Network model enables customers to identify cyber risk exposure and calculate the potential financial impact of cyber attacks
Identifies cyber risks with the greatest potential financial impact
Prioritize vulnerabilities and automate mitigation strategies in complex hybrid environments
Quantify proactive cybersecurity investments and automate reporting
SAN JOSE, Calif.–(BUSINESS WIRE)–box security, a global leader in security posture management, today introduced new automated cyber risk quantification capabilities. Leveraging its proprietary network modeling techniques, Skybox now quantifies the business impact of cyber risks into economic impact. This new financial calculation allows customers to identify and prioritize the most critical threats based on the size of the financial impact, among other risk analyses.
“Other solutions in the industry are only capable of performing a secondary risk assessment based on the importance of the assets. To develop an accurate risk estimate, you need the network modeling, exposure management, and path analysis that only Skybox can offer,” said Gidi Cohen, CEO and founder of Skybox Security. “Real and timely risk reduction is how we ultimately define customer success. That can only be achieved with a proactive, risk-based approach to managing your security posture.”
Skybox Security continues to evolve its platform through new technology innovations and integrations to solve customers’ critical cybersecurity challenges. Skybox’s new cyber risk quantification capabilities elevate the role of cybersecurity and enable CISOs to:
Prioritize critical cyber risks based on vulnerabilities that are exposed and exploited in the wild
Target risk mitigation on top risks with remediation options that go beyond patching
Make data-driven decisions while navigating the risks and opportunities of digital transformation
Calculate the ROI of cybersecurity budgets to validate investments and report financial impact
According to Forrester Research: “Even with an unlimited budget and resources, it would be impossible and impractical for the security organization to address all threats. The fast-moving and evolving nature of cyber attacks requires CISOs to act quickly and decisively to mitigate the risks that have the greatest business impact. By quantifying assets and expressing the dollar value at risk of cyber events, CISOs can focus their risk mitigation strategies on the most significant risks with the greatest consequence to the business.”one
Vulnerability Lifecycle Management Algorithm Expands to AWS, Microsoft Azure, and Google Cloud Platform
Skybox Security has also extended its industry-leading vulnerability management and exposure analysis capabilities to the top three public cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Available now, these new capabilities provide customers with continuous and accurate risk assessment and prioritization of vulnerabilities within hybrid cloud deployments.
By extending its industry-leading IT/OT exposure management capabilities to leading cloud service providers, customers realize the following benefits:
- Discovery of assets and vulnerabilities – For comprehensive visibility, Skybox uncovers blind spots that active scanning solutions can’t reach. As a result, customers get a complete picture of their unique hybrid attack surface. Skybox Platform aggregates multivendor scan data from a customer’s environments and uncovers vulnerabilities in unscannable cloud workloads.
- Vulnerability prioritization – Find and identify gaps that an adversary will exploit first by analyzing exploitability, criticality, asset significance, and exposure. The Skybox algorithm prioritizes risk using a flexible and customizable formula that can be tailored to a client’s unique business. The platform identifies the most effective remediation options, including network-based compensation controls to complement patches and software updates for a defense-in-depth approach.
- Network modeling and attack surface visualization – Security architects can model how risks are mitigated with a layered combination of native, custom, and other alternative security controls. Skybox’s network model enables path analysis and attack simulation to identify exposed vulnerabilities.
- Repair of targeted attacks – The Skybox Security network model identifies potential attack paths, allowing customers to prioritize which security controls will mitigate a threat or attack. In addition to identifying redundant, weak, or risky rules, Skybox enables faster audit compliance reporting due to its comprehensive security control reports.
- Integration with IT service management (ITSM) tools – Improve ITSM decision-making and performance with an integrated view of how well IT and security teams are managing cybersecurity risks. ITSM integrations support strategic planning and an aligned approach to reduce cyber risk across the enterprise.
- Take the risk out of IT/OT convergence – The cornerstone of an effective cybersecurity strategy is a comprehensive, single-pane-of-glass view of assets and vulnerabilities spanning IT, OT, and cloud environments. Skybox aggregates vulnerability information from active scanning solutions (such as traditional vulnerability assessment scanners), specialized passive scanning-based OT security platforms, and its unique non-scanning detection techniques to deliver the most advanced vulnerability management solution in the industry. industry.
Network model innovations advance attack simulation and route analysis automation
The latest release also includes major network model updates that significantly increase customer time-to-value and real-time exposure analysis through faster aggregation between different technology stacks and customer security toolkits. Skybox Security is the only solution that creates an extensive model of a customer’s unique hybrid environment, including all L3 devices.
The network model is continually updated, incorporating client scan data and proprietary threat intelligence feeds from the Skybox Research Lab. Major client use cases for the network model include performing path analysis and performing threat simulations. attacks. Analyze network configuration, verify proper network segmentation, evaluate security controls, and highlight broken paths.
“Many customers struggle to understand and visualize the full topology of their hybrid network and correctly assess the exposure of their critical assets. A new Skybox innovation now automatically determines and adds missing network elements to build a complete network model,” said Haggai Polak, Product Manager, Skybox Security. “This is a game changer for customers who don’t have the resources or visibility to feed all of their data sources into the model. As a result of this innovation, customers receive an accurate picture of their attack surface within hours. Additionally, the model can bridge organizational silos by offering a comprehensive view of complex and heterogeneous IT, hybrid cloud, and OT status that multiple business teams can reference as a single source of truth.”
1 Transform Cyber Risk with Cyber Risk Quantification, Forrester Research, Inc., January 28, 2022.
About Skybox Security
Over 500 of the world’s largest and most security-conscious companies rely on Skybox for the insights and security to stay ahead of dynamically changing attack surfaces. At Skybox, we don’t just serve data and information. Instead, we provide the intelligence and context to make informed decisions, taking the guesswork out of securely enabling businesses at scale and speed. Our unified security posture management platform offers comprehensive visibility, analysis, and automation to quickly map, prioritize, and remediate vulnerabilities across your organization. The vendor-agnostic platform intelligently streamlines security policies, actions, and change processes across all cloud and corporate environments. With Skybox, security teams can focus on the most strategic business initiatives while ensuring businesses remain protected.
© 2022 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications are subject to change at any time without notice.
Contact with media and analysts
Director of Corporate Communications