Skybox takes the guesswork out of securely enabling your business at scale and speed. We provide the insights and context to make informed security decisions while saving you time and money. Find out what you've been missing.
Founded in 2002, Skybox has brought industry-leading, award-winning solutions to the market for two decades. Our mission is to provide the intelligence and context companies need to prevent breaches.
Our secret sauce? Proactive security posture management. We take the guesswork out of cybersecurity by providing visibility, analytics, and automation to prioritize and remediate vulnerabilities and optimize security policies and controls. As a result, customers make smarter security decisions faster to secure their businesses at scale.
Celebrating 20 years of cybersecurity posture management innovation; Watch video!
How it all began
Skybox Security founder Gidi Cohen’s ‘ah ha moment’ followed his service in the Israel National Security Agency (8200 unit), where his passions as a young officer for math and advanced software technologies, and for tackling complex cybersecurity challenges came together. This background inspired the invention of the first commercially available cyberattack simulation engine, introduced by Skybox to market in 2004 and was made available for enterprises and governments alike.
Skybox Security sells first product; launches network model
The first commercial product, Skybox View, was a smashing success. Skybox View found exposures to potential cyberattacks by modeling the network infrastructure, including security controls and exploitable vulnerabilities. Customers marveled at the power of the network model, the underlying technology that allowed them to conduct attack simulations. Now, customers can anticipate what an attacker might do – instead of just reacting once they were breached.
Skybox Security models controls to transform security policy management
Enamored with Skybox View, customers began to see the possibility of how the network model could be used for another pressing need -– compliance. The introduction of Sarbanes Oxley and PCI compliance requirements very soon became highly onerous for security organizations. Customers needed a way to visualize the attack surface to understand who had access to the network and whether the proper rules were in place to ensure security controls were intact. Customers also needed to maintain compliance by ensuring that any changes to the network didn’t inadvertently open new risks. Then, another idea sprung to life: The advent of our Security Policy Management Solution.
“Google Maps pulls together datasets about the terrain, roads, blocks, traffic lights, train lines and cities to offer a visual simulation of your path. Google provides that by aggregating many different datasets to show how to get from point A to point B efficiently – and they make it look easy. We do something very similar to that in cybersecurity but take it one step further than just showing the road: we also show the potholes, the fallen trees, the traffic lights, and dangerous neighborhoods to avoid.”
Gidi Cohen| Skybox Security Founder
Skybox pioneers a new approach to vulnerability management
As the threat landscape continued to evolve, Skybox identified a new way to help Skybox customers. Vulnerability scanners do not provide the threat intelligence needed to identify exploits in the wild. By only using CVSS as the barometer for risk, the world was missing an important piece – how exposed they actually are to an attack. Gidi saw time and time again how medium-risk vulnerabilities became steppingstones to critical assets that cost companies millions of dollars.
So, he decided to build a Vulnerability and Threat Management Solution that not only discovers vulnerabilities across the entire attack surface but also prioritizes which vulnerabilities to close based on asset importance, exploitability, exposure, and CVSS severity.
Introduction of the Security Posture Management platform
Skybox was incredibly successful with its two solutions – Security Policy Management (SPM) and Vulnerability and Threat Management (VTM). Next, customers began asking Skybox to bridge use cases across both solutions. The lightbulb went off. It was time to unify capabilities into one powerful platform that could power a new proactive approach to cybersecurity. Customers were now able to increase security efficacy, improve cyber hygiene, grow business resiliency, and more. Skybox pioneered a new approach to expand beyond the traditional “scan and patch” playbook by offering alternative remediation options. And customers can validate policy and rule changes against the Skybox network model before implementing to ensure that changes do not open up new exposures.
Over the past few years, market forces have caused an inflection point for cybersecurity that requires a new proactive approach to mitigate risk. The pandemic accelerated digital transformation, including a rapid cloud migration to support remote workers. The attack surface has greatly expanded. Regulations have grown in complexity. Critical infrastructure is increasingly under attack. Ransomware has ballooned.
Skybox is dedicated to continuous product innovation that identifies and proactively remediates critical attack vectors ahead of an incident. We enable our customers to make security decisions based on true exposure and potential financial business impact. We help customers achieve continuous compliance, no matter how complex their environment is.
When you choose Skybox, you choose the future of cybersecurity.
Skybox through the years
Two decades of innovation at-a-glance
2002
Skybox was founded with a singular vision. Cybersecurity needs visibility and context across the attack surface to make proactive, better, and faster decisions. Soon after, Skybox introduced its first commercial product to the market: Skybox View.
2006
The introduction of Sarbanes Oxley and PCI compliance requirements very soon became highly onerous for security organizations. Skybox met a new customer need with the introduction of Security Policy Management. As a result, security teams could reduce the resource drain and avoid costly fees by strengthening their security controls, processes, and compliance programs.
2011
Skybox introduces the Skybox Security Posture Management platform. With the platform, customers could take a common approach across their organizations to optimize security planning, deployment, and remediation processes to reduce exposure. This is only possible by implementing the network model based on an aggregation of essential data from a wide range of security, cloud, and network technologies.
2015
Skybox introduced Vulnerability Control. Customers could discover vulnerabilities across hybrid and multi-cloud environments, prioritize based on exposure-based risk scores and close with prescriptive remediation options.
2021
This is an action-packed year, with Skybox unveiling the industry’s most comprehensive exposure analysis. Skybox also introduced prescriptive remediation solutions that go well beyond traditional patching, such as applying IPS signatures, firewall rules, security tags, configuration changes to network and security devices, or software updates. Additionally, Skybox garnered substantial industry recognition as the best Vulnerability Management solution by SC Magazine, among many other accolades, as government and big business start to adopt the mindset that vulnerability management is mandatory.
2022
Skybox Security rolled out the next generation of its award-winning Security Posture Management Platform and the industry’s first Software-as-a-Service (SaaS) solution for Vulnerability and Security Policy Management. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud. Additionally, Skybox introduced a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), in which Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options.
What we’ve been up to lately
Zero in on what matters
You need a smarter way to fight cybercrime. A way that’s more targeted and more focused. Instead of addressing each and every vulnerability across your attack surface, you can zero in on what matters.
