Our secret sauce? Proactive security posture management. We take the guesswork out of cybersecurity by providing visibility, analytics, and automation to prioritize and remediate vulnerabilities and optimize security policies and controls. As a result, customers make smarter security decisions faster to secure their businesses at scale.
Skybox Security founder Gidi Cohen’s ‘ah ha moment’ followed his service in the Israel National Security Agency (8200 unit), where his passions as a young officer for math and advanced software technologies, and for tackling complex cybersecurity challenges came together. This background inspired the invention of the first commercially available cyberattack simulation engine, introduced by Skybox to market in 2004 and was made available for enterprises and governments alike.
The first commercial product, Skybox View, was a smashing success. Skybox View found exposures to potential cyberattacks by modeling the network infrastructure, including security controls and exploitable vulnerabilities. Customers marveled at the power of the network model, the underlying technology that allowed them to conduct attack simulations. Now, customers can anticipate what an attacker might do – instead of just reacting once they were breached.
Enamored with Skybox View, customers began to see the possibility of how the network model could be used for another pressing need -– compliance. The introduction of Sarbanes Oxley and PCI compliance requirements very soon became highly onerous for security organizations. Customers needed a way to visualize the attack surface to understand who had access to the network and whether the proper rules were in place to ensure security controls were intact. Customers also needed to maintain compliance by ensuring that any changes to the network didn’t inadvertently open new risks. Then, another idea sprung to life: The advent of our Security Policy Management Solution.
As the threat landscape continued to evolve, Skybox identified a new way to help Skybox customers. Vulnerability scanners do not provide the threat intelligence needed to identify exploits in the wild. By only using CVSS as the barometer for risk, the world was missing an important piece – how exposed they actually are to an attack. Gidi saw time and time again how medium-risk vulnerabilities became steppingstones to critical assets that cost companies millions of dollars.
So, he decided to build a Vulnerability and Threat Management Solution that not only discovers vulnerabilities across the entire attack surface but also prioritizes which vulnerabilities to close based on asset importance, exploitability, exposure, and CVSS severity.
Skybox was incredibly successful with its two solutions – Security Policy Management (SPM) and Vulnerability and Threat Management (VTM). Next, customers began asking Skybox to bridge use cases across both solutions. The lightbulb went off. It was time to unify capabilities into one powerful platform that could power a new proactive approach to cybersecurity. Customers were now able to increase security efficacy, improve cyber hygiene, grow business resiliency, and more. Skybox pioneered a new approach to expand beyond the traditional “scan and patch” playbook by offering alternative remediation options. And customers can validate policy and rule changes against the Skybox network model before implementing to ensure that changes do not open up new exposures.
Over the past few years, market forces have caused an inflection point for cybersecurity that requires a new proactive approach to mitigate risk. The pandemic accelerated digital transformation, including a rapid cloud migration to support remote workers. The attack surface has greatly expanded. Regulations have grown in complexity. Critical infrastructure is increasingly under attack. Ransomware has ballooned.
Skybox is dedicated to continuous product innovation that identifies and proactively remediates critical attack vectors ahead of an incident. We enable our customers to make security decisions based on true exposure and potential financial business impact. We help customers achieve continuous compliance, no matter how complex their environment is.
Skybox was founded with a singular vision. Cybersecurity needs visibility and context across the attack surface to make proactive, better, and faster decisions. Soon after, Skybox introduced its first commercial product to the market: Skybox View.
The introduction of Sarbanes Oxley and PCI compliance requirements very soon became highly onerous for security organizations. Skybox met a new customer need with the introduction of Security Policy Management. As a result, security teams could reduce the resource drain and avoid costly fees by strengthening their security controls, processes, and compliance programs.
Skybox introduces the Skybox Security Posture Management platform. With the platform, customers could take a common approach across their organizations to optimize security planning, deployment, and remediation processes to reduce exposure. This is only possible by implementing the network model based on an aggregation of essential data from a wide range of security, cloud, and network technologies.
Skybox introduced Vulnerability Control. Customers could discover vulnerabilities across hybrid and multi-cloud environments, prioritize based on exposure-based risk scores and close with prescriptive remediation options.
This is an action-packed year, with Skybox unveiling the industry’s most comprehensive exposure analysis. Skybox also introduced prescriptive remediation solutions that go well beyond traditional patching, such as applying IPS signatures, firewall rules, security tags, configuration changes to network and security devices, or software updates. Additionally, Skybox garnered substantial industry recognition as the best Vulnerability Management solution by SC Magazine, among many other accolades, as government and big business start to adopt the mindset that vulnerability management is mandatory.
Skybox Security rolled out the next generation of its award-winning Security Posture Management Platform and the industry’s first Software-as-a-Service (SaaS) solution for Vulnerability and Security Policy Management. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud. Additionally, Skybox introduced a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), in which Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options.