Vulnerability management enhancements
2022 saw 25,000 new security vulnerabilities recorded, a 25% jump over the previous year and the trend shows no sign of slowing in 2023.
As a part of the Skybox continuous exposure management platform, the vulnerability management solution leverages an array of 3rd party threat intelligence sources, and the Skybox Threat Intelligence feed, enriching the attack surface map and providing a holistic view of vulnerability and threat exposure. Organizations can apply multi-factor risk assessment and prioritization, to focus resources on the most significant vulnerabilities.
Consolidated multi-source vulnerability data
With Version 13.0, customers can now import vulnerability data from any source with or without CVE data, retaining both the unique scanner ID and any associated custom attributes. This capability enables organizations to consolidate external vulnerability data into the management environment and provides a “one-stop shop” for a wide range of vulnerability management activities, from penetration testing projects to manual vulnerability control projects.
New business-focused “Solutions view”
Version 13.0 includes a new Solutions view that enables organizations to identify the most important compensating controls that can be applied to mitigate exposures, based on factors such as a particular business unit or application. For example, “Show me the top N solutions that most greatly reduce the risk to Windows Assets in Hong Kong without IPS?” Or “What are the top N solutions that most greatly reduce the risk to my Oracle application?”
The Solutions view helps maximize the effectiveness of the security team and is ideally suited to organizations with devolved security teams that need to make decisions about the mitigations that matter most to their specific part of the business.
Solutions Filtering based on Assets
Support for CISA KEV celebrity vulnerabilities
Version 13.0 enables customers to quickly identify and plan the remediation of celebrity vulnerabilities as defined by the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog.
This catalog maintains a list of celebrity vulnerabilities that cybercriminals have exploited in recent attacks. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.
Version 13.0 sees the addition of a “CISA_KEV” setting within the Skybox vulnerability dictionary that enables customers to quickly identify the presence of celebrity vulnerabilities on assets, examine the extent to which those assets are exposed to attack, and plan remediations accordingly.
Identify "celebrity" vulnerabilities
SOAR integration – Version 13.0 provides customers with a new set of SOAR-focused REST APIs they can use to integrate Skybox vulnerability and threat management data directly into their Security Orchestration, Automation, and Response (SOAR) platform, streamlining SOC investigation and remediation activity.
Security policy management updates
Version 13.0 sees numerous updates to security policy management including:
- Access compliance: NIST 800-41 Access Policy – Updates to the out-of-the-box NIST 800-41 Access Policy, enabling customers to rapidly run compliance tests, identify violations, and proactively address them.
- Change Manager: Application rules provisioning – the ability to take an application-centric approach to the design of change management workflows and processes.
- Enhanced integration with Cisco ACI – including the Intra Tenant Common Contract, Inter Tenant Inter VRF Common Contract, and support for VMware vCenter integration.
Enhancements to Version 13.0 of Skybox Cloud Edition include:
- New APAC data center – Customers can now choose to provision Skybox Cloud Edition from a new data center in Singapore, supporting the requirement to maintain data residency within the APAC region, enhance performance, and reduce the risk of latency between the server and the customer’s assets.
- Managed SaaS Collector – Optimized service for collecting data from customers’ assets that are in the public cloud infrastructure, accelerating deployments, and reducing the on-premise hardware footprint.
In line with previously published plans to de-commission Skybox’s CentOS-based OS in June 2024, Version 13.0 sees the introduction of an Ubuntu ISO-based appliance. Initially, this will be deployed by the Skybox Professional Services team with a view to general availability in Q4 of this year.
Learn more about 13.0 features for attack surface management:
Want more information?
Find technical documentation for the Skybox version 13.0 release on the Documentation Portal. As always, technical support is available via the Customer Community.