Skybox Security Launches Industry’s First Integrated Suite For Security Risk Management With Skybox View 2.5

SAN JOSE, CA – Dec. 12, 2005 – Skybox® Security, Inc., the leader in Security Risk Management (SRM), today launched the industry’s first integrated suite of Security Risk Management applications, Skybox View Suiteâ„? version 2.5. Available immediately, the Skybox View Suite supports two applications: the award-winning Skybox Secure and recently announced Skybox Assure. Collectively these applications automate labor-intensive processes associated with risk assessment, mitigation planning, network change assurance and audit certification. With Skybox View Suite, security and network professionals can strike the right balance between application availability and network security.

The company also announced the industry’s first proactive worm attack simulator. This new module for the Skybox Secure application enables organizations to precisely predict and calculate the potential business and collateral damage resulting from a malicious worm breach. All known worms, including their specific threat behaviors and propagation characteristics, are maintained within a worm content module that is continuously updated. In addition Skybox Secure generates a prioritized list of mitigation projects that, if implemented, will block the worm attack or contain the worm from spreading to other parts of the network. Now, for the first time, organizations can predict the likelihood and severity of a worm attack to focus and streamline resources on deploying the right mix of countermeasures to reduce collateral damage.

Finally, the company announced the availability of an executive dashboard that provides an easy-to-interpret security risk scorecard for all levels of the organization. With the Skybox Dashboard, management teams gain unprecedented insight into the security risk profile of their organization in the form of actionable metrics and trending information.

“Business owners, CISO and operations management need better decision support and analysis tools associated with network security risk assessment and network change assurance. Skybox View Suite represents the industry’s first integrated, measurable and continuous approach that helps organizations understand the operational efficiency of each layer of security. With Skybox Secure organizations can transform security from the great unknown to a business enabler that delivers measurable ROI. With Skybox Assure organizations can transform network change management from a labor-intensive and error-prone process to one that eliminates human error and streamlines audit compliance,” said David Batista, president and CEO of Skybox Security.

Today’s Balancing Act: Availability and Security

Today, the risk assessment and mitigation planning is an expensive, labor-intensive and inaccurate process that is conducted only a few times a year. With new security vulnerabilities born everyday, and a constantly changing network, security professionals try in vain to continuously assess, identify and remediate threat exposure – before critical business applications are compromised. What security professionals need is an automated, proactive and continuous approach to measuring and improving their organization’s state of security.

Similarly, IT network infrastructures are complex and constantly changing. Best practices dictate that network engineers follow a rigorous network change management process, which includes a well-defined procedure for approving, planning, scheduling and documenting changes. However, network engineers today have no way to analyze or validate if proposed changes are effective or if proposed changes will expose the organization to unacceptable risk exposure. Documenting and auditing policy compliance in context with network access and security exposure is not feasible with existing change management tools. Moreover, since network changes are implemented on live networks without prior verification, network and user disruption is common. What network professionals need is a way to balance the connectivity needs of the business while minimizing network risk exposure without impacting network operations.

“Security and networking professionals have long needed a way to assess the impact of new threats and proposed network changes without subjecting their live networks to unnecessary disruption. Skybox View Suite gives security and network teams visibility and business context so they can safely assess security risks and network changes,” said Phebe Waterfield, Senior Analyst, Yankee Group. “For example, with worm simulation features, organizations can model the impact of a hypothetical day-zero worm attacks. Dashboard risk metrics provide a way to measure the impact of such threats. Skybox View thus quantifies risk allowing network and security teams to maximize application availability while minimizing network risk exposure within a single integrated offering.”

Introducing Skybox View Suite 2.5

Skybox View Suite 2.5 provides a set of common services that include modeling, simulation, “what-if” analysis, visualization and workflow management through a modular, scalable foundation. Based on unique modeling, simulation and what if technologies a virtual model of an organization’s network infrastructure is generated. Within this virtual environment, attack scenarios and network access can be safely simulated and analyzed. And because all analysis is performed on a virtual model there is never a fear of network disruption. The purpose of the virtual model is to:
· Evaluate infrastructure vulnerabilities
· Calculate security risk exposure and risk metrics
· Analyze business impact of possible cyber attacks
· Plan safe and optimal security countermeasures before deployment
· Validate availability impact of network changes before implementation
· Assess network access policy effectiveness and document compliance

Three new Editions are now available for the Skybox Secure and Skybox Assure applications: Enterprise, Standard, and Project.
· Enterprise Edition is designed for large organizations and government agencies of any size.
· Standard Edition is designed for smaller environments with network infrastructures consisting of up to 1,000 infrastructure nodes.
· Project Edition is designed specifically for one-time risk assessment and network architecture review projects. These one-time projects can be performed by security consultants, integrators, or by the end-customers.

With Skybox View Suite, network security risk is reduced, IT workload is reduced, and management gains unprecedented visibility into their organization’s risk and governance profile. Skybox View Suite is uniquely positioned as it does not displace any current security or networking technology. The goal of Skybox View is to help organizations accurately measure the relative strengths and weaknesses of each layer of security and network access. By doing so, organizations can maximize past, present and future security investments.

About Skybox Security

Skybox® Security pioneered the science of quantifiable security risk analysis and is driving the advancement of the Security Risk Management (SRM) market. The company’s award-winning product suite, Skybox Viewâ„?, is the first and only software solution to create a virtual model and staging environment of an organization’s network security and access profile.

This virtual model can be safely attacked, changed and analyzed for the purpose of improving the security profile of the network as well as validating the impact of proposed network changes within defined policies. The result is a more secure network, operational efficiency and reduced IT workload. Skybox View Suite supports two major applications – Skybox Secureâ„? and Skybox Assureâ„? – through a modular, scalable suite.

Founded in 2002, Skybox is headquartered in San Jose, California and is privately held. Skybox View has been successfully deployed at highly respected Global 2000 companies worldwide. For more information contact (408) 441-8060 or www.skyboxsecurity.com.