Fostering a Security Ecosystem
Skybox Blog Team Feb 12, 2016
In a recent blog post Throwing Down the Gauntlet for the Cyber Security Sector, BT Security’s General Manager Hugh Tatton-Brown urged industry leaders and BT partners to show how they’re answering the call for an “ecosystem” approach to cybersecurity challenges. Gauntlet: accepted.
“While innovation is all around us … the problem is that they’ve been generally innovating in their own bubbles,” says Tatton-Brown. This creates the problem of siloed solutions that don’t communicate with one another and only offer a narrow glimpse into an organization’s attack surface. Tatton-Brown argues platforms and the security controls within them must be able to join forces to form a comprehensive security ecosystem. That way, security professionals can stop acting as the middle man to integrate disparate solutions and start focusing on security strategy and action.
While an industry standard to make security control and intelligence cooperation the norm may be a ways off, we always advise our customers to look beyond the point solutions in order to form a diverse and adaptable security program. Solutions designed to interact in a larger security environment will better protect against and prepare a network for attack and likely will be better suited to respond to changes in future threat landscapes.
As for point solutions already in our customers’ networks, the Skybox® approach has always been to harness the power of analytics to break down those data siloes and integrate disparate solutions for a more comprehensive view and more centralized control over your attack surface.
The five Skybox Security Suite modules combine solutions for vulnerability management, threat intelligence management and firewall, network security and change management on one common platform. This approach fosters a holistic security program meant to tackle real-world cyber challenges in hours rather than days or longer. And as Tatton-Brown points out, a platform with strong integration capabilities like Skybox “has considerable cost benefits, as the same controls can be delivered by fewer boxes, less configuration and less management overhead.”
Two features in the Skybox Security Suite illustrate the value of a holistic security approach that would be impossible if performed manually or without solutions that take in the larger context of an organization’s attack surface.
- Attack Simulation: The best way to understand how your security controls work together or leave you exposed is to treat your network like a hacker would. Skybox simulates cyberattacks on an interactive, automatically update model of your unique network, testing threats from any origin, to any destination, using any possible attack path. Skybox attack simulation capabilities also try to bypass security controls and exploit vulnerabilities to help you remediate risk based on the potential business impact of an attack, how to better combine security controls and place high-value assets under layers of security.
- Risk Assessment of Proposed Changes: Enterprise-scale networks are undergo constant changes. To ensure each of those changes is secure, compliant and optimized for best performance, Skybox runs automated risk assessments on the network model before a change is implemented. Security teams can know in seconds if the proposal would compromise security or compliance. But the risk assessment goes beyond traditional security policy management checks, and correlates vulnerability and network intelligence to identify if the change would expose a vulnerability.
Skybox always aims to foster collaboration between security solutions and professionals, whether online or at industry events. Stop by the Skybox booth at RSA—South Hall #915—February 29 through March 3. Engage in tech talks on the latest cybersecurity analytics innovations, see live demos of the Skybox Security Suite and stock up on Skybox swag and ice cream!
See the attack surface. Shrink the attack surface. Get 5 tips for a comprehensive approach to improving your organization’s overall security. Download best practices >