Alejandro Cadarso, profile picture
Uploaded byAlejandro Cadarso
PPTX, PDF1,046 views

Skybox security

Skybox Security provides cybersecurity solutions including attack surface visualization, security policy management, vulnerability and threat management, and firewall assurance. Their solutions help organizations gain visibility of their entire IT and OT networks across physical, virtual, cloud and industrial environments. They identify vulnerabilities, misconfigurations, and risky access rules. Skybox integrates with over 120 technologies and has over 700 active customers globally across various industries.

Embed presentation

Downloaded 16 times
Skybox Security Overview
2 Model the Attack Surface DMZ Security Controls Network Topology Assets Vulnerabilities Threats
3 Who We Are Silicon Valley HQ Offices around the globe Fastest–growing company in our space $270M funding since February 2016 5–star reviews Vulnerability/Threat Management Risk/Policy Management 700+ active customers 50 countries, all verticals
4 Who Relies on Us Financial Services Service Providers Government & Defense Energy & Utilities Technology & Manufacturing Healthcare Consumer
5 Why We’re Needed Limited visibility Non–actionable intelligence and data silos Lack of resources 97% of breaches are avoidable through standard controls
6 Why We’re Needed Unparalleled visibility and comprehensive network modeling Integration with existing technologies and added intelligence Intelligent automation and orchestration Skybox helps bridge the security management gap
7 Improve Existing Resources 120+ technology integrations Cloud/ Virtual Endpoint Security Vulnerability Management, SIEM Firewall/Network Security & Infrastructure
8 Skybox Security Suite Attack Surface Visualization • Total visibility of the attack surface – Physical, virtual, cloud and OT environments – Vulnerabilities and threats • Measurable risk reduction • Improved communication across teams and up management chain Integrated Security Management
9 Skybox Security Suite Security Policy Management • Easy, efficient compliance reporting • Intelligent workflows and automation • Proactive risk assessments of security and network changes Integrated Security Management
10 Skybox Security Suite Vulnerability and Threat Management • Vulnerability prioritization aligned to the current threat landscape • Exposed and exploited vulnerabilities highlighted • Resources directed where they’re needed most Integrated Security Management
11 Skybox Security Intelligence Feed Exploits in the wild Vulnerabilities used in ransomware, exploit kits, etc. Attack vector details 700,000+ sites in the dark web 30+ security data feeds Skybox Research Lab
12 Security Policy Management • Network topology view • Normalized data from 120+ technologies • Physical, virtual, cloud and industrial • Access simulation • Cloud security tags • Firewalls • Rule and configuration checks • Network path analysis • Rule optimization • Change tracking • Automated audits • PCI DSS • FISMA • NERC • NIST • GDPR • Custom policies • Change request • Tech details • Risk assessment • Provisioning options • Reconciliation and verification Model Network Change Management Monitor Compliance Understand Network Context Confirm Effective Controls Document Compliance Continuously Verify Rulebase Analyze Security Controls
13 Vulnerability and Threat Management • Scanless vulnerability detection (physical/cloud) • Support for all third- party VA scanners • Threat-centric vulnerability management • Hot spot analysis • Attack simulation • Business impact • Network topology and compensating controls • Threat context • Imminent threats (exposed/active exploit) • Potential threats (known/available exploit) • Attack vector details • Remediation planning • Ticketing and workflow • Dashboards and reporting Same-Day Identification Highlight Assets at Risk Focus on Areas of Greatest Impact Respond Quickly Prioritize Response Discover Vulnerabilities Analyze Attack Surface Remediate & Track
14 Firewall Assurance Comprehensive Multi-Vendor Firewall Management 1 Collect & Normalize 2 Analyze 3 Report & Act Firewall Security Assessment How It Works Continuous Policy Compliance Firewall Rule Life Cycle Management
15 5 Verify 1 Request 4 Implement 3 Assess Change Manager Secure, Automated Firewall Change Management Change Management Automation How It Works Automated Risk Assessment Rule Recertification Workflow ! Identify 2
16 Network Assurance Complete Visibility and Command of Hybrid Network Access and Routes 3 Analyze in Context 2 Create a Model 1 Collect & Normalize Network Model How It Works Security Analytics Network Compliance Verification
17 Vulnerability Control Threat-Centric Vulnerability Management Scanless Assessments How It Works Network + Threat Context Exposed and Exploited Vulns 1 Assess 2 Analyze 3 Prioritize 4 Remediate 1 2 3
18 1 Collect & Normalize Threat Manager Threat Intelligence Analysis and Response Consolidated Threat Intelligence How It Works Contextual Threat Assessment Focused Threat Response 2 Check Relevancy 3 Track Remediation
19 March April May June Current Last 4 Months Visualize Your Entire Attack Surface From Multiple Perspectives Unsecure Device Configuration Exploitable Vulnerabilities Risky Access Rules Exploited in the Wild Vulnerabilities US 311 Assets 5 Firewalls Site Details Vulnerability Exposure Unsecure Device Configuration (Total: 72) Name: UDP reply packets – filtered Policy: Checkpoint FW Standard Policy #Violations: 1 Name: Encrypted Line Password - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: IP source routing - prohibited Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: Password Encryption Service - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: SNMPv3 Group - required Policy: Cisco IOS RTR Standard Policy #Violations: 1
20 Skybox Horizon Attack Surface Visualization Unsecure Device Configuration Misconfiguration enables the continuation and spread of attack Risky Access Rule Allows inbound access from DMZ to deeper in network Exploited in the Wild Vulnerability Vulnerability with available and active exploit is attacked
21 Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Vulnerability Intelligence Main Router Backbone Core Router GatewayEastA IPS Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Main Router Backbone Core Router GatewayEastA IPS Threat-Centric Vulnerability Management Vulnerabilities + Exploits in the Wild
22 Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Vulnerability Intelligence Main Router Backbone Core Router GatewayEastA IPS Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Main Router Backbone Core Router GatewayEastA IPS Threat-Centric Vulnerability Management Vulnerabilities + Exploits in the Wild Analytics Prioritize Imminent Threat High-priority remediation/mitigation Potential Threat Gradual risk reduction
23 Security in Multi-Cloud Environments Complete Visibility End–to–end path analysis Policy compliance across networks in a single dashboard view Out–of–the–box regulatory compliance checks Threat–centric vulnerability management AWS Azure NSX (Private)
24 Security in Industrial Networks OT Production Control System Network IT Business/ Corporate Network Visibility and path analysis for combined IT and OT networks Risk analysis Vulnerability detection Internet RTU/PLC/DCS Controller Units & Field Devices Neighboring Utilities Util C Util E Util A Util B Util D
25 GDPR—How Skybox Can Help Data Protection By Design Article 25 Record Processing Activities Article 30 Security of Processing Article 32 Breach Notification to Supervisory Authority Article 33 Breach Notification to Data Subject Article 34 Data Protection Impact Assessment Article 35
26 Take Control of Your Attack Surface Automation and Orchestration Threat and Vulnerability Intelligence Attack Surface Visibility and Analytics
Thank You
2828 Skybox Security Technical Overview
29 Skybox Architecture
30 • Integrates with existing infrastructure • Automation, workflows • Not a scanner, Agentless • Built-in ticketing system • APIs for integration with third-party systems • Appliance, virtual appliance, software only Deployment Diagram
31 Network Model Visualization
32 A Comprehensive Network View • Network context • Network size, complexity • Multi-vendor environment • Routers, LBs, FWs, Assets • Routing tables, ACLs, IPS • NAT/PAT, VPNs, Tunnels Detailed Model Complex and Changing Network Device-Level view
33 Network Path Analysis • Routing/PBR • NAT/PAT/VPNs • Load Balancing • Firewall rules • Multiple routes Access Analyzer Understands
34 Continuous Compliance Monitoring –Access Compliance –Configuration Compliance –Rule Compliance • PCI, NIST, Custom Policies • Vendor best practices • Track exceptions Automated Compliance Checks
35 Optimise Rules • Spot shadowed and redundant rules quickly • Gather log data to analyse historical rule usage • Tighten the rule base, improve security and effectiveness • Have a consultative conversation
36 Zone-to-Zone Access Compliance Internet / External DMZ Finance Servers Development Partners Resellers Only Port 80 Only Ports 80, 8080, 443, 22 No Access New York Paris London
37 • Vastly improve operational costs • Reduce time to implement changes • Risk assessment before change is made • Automate changes/generate configuration • Reconcile changes Optimizing Change Management Workflow Automate Change Management Change Request Technical Details Risk Assessment Change Implementation Reconcile and Verify
38 Change Management Workflow Skybox Analytics Engine Request Technical Details Risk Assessment Implementation Verification Capture business/ technical details Translate Path identification Rule analysis Identify policy violations & Vulnerability exposures Accept/Reject Assign to team for provisioning Reconcile against observed changes Verify Access
39 Skybox Change Manager Change Management Workflow Risk Assessment VerificationImplementation Technical Details Other Change Requests Audit Trail Maintained Request for Firewall Change Request
40 • Skybox Research Lab aggregates 30+ vulnerability and threat feeds • More than 70,000 vulnerabilities on 8,000+ products • CVE compliant, CVSSv3 standard • Updated daily Skybox Vulnerability Database ADVISORIES Adobe Apple Cisco Microsoft Oracle Red Hat SCANNERS BeyondTrust Retina McAfee Foundstone Qualys Cloud Platform Rapid7 Nexpose Tenable Nessus Tripwire IP360 IPS Fortinet FortiGuard McAfee IPS Palo Alto Networks Trend Micro TippingPoint Cisco SourceFire OTHER CERT, ICS CERT Flexera Secunia IBM X-Force Mitre CVE NIST NVD OSVDB Symantec Security Focus Rapid 7 Metasploit Zero-day vulnerabilities for published incidents
41 Skybox Vulnerability Database Skybox Research Labs 30+ threat feeds … Dedicated team verifies, normalizes, adds more data … Subscribed customers updated daily
42 Main Uses of the Vulnerability Database Skybox Vulnerability Database Data Collection into Security Model Attack Simulation Vulnerability Detector Data normalization (vulnerabilities, IPS signatures) Attack vectors information Product and vulnerability profiling rules
43 Remediate the stuff that matters! • How do we prioritize for remediation? • Are critical assets at risk? • What’s our trend in fixing vs finding vulnerabilities? • Which vulnerabilities should I fix for the biggest impact? Vulnerabilities IdentifiedThreat-Centric Vulnerability Management
44 Threat-Centric Prioritization
45 Attack Simulation Vulnerabilities CVE 2014-0160 CVE 2014-0515 CVE 2016-0076 Attack Vectors Compromised Server Internet Hacker Infected Partner
4646 Thank You

More Related Content

PPTX
Simplify SOC Automation with FortiAnalyzer
bypereirah1
 
PPTX
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 
PPTX
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
byAldoPalominoBravo
 
PDF
Blueprint for Security Architecture & Strategy.pdf
byFetri Miftach
 
PPTX
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
byrobbiesamuel
 
PDF
How To Present Cyber Security To Senior Management Complete Deck
bySlideTeam
 
PPTX
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
PDF
IBM Security Strategy Overview
byxband
 
Simplify SOC Automation with FortiAnalyzer
bypereirah1
 
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
byAldoPalominoBravo
 
Blueprint for Security Architecture & Strategy.pdf
byFetri Miftach
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
byrobbiesamuel
 
How To Present Cyber Security To Senior Management Complete Deck
bySlideTeam
 
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
IBM Security Strategy Overview
byxband
 

What's hot

PDF
Consumer Identity and Access Management (CIAM)
byEnterprise Management Associates
 
PPTX
Enterprise Security Architecture Design
byPriyanka Aash
 
PPTX
Security models for security architecture
byVladimir Jirasek
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PDF
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
PDF
TOGAF 9 - Security Architecture Ver1 0
byMaganathin Veeraragaloo
 
PPTX
Zero trust deck 2020
byGuido Marchetti
 
PDF
Enterprise Security Architecture: From access to audit
byBob Rhubart
 
PPTX
The Zero Trust Model of Information Security
byTripwire
 
PDF
Security-by-Design in Enterprise Architecture
byThe Open Group SA
 
PPTX
Adaptive Enterprise Security Architecture
bySABSAcourses
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
The Elastic Stack as a SIEM
byJohn Hubbard
 
PDF
SAP GRC
byKellton Tech Solutions Ltd
 
PPTX
Iso iec 27001 foundation training course by interprom
byMart Rovers
 
PPTX
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
PDF
SABSA white paper
bySABSAcourses
 
PPTX
IBM Security QRadar
byVirginia Fernandez
 
PPTX
Optimizing Security Operations: 5 Keys to Success
bySirius
 
PPSX
Next-Gen security operation center
byMuhammad Sahputra
 
Consumer Identity and Access Management (CIAM)
byEnterprise Management Associates
 
Enterprise Security Architecture Design
byPriyanka Aash
 
Security models for security architecture
byVladimir Jirasek
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
TOGAF 9 - Security Architecture Ver1 0
byMaganathin Veeraragaloo
 
Zero trust deck 2020
byGuido Marchetti
 
Enterprise Security Architecture: From access to audit
byBob Rhubart
 
The Zero Trust Model of Information Security
byTripwire
 
Security-by-Design in Enterprise Architecture
byThe Open Group SA
 
Adaptive Enterprise Security Architecture
bySABSAcourses
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
The Elastic Stack as a SIEM
byJohn Hubbard
 
SAP GRC
byKellton Tech Solutions Ltd
 
Iso iec 27001 foundation training course by interprom
byMart Rovers
 
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
SABSA white paper
bySABSAcourses
 
IBM Security QRadar
byVirginia Fernandez
 
Optimizing Security Operations: 5 Keys to Success
bySirius
 
Next-Gen security operation center
byMuhammad Sahputra
 

Similar to Skybox security

PPTX
Network Security Best Practices - Reducing Your Attack Surface
bySkybox Security
 
PDF
Best Practices for Network Security Management
bySkybox Security
 
PPTX
5 Steps to Reduce Your Window of Vulnerability
bySkybox Security
 
PDF
Infosec 2014: Who Is Skybox Security?
bySkybox Security
 
PDF
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
bySkybox Security
 
PPTX
Risk Analytics: One Intelligent View
bySkybox Security
 
PPTX
Network Security Trends for 2016: Taking Security to the Next Level
bySkybox Security
 
PPTX
CyberSecurity Portfolio Management
byPriyanka Aash
 
PDF
Security at the Breaking Point: Rethink Security in 2013
bySkybox Security
 
PPTX
Using a Network Model to Address SANS Critical Controls 10 and 11
bySkybox Security
 
PDF
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
bySkybox Security
 
PPTX
InfraGard Webinar March 2016 033016 A
byWard Pyles
 
PPTX
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 
PDF
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
bySkybox Security
 
PDF
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
bySkybox Security
 
PDF
Practical Cloud Security A Guide for Secure Design and Deployment 1st Edition...
bybvpxmqwie0546
 
PDF
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
byAWS Summits
 
PDF
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
PDF
Beginning AWS Security 1st Edition Tasha Penwell
bycerkfpka1242
 
PDF
Practical Cloud Security A Guide for Secure Design and Deployment 1st Edition...
byomorialeksi5
 
Network Security Best Practices - Reducing Your Attack Surface
bySkybox Security
 
Best Practices for Network Security Management
bySkybox Security
 
5 Steps to Reduce Your Window of Vulnerability
bySkybox Security
 
Infosec 2014: Who Is Skybox Security?
bySkybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
bySkybox Security
 
Risk Analytics: One Intelligent View
bySkybox Security
 
Network Security Trends for 2016: Taking Security to the Next Level
bySkybox Security
 
CyberSecurity Portfolio Management
byPriyanka Aash
 
Security at the Breaking Point: Rethink Security in 2013
bySkybox Security
 
Using a Network Model to Address SANS Critical Controls 10 and 11
bySkybox Security
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
bySkybox Security
 
InfraGard Webinar March 2016 033016 A
byWard Pyles
 
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
bySkybox Security
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
bySkybox Security
 
Practical Cloud Security A Guide for Secure Design and Deployment 1st Edition...
bybvpxmqwie0546
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
byAWS Summits
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
Beginning AWS Security 1st Edition Tasha Penwell
bycerkfpka1242
 
Practical Cloud Security A Guide for Secure Design and Deployment 1st Edition...
byomorialeksi5
 

Recently uploaded

PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
PDF
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
PDF
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PDF
Micro project .pdf drone technology Report
byRenitaMamgain
 
PPTX
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PDF
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
PPTX
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
classification of elements and periodicity.pdf
byaryanshreya2010
 
PPTX
ChatGPT on education positively snd negatively
by88rtgpscxx
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
html-forms in web development-courseICT.
bymadz33
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Micro project .pdf drone technology Report
byRenitaMamgain
 
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
Computer Science Degree for College .pptx
byHanenek1
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
classification of elements and periodicity.pdf
byaryanshreya2010
 
ChatGPT on education positively snd negatively
by88rtgpscxx
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 

Skybox security

  • 1.
  • 2.
    2 Model the AttackSurface DMZ Security Controls Network Topology Assets Vulnerabilities Threats
  • 3.
    3 Who We Are SiliconValley HQ Offices around the globe Fastest–growing company in our space $270M funding since February 2016 5–star reviews Vulnerability/Threat Management Risk/Policy Management 700+ active customers 50 countries, all verticals
  • 4.
    4 Who Relies onUs Financial Services Service Providers Government & Defense Energy & Utilities Technology & Manufacturing Healthcare Consumer
  • 5.
    5 Why We’re Needed Limitedvisibility Non–actionable intelligence and data silos Lack of resources 97% of breaches are avoidable through standard controls
  • 6.
    6 Why We’re Needed Unparalleledvisibility and comprehensive network modeling Integration with existing technologies and added intelligence Intelligent automation and orchestration Skybox helps bridge the security management gap
  • 7.
  • 8.
    8 Skybox Security Suite AttackSurface Visualization • Total visibility of the attack surface – Physical, virtual, cloud and OT environments – Vulnerabilities and threats • Measurable risk reduction • Improved communication across teams and up management chain Integrated Security Management
  • 9.
    9 Skybox Security Suite SecurityPolicy Management • Easy, efficient compliance reporting • Intelligent workflows and automation • Proactive risk assessments of security and network changes Integrated Security Management
  • 10.
    10 Skybox Security Suite Vulnerabilityand Threat Management • Vulnerability prioritization aligned to the current threat landscape • Exposed and exploited vulnerabilities highlighted • Resources directed where they’re needed most Integrated Security Management
  • 11.
    11 Skybox Security IntelligenceFeed Exploits in the wild Vulnerabilities used in ransomware, exploit kits, etc. Attack vector details 700,000+ sites in the dark web 30+ security data feeds Skybox Research Lab
  • 12.
    12 Security Policy Management •Network topology view • Normalized data from 120+ technologies • Physical, virtual, cloud and industrial • Access simulation • Cloud security tags • Firewalls • Rule and configuration checks • Network path analysis • Rule optimization • Change tracking • Automated audits • PCI DSS • FISMA • NERC • NIST • GDPR • Custom policies • Change request • Tech details • Risk assessment • Provisioning options • Reconciliation and verification Model Network Change Management Monitor Compliance Understand Network Context Confirm Effective Controls Document Compliance Continuously Verify Rulebase Analyze Security Controls
  • 13.
    13 Vulnerability and ThreatManagement • Scanless vulnerability detection (physical/cloud) • Support for all third- party VA scanners • Threat-centric vulnerability management • Hot spot analysis • Attack simulation • Business impact • Network topology and compensating controls • Threat context • Imminent threats (exposed/active exploit) • Potential threats (known/available exploit) • Attack vector details • Remediation planning • Ticketing and workflow • Dashboards and reporting Same-Day Identification Highlight Assets at Risk Focus on Areas of Greatest Impact Respond Quickly Prioritize Response Discover Vulnerabilities Analyze Attack Surface Remediate & Track
  • 14.
    14 Firewall Assurance Comprehensive Multi-VendorFirewall Management 1 Collect & Normalize 2 Analyze 3 Report & Act Firewall Security Assessment How It Works Continuous Policy Compliance Firewall Rule Life Cycle Management
  • 15.
    15 5 Verify 1 Request 4 Implement 3 Assess Change Manager Secure, AutomatedFirewall Change Management Change Management Automation How It Works Automated Risk Assessment Rule Recertification Workflow ! Identify 2
  • 16.
    16 Network Assurance Complete Visibilityand Command of Hybrid Network Access and Routes 3 Analyze in Context 2 Create a Model 1 Collect & Normalize Network Model How It Works Security Analytics Network Compliance Verification
  • 17.
    17 Vulnerability Control Threat-Centric VulnerabilityManagement Scanless Assessments How It Works Network + Threat Context Exposed and Exploited Vulns 1 Assess 2 Analyze 3 Prioritize 4 Remediate 1 2 3
  • 18.
    18 1 Collect & Normalize ThreatManager Threat Intelligence Analysis and Response Consolidated Threat Intelligence How It Works Contextual Threat Assessment Focused Threat Response 2 Check Relevancy 3 Track Remediation
  • 19.
    19 March April MayJune Current Last 4 Months Visualize Your Entire Attack Surface From Multiple Perspectives Unsecure Device Configuration Exploitable Vulnerabilities Risky Access Rules Exploited in the Wild Vulnerabilities US 311 Assets 5 Firewalls Site Details Vulnerability Exposure Unsecure Device Configuration (Total: 72) Name: UDP reply packets – filtered Policy: Checkpoint FW Standard Policy #Violations: 1 Name: Encrypted Line Password - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: IP source routing - prohibited Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: Password Encryption Service - required Policy: Cisco IOS RTR Standard Policy #Violations: 1 Name: SNMPv3 Group - required Policy: Cisco IOS RTR Standard Policy #Violations: 1
  • 20.
    20 Skybox Horizon Attack SurfaceVisualization Unsecure Device Configuration Misconfiguration enables the continuation and spread of attack Risky Access Rule Allows inbound access from DMZ to deeper in network Exploited in the Wild Vulnerability Vulnerability with available and active exploit is attacked
  • 21.
    21 Attack Surface Model Context:Asset Exposure/Criticality Prod FW Main FW GatewayEastA Vulnerability Intelligence Main Router Backbone Core Router GatewayEastA IPS Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Main Router Backbone Core Router GatewayEastA IPS Threat-Centric Vulnerability Management Vulnerabilities + Exploits in the Wild
  • 22.
    22 Attack Surface Model Context:Asset Exposure/Criticality Prod FW Main FW GatewayEastA Vulnerability Intelligence Main Router Backbone Core Router GatewayEastA IPS Attack Surface Model Context: Asset Exposure/Criticality Prod FW Main FW GatewayEastA Main Router Backbone Core Router GatewayEastA IPS Threat-Centric Vulnerability Management Vulnerabilities + Exploits in the Wild Analytics Prioritize Imminent Threat High-priority remediation/mitigation Potential Threat Gradual risk reduction
  • 23.
    23 Security in Multi-CloudEnvironments Complete Visibility End–to–end path analysis Policy compliance across networks in a single dashboard view Out–of–the–box regulatory compliance checks Threat–centric vulnerability management AWS Azure NSX (Private)
  • 24.
    24 Security in IndustrialNetworks OT Production Control System Network IT Business/ Corporate Network Visibility and path analysis for combined IT and OT networks Risk analysis Vulnerability detection Internet RTU/PLC/DCS Controller Units & Field Devices Neighboring Utilities Util C Util E Util A Util B Util D
  • 25.
    25 GDPR—How Skybox CanHelp Data Protection By Design Article 25 Record Processing Activities Article 30 Security of Processing Article 32 Breach Notification to Supervisory Authority Article 33 Breach Notification to Data Subject Article 34 Data Protection Impact Assessment Article 35
  • 26.
    26 Take Control ofYour Attack Surface Automation and Orchestration Threat and Vulnerability Intelligence Attack Surface Visibility and Analytics
  • 27.
  • 28.
  • 29.
  • 30.
    30 • Integrates withexisting infrastructure • Automation, workflows • Not a scanner, Agentless • Built-in ticketing system • APIs for integration with third-party systems • Appliance, virtual appliance, software only Deployment Diagram
  • 31.
  • 32.
    32 A Comprehensive NetworkView • Network context • Network size, complexity • Multi-vendor environment • Routers, LBs, FWs, Assets • Routing tables, ACLs, IPS • NAT/PAT, VPNs, Tunnels Detailed Model Complex and Changing Network Device-Level view
  • 33.
    33 Network Path Analysis •Routing/PBR • NAT/PAT/VPNs • Load Balancing • Firewall rules • Multiple routes Access Analyzer Understands
  • 34.
    34 Continuous Compliance Monitoring –AccessCompliance –Configuration Compliance –Rule Compliance • PCI, NIST, Custom Policies • Vendor best practices • Track exceptions Automated Compliance Checks
  • 35.
    35 Optimise Rules • Spotshadowed and redundant rules quickly • Gather log data to analyse historical rule usage • Tighten the rule base, improve security and effectiveness • Have a consultative conversation
  • 36.
    36 Zone-to-Zone Access Compliance Internet/ External DMZ Finance Servers Development Partners Resellers Only Port 80 Only Ports 80, 8080, 443, 22 No Access New York Paris London
  • 37.
    37 • Vastly improveoperational costs • Reduce time to implement changes • Risk assessment before change is made • Automate changes/generate configuration • Reconcile changes Optimizing Change Management Workflow Automate Change Management Change Request Technical Details Risk Assessment Change Implementation Reconcile and Verify
  • 38.
    38 Change Management Workflow SkyboxAnalytics Engine Request Technical Details Risk Assessment Implementation Verification Capture business/ technical details Translate Path identification Rule analysis Identify policy violations & Vulnerability exposures Accept/Reject Assign to team for provisioning Reconcile against observed changes Verify Access
  • 39.
    39 Skybox Change Manager ChangeManagement Workflow Risk Assessment VerificationImplementation Technical Details Other Change Requests Audit Trail Maintained Request for Firewall Change Request
  • 40.
    40 • Skybox ResearchLab aggregates 30+ vulnerability and threat feeds • More than 70,000 vulnerabilities on 8,000+ products • CVE compliant, CVSSv3 standard • Updated daily Skybox Vulnerability Database ADVISORIES Adobe Apple Cisco Microsoft Oracle Red Hat SCANNERS BeyondTrust Retina McAfee Foundstone Qualys Cloud Platform Rapid7 Nexpose Tenable Nessus Tripwire IP360 IPS Fortinet FortiGuard McAfee IPS Palo Alto Networks Trend Micro TippingPoint Cisco SourceFire OTHER CERT, ICS CERT Flexera Secunia IBM X-Force Mitre CVE NIST NVD OSVDB Symantec Security Focus Rapid 7 Metasploit Zero-day vulnerabilities for published incidents
  • 41.
    41 Skybox Vulnerability Database Skybox Research Labs 30+threat feeds … Dedicated team verifies, normalizes, adds more data … Subscribed customers updated daily
  • 42.
    42 Main Uses ofthe Vulnerability Database Skybox Vulnerability Database Data Collection into Security Model Attack Simulation Vulnerability Detector Data normalization (vulnerabilities, IPS signatures) Attack vectors information Product and vulnerability profiling rules
  • 43.
    43 Remediate the stuffthat matters! • How do we prioritize for remediation? • Are critical assets at risk? • What’s our trend in fixing vs finding vulnerabilities? • Which vulnerabilities should I fix for the biggest impact? Vulnerabilities IdentifiedThreat-Centric Vulnerability Management
  • 44.
  • 45.
    45 Attack Simulation Vulnerabilities CVE 2014-0160 CVE2014-0515 CVE 2016-0076 Attack Vectors Compromised Server Internet Hacker Infected Partner
  • 46.