Skybox Security Unveils First Exposure Risk Management (ERM) Solution

Skybox Security, Inc. today launched Skybox View, the first Exposure Risk Management (ERM) solution and a new automated process for vulnerability management. Skybox View is based on breakthrough modeling and attack simulation technologies that create a “step-by-step recipe of an attack,” the only way to identify critical vulnerabilities and eliminate the information overload generated by conventional tools. With Skybox View, enterprises can accurately pinpoint, prioritize and eliminate high-risk security exposures – in hours versus weeks or months. It is successfully deployed in large enterprise networks including international banking institutions, media firms and telecommunications corporations.

“IT security professionals need a way to prioritize the mitigation of vulnerabilities. With an accurate and timely way to reduce the volumes of vulnerabilities produced by scanners down to the one or two percent of risks that really matter, enterprises can protect assets and eliminate threats to business-critical applications,” said Mark Nicolett, security research VP for Gartner, Inc.

Only one to two percent of the vulnerabilities generated from today’s scanners are critical business risks. These tools are of limited value for large complex enterprise networks due to incomplete or inaccurate reporting. With tens to hundreds of thousands of vulnerabilities, at least ten new vulnerability types published daily and constant network changes, it takes weeks or months for enterprises to manually analyze this information – an unacceptable window of exposure.

Research at Dartmouth ISTS (Institute for Security Technology Studies) underlines the significance of the “vulnerability exposure window, ” which states that four to six months after a system audit or a penetration test “the probabilities are very high (66% to 99%) that an attacker can conduct a full consequence compromise.”

What enterprises really need to know is “where can an attacker go?” and “what is the potential damage and business impact?” Skybox View introduces an automated four-step Exposure Risk Management process that allows security professionals and business executives to understand their real risk levels in near-real time:

” Model the environment : Creates a virtual model of the entire IT environment – including data from scanners, network management systems, firewall and router configurations, business logic and security policies – to predict all possible access routes.

” Simulate Attack Scenarios : Runs attack scenarios to zero in on the real exposures, the primary vulnerabilities that lie directly on an attack path to critical business applications and are reachable and exploitable.

” Calculate Business Risk : Business risk analytics are applied by assessing both the attack likelihood and damage potential, based on breaches and losses of confidentiality, integrity or availability.

” Plan Exposure Remediation : Presents all possible remediation measures and the minimum steps required to prevent the entire attack. Powerful what-if scenarios can help simulate the effect of changes before applying them to the IT infrastructure.

“How can you assess risks without considering your firewall, routers and other systems in your analysis? Modeling your total environment and running attack simulation is the only way to find critical vulnerabilities automatically. Executives need these technologies to really understand their business risks on a timely basis.” said Gidi Cohen, president and CEO of Skybox Security.

About Skybox View

Skybox View is an enterprise software solution comprised of three components: Skybox View Collector, Skybox View Server and Skybox View Manager. It interoperates with leading networking and security products including: ISS Internet Scanner, eEye Retina, Nessus, Qualys, HP-OpenView, Check Point Firewall-1 (4.1 and NG), Check Point Provider-1 NG, Cisco PIX, Cisco IOS Firewall, NetScreen, Iptables, Cisco IOS routers, and Nortel routers.

Skybox View is available immediately. Pricing is tiered based on the number of infrastructure nodes of the enterprise network (servers, routers, firewalls).

About Skybox Security

Skybox Security, Inc. is an enterprise software company that develops and markets next-generation exposure risk management solutions that help enterprises identify and mitigate critical risks in hours versus weeks. Unlike conventional vulnerability management solutions, the company’s flagship product, Skyboxâ„? View, leverages existing firewall, router, network and vulnerability data to apply breakthrough modeling and attack simulation technologies that reveal the one to two percent of reported vulnerabilities that impact critical business applications. With Skybox View, executives and security professionals can dramatically raise security levels by shrinking the window of exposure from weeks to hours, understand critical exposures in the same terms, and apply scarce security resources where they are needed most.

Founded in 2002, the company is headquartered in Palo Alto, California and is backed by Benchmark Capital, Lightspeed Venture Partners, Carmel Ventures, and Mofet Technology Fund. For more information contact (650) 565-8060 or http://www.skyboxsecurity.com.