Languages

Skybox® Risk Control

blank

View our Risk Control demo

 

Predict and prevent cyber threats
Cyber threats present serious economic and national security challenges that corporations and government agencies cannot ignore. To identify, predict, and prevent cyber-attacks, IT security and compliance managers must have a global view of their networks to quickly visualize and pinpoint security issues and network vulnerabilities. Once identified, they need to know the best preventative actions to reduce or eliminate security risks. Skybox® Risk Control automatically discovers vulnerabilities, collects asset data, and creates a detailed visual representation of networks to identify potential risks and vulnerabilities. This network model gives those on the front line of security the tools they need to protect their networks, customer data, intellectual property and business services.

Business Benefits

  • Quantify the level of risk to the organization to support cost/benefit discussions
  • Demonstrate the before and after impact of security programs to overall risk level
  • Dramatically reduces the risk exposure time window from months to hours

Technical Benefits

  • Integrate vulnerability management processes, linking assessment, risk and exposure analysis, prioritization and remediation
  • Perform non-intrusive vulnerability detection automatically without an active scan
  • Pinpoint and prioritize the vulnerabilities that can be exploited by an attacker
  • Simulate attack scenarios to identify potential impact of cyber threats
  • Automated risk assessment improves accuracy and supports continuous security and compliance processes
  • Generates PCI DSS reports on effectiveness of compensating security controls and vulnerability management program
blank
blank

Classic features

  • Scheduled or on-demand collection of threat, cyber vulnerability, policy and threat information.
  • Automatically creates and updates a virtual model of the IT infrastructure
  • Customizable reporting for management, auditors, and IT operations
  • Built-in ticket generation system and remediation status tracking
  • Comprehensive dashboard highlighting key performance indicators (KPIs), security profile, and alerts

Skybox exclusive

  • Using Skybox's patent-pending rule-driven profiling technology, automatically detects an accurate list of vulnerabilities daily, without the disruption of an active scan
  • Most detailed model of network topology, access paths, and threats
  • What-if analysis-predicts risk behavior and business impact
  • Risk metric and business impact reports are generated in minutes
  • Automated IT vulnerability management and prioritization
  • Out-of-the-box correlation of host-level vulnerability/patch data
  • Supports most major information sources and devices: AlterPoint, BigFix, Check Point, Cisco, eEye, HP, ISS, Juniper, McAfee, nCircle, Nessus, Nortel, Opsware, Qualys, Symantec
blank
blank

When this large electricity and nuclear power producer sought a solution to manage the risks and vulnerabilities impacting its IT infrastructure, it turned to Skybox. Existing IT complexity and growth initiatives limited the organization’s scalability, but the implementation of Skybox Risk Control addressed the ability to automatically perform IT risk assessment, visualize the security and threat management status, and identify the top 1% of critical vulnerabilities out of thousands.

  • Find the most critical vulnerabilities quickly and compare remediation choices
  • Identify high-risk attack paths through ‘virtual pen testing’
  • Security dashboard highlights KPIs, security profile, and security alerts
blank
blank

Step 1 – Collect. Using Skybox's patent-pending rule-driven profiling technology, Risk Control with Vulnerability Detector deduces an accurate list of vulnerabilities without actively probing network hosts. Risk Control can also automatically collect data from threat feeds, vulnerability scanners and patch management systems as well as network device configurations for firewalls, routers, load balancers, and more. Risk Control incorporates information about assets and the relative value of systems and services – necessary to rank potential risks.

Step 2 – Analyze. The Risk Control analytical engine normalizes the information into a CMDB, creates a model of the network, and incorporates Skybox vulnerability content with intelligence about the likelihood and severity of potential attacks. A Skybox IT risk assessment is done from the attacker’s point of view – identifying possible access paths and the security gaps that can be used to reach critical assets. 

Step 3 – Report and Act. With Risk Control, network security managers get immediate information on the most critical risks and remediation alternatives. Connected to a ticketing system, Risk Control immediately notifies the IT security team of problems in the system.

blank