Compliance
Internet /
External
DMZ
Finance Servers
Development
Partners
Resellers
Only Port 80
Only Ports 80, 8080, 443, 22
No Access
New
York
Paris
London

37. 37
• Vastly improve operational costs
• Reduce time to implement changes
• Risk assessment before change is made
• Automate changes/generate configuration
• Reconcile changes
Optimizing Change Management Workflow
Automate Change Management
Change
Request
Technical
Details
Risk
Assessment
Change
Implementation
Reconcile
and Verify

38. 38
Change Management Workflow
Skybox Analytics Engine
Request
Technical
Details
Risk
Assessment
Implementation Verification
Capture
business/
technical
details
Translate
Path
identification
Rule analysis
Identify policy
violations &
Vulnerability
exposures
Accept/Reject
Assign to
team for
provisioning
Reconcile
against
observed
changes
Verify Access

39. 39
Skybox Change Manager
Change Management Workflow
Risk
Assessment
VerificationImplementation
Technical
Details
Other
Change
Requests
Audit Trail
Maintained
Request for
Firewall
Change
Request

40. 40
• Skybox Research Lab aggregates 30+ vulnerability and
threat feeds
• More than 70,000 vulnerabilities on 8,000+ products
• CVE compliant, CVSSv3 standard
• Updated daily
Skybox Vulnerability Database
ADVISORIES
Adobe
Apple
Cisco
Microsoft
Oracle
Red Hat
SCANNERS
BeyondTrust
Retina
McAfee Foundstone
Qualys Cloud
Platform
Rapid7 Nexpose
Tenable Nessus
Tripwire IP360
IPS
Fortinet FortiGuard
McAfee IPS
Palo Alto Networks
Trend Micro TippingPoint
Cisco SourceFire
OTHER
CERT, ICS CERT
Flexera Secunia
IBM X-Force
Mitre CVE
NIST NVD
OSVDB
Symantec Security
Focus
Rapid 7 Metasploit
Zero-day
vulnerabilities for
published incidents

41. 41
Skybox Vulnerability Database
Skybox
Research
Labs
30+ threat feeds
…
Dedicated team
verifies, normalizes,
adds more data
…
Subscribed customers
updated daily

42. 42
Main Uses of the Vulnerability Database
Skybox
Vulnerability
Database
Data Collection
into Security
Model
Attack
Simulation
Vulnerability
Detector
Data normalization
(vulnerabilities, IPS
signatures)
Attack vectors
information
Product and
vulnerability
profiling rules

43. 43
Remediate the stuff that matters!
• How do we prioritize for
remediation?
• Are critical assets at risk?
• What’s our trend in fixing vs
finding vulnerabilities?
• Which vulnerabilities should I
fix for the biggest impact?
Vulnerabilities IdentifiedThreat-Centric
Vulnerability Management

44. 44
Threat-Centric Prioritization

45. 45
Attack Simulation
Vulnerabilities
CVE 2014-0160
CVE 2014-0515
CVE 2016-0076
Attack Vectors
Compromised
Server
Internet
Hacker
Infected
Partner

46. 4646
Thank You