When Gidi Cohen started Skybox Security three years ago, he made a commitment to manage security risk more efficiently than other firms were providing for the enterprise community.
“The IT community faces a huge problem in meeting government regulations,” Skybox Security CEO Cohen told TechNewsWorld. “Skybox View 2.0 takes IT security to a new level against malicious threats.”
According to security experts and industry analysts, worms pose the number one IT security threat. They are considered the most difficult to isolate and defend against.
Different Approach
To meet the heightened threats posed by worms, Skybox View takes a different approach than other security software. Its recently released ENHANCED software shifts to a pre-attack defense strategy by predicting which network vulnerabilities can be exploited based on behavior patterns of worms. Having identified the priorities, it then helps IT managers to mitigate the threats before an attack takes place.
Company officials stress that enterprise compliance is not like the Y2K date fix of the year 2000 bug that was inherent in the core logic of computers. Instead, it is a process, not an event.
Skybox View 2.0 provides a second level of compliance using “continuous monitoring” with automated gap analysis for rapid prediction and response.
The software measures and analyzes risk exposure and the effectiveness of managing that risk. This enables corporations to focus on the type of threats that bring the most destructive results to their specific operations.
Unlike the approach taken by conventional vulnerability management, Skybox View exposes the top 1 or 2 percent of the vulnerabilities that can impact critical business applications. It does this through technology breakthroughs for modeling and attack simulation.
This proactive approach to risk assessment and remediation planning lets executives and security professionals dramatically raise security levels. Instead of being vulnerable for weeks before the threat is unmasked, companies using Skybox View can shrink the window of exposure to a few hours.
How It Does It
In turn, this smaller window of vulnerability can lower operational cost and let IT departments allocate resources more effectively.
Skybox View uses scanner and other information about network infrastructure to create a virtual model of network environments. The software then runs attack simulations reducing more than 10,000 vulnerabilities to the less than 2 percent that are truly exposed.
The software is designed around a three-tiered architectural model. The management console, called Skybox View Manager, is the first tier.
Skybox View Server provides the second tier. Skybox View Collector, the third tier, gathers the analytical strands with one component for approximately every firewall segment or one per site.
The threefold approach coexists and leverages the existing intrusion scanning technologies already in place at the enterprise location. The process easily integrates within the network infrastructure.
Together the software provides for more efficient operations in change management, patch management, firewall management and security event management.
Worm Simulation
Worm Defense Management (WDM) is a new component in Skybox View. The availability of worm simulation makes Skybox View the first enterprise software platform to deliver continuous and proactive defense against destructive and difficult to isolate worms for large enterprises.
“Today there is no way to know if your network is worm-resilient,” Cohen said. “And because of the epidemic way in which worms spread, it is impossible and impractical to patch everything just to prevent one worm attack. A smarter, more proactive approach is needed,” Cohen concluded.
Skybox View 2.0’s worm attack simulation feature provides a virtual looking glass methodology that lets security professionals simulate, understand and predict potential worm exposures due to infrastructure vulnerabilities before an attack occurs.
The software maintains a comprehensive worm dictionary and simulates potential attack paths and propagation behavior of worms. It also displays the most effective methods to fend off attacks.
By playing out the “what if” predictions created by the software, companies are better able to make decisions that justify remediation alternatives.
Worm Entomology
Security officials agree that worms are the No. 1 IT security threat. They consider worms to be the most difficult to defend against.
A worm, which is a self-replicating code, rapidly propagates itself over an entire network infrastructure. It does this by exploiting known vulnerabilities or weaknesses in controls.
Perhaps the biggest threat involves a zero-day worm. This designation is given to worms that infect and multiply swiftly without early warning detection because they exploit a vulnerability not yet published.
According to Skybox officials, even well handled change and patch management systems have worm defense limitations. Worms can arrive before a patch becomes available and applicable.
In most cases, it is not economical or safe for IT staffs to patch everything. Thus, the Skybox solution provides a feasible and reliable alternative to help most enterprises identify priorities.
Compliance Issues
“Skybox View 2.0 represents a quantum leap forward in addressing the challenge of correlating security risk management with regulatory compliance,” CEO Cohen said. “Our customers have made it clear that regulatory compliance hinges on well-executed risk management programs.”
He said Skybox View enhances current best practices and internal controls with automated risk management analysis and compliance risk management. This enables the security, network and business units to work more effectively as a team.
Skybox’s software plays nicely with the rigid requirements of the Sarbanes Oxley Act, Gramm-Leach-Bliley Act, HIPAA and Basel II regulations.
“Skybox View’s modeling, compliance reporting and risk classification features provide us with a solution to mitigate risk smartly,” Preston Wood, CISO for Zions Bancorporation, said. “Using Skybox technology to have a consolidated view of our layered security controls, we can simulate threats, consolidate and analyze data from multiple threat scanning systems, and continuously monitor our security and compliance posture,” Wood concluded.
Price Info
Skybox View pricing starts at US$50,000 and increases based on size of network.
The pricing structure includes automatic updates for worm recognition patterns and an agreement for related software maintenance.
Skybox management believes in integrated solutions rather than separate packages. Thus, worm defense management should be an integral part of existing security risk management program.
The introduction of a worm attack simulation and worm risk analysis software is the company’s first step in a planned series of Worm Defense Management initiatives.
Skybox plans to introduce additional integrated solutions later this year.