The document discusses Risk Control's vulnerability detection capabilities. It can deduce vulnerabilities without scanning by leveraging existing repositories, providing faster discovery across all systems including those that are difficult to scan. It augments traditional vulnerability scanning by continuously updating vulnerability data and detecting vulnerabilities across operating systems, network devices, applications, and client-side software.

1. Risk Analytics for Cyber Security
Liran Chen
Technical Director

2. Risk Control’s Differentiators: Discovery
Discovery
Analysis
Remediation
Scanless:
Vulnerability Detector
 Scanless vulnerability assessment, finds vulnerabilities
from existing repositories without a scan
Advantages:
■
© 2013 Skybox Security Inc.
Automatically and accurately deduces vulnerabilities
 Provides faster scan cycles (hours or even minutes)
 Delivers continuous, up-to-date discovery
 Covers all nodes including difficult-to-scan systems,
e.g. critical systems, mobile devices, cloud assets
2

3. Ask Yourself…
How Well is our VM Program Working?
Discovery
Analysis and
Prioritization
How often is vulnerability data collected?
How much of the network is covered?
Is scanning disruptive to the business?
Does the VM approach consider the
network and security controls context?
Are we prioritizing by exploitation risk?
Remediation
How fast are critical vulnerabilities fixed?
Do we consider alternatives to patching?
Is risk level going up or down over time?
© 2013 Skybox Security Inc.
3

4. Vulnerability Discovery
Augment Active Scans with Daily Updates
Active Scanner
Skybox
Vulnerability Detector
Skybox
Vulnerability
Dictionary
Asset
Database
Threat
Intel
Patch
Database
Product Catalog (CPE)
Rule-based Profiling
Consolidated Vulnerability List (CVE)
Updated Daily
© 2013 Skybox Security Inc.
7

5. With or Without a 3rd Party Scanner
Continuous View of Vulnerabilities
Combining 3rd party and Skybox Vulnerability Detector
data gives constant vulnerability knowledge
100%
Skybox
Vulnerability
Detector
Q
50%
3rd party
scanner
Month 1
© 2013 Skybox Security Inc.
Time
Month 2
8
Month 3

6. Vulnerability Dictionary
 Most comprehensive vulnerability
data source
 41,000 vulnerabilities on 1,000
products
 Vulnerability Research Team
consolidates info from 20+
sources. Latest advisories,
scanners, IPS, others
 Additional data analysis, modeling,
info added for use by Skybox
analytics engine
 CVE compliant, CVSS v2
standard, cross-referenced
 Also contains vulnerabilities not
found in CVE list
© 2013 Skybox Security Inc.
9

7. Vulnerability information sources
 The Vulnerability Dictionary aggregates data from these
sources:
© 2013 Skybox Security Inc.
10

8. Vulnerability Detector supported platforms
Operating
Systems
© 2013 Skybox Security Inc.
Network Devices
Enterprise service
Applications
11
Client side
Applications

9. Summary
 Augment your scanner with Risk Control to get better
discovery – analysis and remediation reporting.
 Discover vulnerabilities across your entire enterprise –
especially in places you currently don’t scan
 Discover vulnerabilities within days of announcement,
not weeks or months
© 2013 Skybox Security Inc.
13