SEE THE

BIGGER
PICTURE
With Skybox Security

Arthur Dinevich

1
Scale and Complexity in modern organizations

2
Financial Service Government Energy & Technology &
Healthcare Consumer
Services Providers & Defense Utilities Manufacturing

3
This is Skybox…
Attack Surface visibility, combining topology, vulnerability,
and threat intelligence to prevent and contain attacks

• Founded in 2002 with HQ in Silicon

Valley, offices globally / R & D in Tel
Aviv
• More than 750 enterprise customers
in 50 countries
• Largest customers have in excess of
1m assets being modelled

4
4
Firewall /
Network
Security &
Infrastructure

Vulnerability
Management,
SIEM

Endpoint
Security
150+
Technology
Integrations

Hybrid
Infrastructure
(Cloud & OT)

5
Establish a Single Source of Truth
Vulnerability &
Asset Repositories Security Weaknesses

Endpoint Security (EDRs) Multiple Vulnerability Scanners

Patch Management App and Web Scanners

Systems
Asset Config Weaknesses
Homegrown Databases
Custom Vulnerabilities
CMDBs

Infrastructures
Intelligence Feeds
On-Prem Network Devices
Public Intelligence Feeds
Public/Private Clouds
Scanner and App Feeds
OT Networks
Dark Web Sources

6
 Corporate Private Cloud
Network

OT Public Cloud

Multi-dimensional network model

© 2021 Skybox Security, Inc. 7
Understand ALL Exposures
Azure Production Azure Test ON PREMISE Exposed: Shielded by IPS:
CVE-2018-1000115
Critical Risk Low Risk
Partner
PRIVATE CLOUD
Los Angeles
• Topology/Segmentation
Internet errors
Development Finance NSX

• Hardening/Misconfiguration errors
PUBLIC CLOUD
Partner
VPN

• Critical/Exposed/Exploitable vulnerabilities
AWS AWS
Customers Production
VPN IPS

AWS
Development
OPERATIONAL
Web TECHNOLOGY OT
Server
App App
DMZ DB London

8
SEE THE
BIGGER
PICTURE
With Skybox Security

Functional details

9
 THE BIGGER PICTURE
• Network Security Policy Management
• Vulnerability & Threat Management

IN ONE PLATFORM

Firewall Network Vulnerability

Change Manager
Assurance Assurance Control

Skybox Threat Intelligence

10
Firewall Assurance
Comprehensive Multi-Vendor Policy Management

Firewall Continuous Firewall Rule

Security Assessment Policy Compliance Life Cycle Management

How It Works

1 2 3

Collect & Normalize Analyze Report & Act

12
Change Manager
Secure, Automated Change Management

Change Management Automated Risk Rule Recertification

Automation Assessment Workflow

How It Works

1 2 3 4 5

Request Identify Assess Implement Verify

14
Network Assurance
Complete Visibility and Command of Hybrid Networks

Network Compliance
Network Model Security Analytics
Verification

How It Works

1 2 3

Collect & Normalize Create a Model Analyze in Context

16
Vulnerability Control
Risk-based Vulnerability Management

Scanless Assessments Network + Threat Context Exposed and Exploited Vulns

How It Works

1
2
3

1 2 3 4

Assess Analyze Prioritize Remediate

18
The Skybox Platform – Threat Intelligence
Skybox Threat Intelligence: The threat landscape is in constant change. The Skybox Research Lab has been at the
forefront in analyzing the latest cyber vulnerabilities and threats across the industry for over a decade. Our
customers leverage this verified and up-to-the minute contextualized threat intelligence that delivers insights on
vulnerabilities, intelligence and remediation options in one consolidated source.

Skybox Security Posture Management Platform

Firewall Assurance Change Manager Network Assurance Vulnerability Control

Skybox Threat Intelligence

19
 Imminent
Threat

Exposed and Exploited

Contextual intelligence derived from
business, network and threat insight

Exposed
Network topology, security controls Imminent Threat
and attack simulation analysis

Exploitable
Imminent Threat Threat intelligence feeds and
security analyst research

Critical Severity
Common Vulnerability Potential or Imminent threat
Scoring System (CVSS)

Occurrences
Potential Threat Scanner and scanless
vulnerability assessments

All Vulnerabilities
Potential Threat
NVD and other databases

20
Remediation and Mitigation Options
Patch
Requires Asset
Layer Insight
Upgrades

IPS Signature

Requires Network
FW/Security Tags
Layer Insight

Configuration

21
SEE THE
BIGGER
PICTURE

Thank You!

Q&A

22