Virtual and Cloud Network Security

Integrate cloud security management into your overall security program


The scalability and flexibility of the cloud is a business driver — security can't get in the way. But often security teams struggle to gain visibility of network infrastructure, connectivity, applied policies and vulnerabilities in these complex, dynamic networks, making for unsecure deployments.

Skybox for Cloud™ extends security management capabilities and processes to the cloud. Using comprehensive network modeling, Skybox gives security teams seamless visibility across physical, virtual and multi–cloud networks to:

  • Consistently apply security policies throughout your organization
  • Analyze paths between and within networks
  • Identify vulnerabilities in virtual and cloud environments and accurately prioritize remediation

These solutions give organizations the visibility and control needed to improve interoperability between networks and deploy workloads in the cloud securely and efficiently.

Skybox currently offers integrations with Amazon Web Services, Microsoft Azure and VMware NSX. 

Integrated security management across physical, virtual and cloud networks

Unified Security Policy Management

Virtual machines can be spun up quickly and by non–security professionals. Security teams need to be able to assess if the security tags applied to an asset meet the security policy standards they rely on in their physical network.

Skybox gives visibility to applied security tags at the security group and asset level, and normalizes security tags from multi–cloud networks for easy correlation to physical network security policies. In a single dashboard below, users can see:

  • Overall compliance posture with internal standards, best practices and industry regulations
  • When new assets are spun up and their properties
  • All policies related to a specific security group

Ensure policies are applied consistently throughout your network, whether it's physical, virtual, multi–cloud or a hybrid of all three.

NSX Security Group Details

End–to–End Path Analysis

Quickly assess connectivity and information of any path between or within physical, virtual and multi–cloud networks.

Skybox combines east–west and north–south traffic to understand connectivity and quickly determine the rules allowing or blocking access. With Skybox, perform ad–hoc queries showing connectivity for applications. Simply select any source and destination in the interactive network model and view details on the devices and access rules along the path.

Blocked path in Amazon Web Services

Vulnerability Management

Only Skybox offers scanless vulnerability assessment for virtual and cloud networks. As in physical networks, the Skybox® Vulnerability Detector feature of Skybox® Vulnerability Control combines data from patch and asset management systems as well as third–party vulnerability scans running in the cloud. This allows users to quickly identify vulnerabilities on–demand, filling in blind spots between scans.

Skybox incorporates vulnerability assessment data in its threat–centric vulnerability management processes, correlating vulnerability information with asset criticality and exposure, as well as Skybox Research Lab intelligence on exploits in the wild. The result is the best available priortization method, ensuring remediation efforts are directed in the right place.

Asset Risk Overview in Skybox Vulnerability Control

Learn More


E-Book: Smart Automation

Intelligently automate processes to manage security policies, firewalls and their changes

SANS Whitepaper: Automating Cloud Security to Mitigate Risk

Smooth your migration to the cloud. Learn the potential threats and challenges you may face and how you can gain visibility to better manage cloud network security.