Attack surface visibility for critical infrastructure

Reduce cyber risk and eliminate security blind spots through a unified view of assets and vulnerabilities across the IT/OT attack continuum.

The Skybox Security Posture Management Platform unlocks unprecedented visibility of assets, vulnerabilities, and exposures spanning the entire Purdue Enterprise Reference Architecture (PERA). Atomic visibility of assets and vulnerabilities in field, control, and process levels of PERA is facilitated by a portfolio of integrations with specialized OT scanning vendors.

Infrastructure modeling

The platform creates an abstraction of the corporate infrastructure by ingesting and normalizing configurations and routing information from networking and security devices, public and private clouds, configurations, assets, patch management repositories, and much more. The model uniquely combines infrastructure context with threat intelligence and helps administrators visualize the entire network topology, including zones and locations, network path connectivity, and access rules that govern the converged infrastructure.

Configuration hygiene checks

The Skybox platform exposes cyber hygiene blind spots by comparing network and security configuration settings with out-of-the-box or easily customizable configuration policies. This leads to easy identification and speedy remediation of misconfigurations or control gaps such as the use of default passwords on routers, switches, and firewalls or the use of Telnet instead of SSH for device administration. The platform also ensures overall compliance with STIG, MITRE ATT&CK framework, CIS benchmarks, IEC 62443, or industry best practices.

Asset and vulnerability information collection

The Skybox platform employs multiple techniques for ingesting asset and vulnerability information3 from active scan-based vulnerability asset tools, endpoint detection and response solutions, OT passive scanning solutions, and various asset data repositories. The result is a single-pane-of-glass view of assets and vulnerabilities across IT and OT environments. Through this process, the platform enables the identification of cyber hygiene gaps such as insecure operations, older operating systems, assets lacking up-to-date patches.

Scanless vulnerability discovery

Scanless detection expands coverage by correlating asset information from generic configuration management database (CMDB) parsers and patch management repositories with updated vulnerability data from Skybox threat intelligence. The result is continuous non-intrusive discovery on routers, switches, firewalls, and non-scannable assets. Gaps between active scan events on scannable assets are also filled. This critical capability reduces dependence on intrusive processes such as active scanning, that can increase downtime risks in sensitive OT environments.

Multi-factor risk scoring and prioritization

Prioritization of vulnerabilities using the static CVE-based ranking system can leave large organizations struggling under crushing operational workloads as they pore over millions of vulnerability occurrences that are captured in manual spreadsheets. The Skybox platform uses a flexible and customizable algorithm to compute risk scores for assets and vulnerability occurrences.

Dashboards and reports

The Skybox platform enables extensive reporting through customizable out-of-the-box dashboards and reports. Prebuilt templates allow administrators to query underlying Elasticsearch clusters quickly and intuitively for numerous attributes. Assets and vulnerabilities can be grouped by business units, so business owners can focus their efforts on remediation within the SLA.