Skybox Security Sales&Tech Overview

Skybox Security
Overview
Model the Attack Surface
DMZ
Security Controls Network Topology Assets Vulnerabilities Threats
2
Fastest–growing company
Silicon Valley HQ
in our space
Offices around the globe
$270M funding since February 2016
Who We Are
5–star reviews
700+ active customers
Vulnerability/Threat Management
50 countries, all verticals
Risk/Policy Management
3
Who Relies on Us
Financial Service Government Energy & Technology &

Healthcare Consumer
Services Providers & Defense Utilities Manufacturing
4
Why We’re Needed
97% of breaches are avoidable through standard controls
Limited visibility Non–actionable Lack of resources

intelligence and
data silos
5
Why We’re Needed
Skybox helps bridge the security management gap
Unparalleled visibility Integration with Intelligent automation

and comprehensive existing technologies and orchestration
network modeling and added intelligence
6
Improve Existing Resources
Firewall/Network
Security &
Infrastructure
Vulnerability
Management,
SIEM
120+
technology
Endpoint integrations
Security
Cloud/
Virtual
7
Skybox Security Suite
Integrated Security Management

Attack Surface Visualization
• Total visibility of the attack surface
– Physical, virtual, cloud and
OT environments
– Vulnerabilities and threats
• Measurable risk reduction
• Improved communication across
teams and up management chain
8
Security Policy Management

• Easy, efficient compliance reporting
• Intelligent workflows and automation
• Proactive risk assessments of security
and network changes
9

Vulnerability and Threat Management
• Vulnerability prioritization aligned to
the current threat landscape
• Exposed and exploited vulnerabilities
highlighted
• Resources directed where they’re
needed most
10
Skybox Security Intelligence Feed
Skybox Research Lab Exploits in the wild
700,000+ sites
in the dark web
Vulnerabilities used in
ransomware, exploit kits, etc.
30+ security
data feeds
Attack vector details
11
Security Policy Management
Model Analyze Monitor Change

Network Security Controls Compliance Management
• Network topology • Cloud security tags • Automated audits • Change request

view • Firewalls • PCI DSS • Tech details
• Normalized data • Rule and • FISMA • Risk assessment
from 120+ configuration checks
technologies • NERC • Provisioning options
• Network path analysis • NIST • Reconciliation and
• Physical, virtual, cloud
and industrial • Rule optimization • GDPR verification
• Access simulation • Change tracking • Custom policies
Understand Confirm Document Continuously

Network Context Effective Controls Compliance Verify Rulebase
12
Vulnerability and Threat Management
Discover Analyze Prioritize Remediate

Vulnerabilities Attack Surface Response & Track
• Scanless • Hot spot analysis • Imminent threats • Remediation planning

vulnerability detection • Attack simulation (exposed/active • Ticketing and
(physical/cloud) exploit) workflow
• Business impact
• Support for all third- • Potential threats • Dashboards and
party VA scanners • Network topology and (known/available
compensating reporting
• Threat-centric exploit)
controls
vulnerability • Attack vector details
management • Threat context
Same-Day Highlight Assets Focus on Areas of Respond

Identification at Risk Greatest Impact Quickly
13
Firewall Assurance
Comprehensive Multi-Vendor Firewall Management
Firewall Continuous Firewall Rule

Security Assessment Policy Compliance Life Cycle Management
How It Works
1 2 3
Collect & Normalize Analyze Report & Act
14
Change Manager
Secure, Automated Firewall Change Management
Change Management Automated Risk Rule Recertification

Automation Assessment Workflow
How It Works
1 2 3 4 5
Request Identify Assess Implement Verify
15
Network Assurance
Complete Visibility and Command of Hybrid Network Access and Routes
Network Compliance
Network Model Security Analytics
Verification
How It Works
1 2 3
Collect & Normalize Create a Model Analyze in Context
16
Vulnerability Control
Threat-Centric Vulnerability Management
Scanless Assessments Network + Threat Context Exposed and Exploited Vulns
How It Works
1
2
3
1 2 3 4
Assess Analyze Prioritize Remediate
17
Threat Manager
Threat Intelligence Analysis and Response
Consolidated Threat Contextual Threat Focused Threat

Intelligence Assessment Response
How It Works
1 2 3
Collect & Normalize Check Relevancy Track Remediation
18
Visualize Your Entire Attack Surface From
Multiple Perspectives
US
Unsecure Device Configuration (Total: 72)
Name: UDP reply packets – filtered #Violations: 1

Vulnerability Risky Access Policy: Checkpoint FW Standard Policy
Exposure Rules Last 4 Months
Name: Encrypted Line Password - required #Violations: 1
Policy: Cisco IOS RTR Standard Policy
311 Assets Name: IP source routing - prohibited #Violations: 1

5 Firewalls
Name: Password Encryption Service - required #Violations: 1
Exploited
Site Details Unsecure March April May June Current Policy: Cisco IOS RTR Standard Policy
in the Wild Device
Vulnerabilities Configuration Name: SNMPv3 Group - required #Violations: 1
Exploitable
Vulnerabilities
19
Skybox Horizon
Attack Surface Visualization
Risky Access Rule

Allows inbound access from DMZ
to deeper in network
Exploited in the Wild Vulnerability

Vulnerability with available and active
exploit is attacked
Unsecure Device Configuration

Misconfiguration enables the
continuation and spread of attack
20
Attack Surface Model
Context: Asset Exposure/Criticality
Vulnerability
Intelligence Prod FW Backbone Core Router
Vulnerabilities
+ Main Router GatewayEastA
Exploits in the Wild
Main FW GatewayEastA IPS
21
Attack Surface Model
Context: Asset Exposure/Criticality
Imminent Threat
Vulnerability
High-priority
Intelligence Prod FW remediation/mitigation
Backbone Core Router
Analytics Prioritize
Vulnerabilities
+ Main Router
Potential Threat GatewayEastA
Exploits in the Wild Gradual risk

reduction
Main FW GatewayEastA IPS
22
Security in Multi-Cloud Environments
NSX
AWS Azure
(Private)
Complete Visibility
End–to–end path analysis
Policy compliance across networks

in a single dashboard view
Out–of–the–box regulatory
compliance checks
Threat–centric
vulnerability management
23
Security in Industrial Networks
Visibility and path analysis

for combined IT and OT
OT networks IT
Production Control
Business/
System Network
Corporate Network
Risk analysis
Util Util
Vulnerability detection E A
Internet
Util
B
RTU/PLC/DCS Util Util
Controller Units & C D
Field Devices Neighboring
Utilities
24
GDPR—How Skybox Can Help
Article 25 Article 30 Article 32
Record
Data Protection Security
Processing
By Design of Processing
Activities
Article 33 Article 34 Article 35
Breach Notification
Breach Notification Data Protection
to Supervisory
to Data Subject Impact Assessment
Authority
25
Take Control of Your Attack Surface
Attack Surface Threat and

Automation and
Visibility and Vulnerability
Orchestration
Analytics Intelligence
26
Thank You
Skybox Security
Technical Overview
28
Skybox Architecture
29
Deployment Diagram
• Integrates with existing
infrastructure
• Automation, workflows
• Not a scanner, Agentless
• Built-in ticketing system
• APIs for integration with
third-party systems
• Appliance, virtual appliance,
software only
30
Network Model Visualization
31
A Comprehensive Network View
Detailed Model Complex and Changing Network
• Network context
• Network size, complexity
• Multi-vendor environment
Device-Level view
• Routers, LBs, FWs, Assets

• Routing tables, ACLs, IPS
• NAT/PAT, VPNs, Tunnels
32
Network Path Analysis
Access Analyzer
Understands
• Routing/PBR
• NAT/PAT/VPNs
• Load Balancing
• Firewall rules
• Multiple routes
33
Continuous Compliance Monitoring
Automated
Compliance Checks
– Access Compliance
– Configuration Compliance
– Rule Compliance
• PCI, NIST, Custom Policies
• Vendor best practices
• Track exceptions
34
Optimise Rules
• Spot shadowed and redundant
rules quickly
• Gather log data to analyse
historical rule usage
• Tighten the rule base, improve
security and effectiveness
• Have a consultative conversation
35
Zone-to-Zone Access Compliance
Internet /
External
Only Port 80
No Access
Paris
New
York
DMZ
London
Development
Partners
Only Ports 80, 8080, 443, 22
Resellers
Finance Servers
36
Optimizing Change Management Workflow
Automate Change Management
Change
Request
• Vastly improve operational costs
• Reduce time to implement changes Technical
Details
• Risk assessment before change is made

Risk
• Automate changes/generate configuration Assessment
• Reconcile changes Change

Implementation
Reconcile
and Verify
37
Change Management Workflow
Technical Risk Implementation
Request Verification
Details Assessment
Capture Translate Identify policy Assign to Reconcile

business/ violations & team for against
Path
technical Vulnerability provisioning observed
identification
details exposures changes
Rule analysis
Accept/Reject Verify Access
Skybox Analytics Engine

38
Change Management Workflow
Request for Other

Audit Trail
Request Firewall Change
Maintained
Change Requests
Technical Risk
Implementation Verification
Details Assessment
Skybox Change Manager
39
Skybox Vulnerability Database
• Skybox Research Lab aggregates 30+ vulnerability and
threat feeds
• More than 70,000 vulnerabilities on 8,000+ products
• CVE compliant, CVSSv3 standard
• Updated daily
ADVISORIES SCANNERS IPS OTHER

CERT, ICS CERT Symantec Security
Adobe Microsoft BeyondTrust Rapid7 Nexpose Fortinet FortiGuard Flexera Secunia Focus
Apple Oracle Retina Tenable Nessus McAfee IPS IBM X-Force Rapid 7 Metasploit
Cisco Red Hat McAfee FoundstoneTripwire IP360 Palo Alto Networks Mitre CVE Zero-day
Qualys Cloud Trend Micro TippingPoint NIST NVD vulnerabilities for
Platform Cisco SourceFire OSVDB published incidents
40
Skybox Vulnerability Database
Subscribed customers
30+ threat feeds updated daily
Skybox
… Research
…
Labs
Dedicated team
verifies, normalizes,
adds more data
41
Main Uses of the Vulnerability Database
Data normalization Skybox

Attack vectors
(vulnerabilities, IPS Vulnerability information
signatures) Database
Product and
vulnerability
profiling rules
Data Collection
Attack
into Security
Simulation
Model
Vulnerability
Detector
42
Remediate the stuff that matters!
Threat-Centric Vulnerabilities Identified

Vulnerability Management
• How do we prioritize for

remediation?
• Are critical assets at risk?
• What’s our trend in fixing vs
finding vulnerabilities?
• Which vulnerabilities should I
fix for the biggest impact?
43
Threat-Centric Prioritization
44
Vulnerabilities
Attack Simulation CVE 2014-0160
CVE 2014-0515
CVE 2016-0076
Compromised
Server
Internet
Hacker
Attack Vectors
Infected
Partner
45
Thank You
46

Skybox Security Sales&amp;Tech Overview

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Skybox Security Sales&amp;Tech Overview

Caricato da

Copyright:

Formati disponibili

Skybox Security

Security Controls Network Topology Assets Vulnerabilities Threats

Financial Service Government Energy & Technology &

97% of breaches are avoidable through standard controls

Limited visibility Non–actionable Lack of resources

Skybox helps bridge the security management gap

Unparalleled visibility Integration with Intelligent automation

Integrated Security Management

Integrated Security Management

Security Policy Management

Integrated Security Management

Skybox Research Lab Exploits in the wild

Model Analyze Monitor Change

• Network topology • Cloud security tags • Automated audits • Change request

Understand Confirm Document Continuously

Discover Analyze Prioritize Remediate

• Scanless • Hot spot analysis • Imminent threats • Remediation planning

Same-Day Highlight Assets Focus on Areas of Respond

Firewall Continuous Firewall Rule

Collect & Normalize Analyze Report & Act

Change Management Automated Risk Rule Recertification

Request Identify Assess Implement Verify

Collect & Normalize Create a Model Analyze in Context

Scanless Assessments Network + Threat Context Exposed and Exploited Vulns

Assess Analyze Prioritize Remediate

Consolidated Threat Contextual Threat Focused Threat

Collect & Normalize Check Relevancy Track Remediation

Name: UDP reply packets – filtered #Violations: 1

311 Assets Name: IP source routing - prohibited #Violations: 1

Risky Access Rule

Exploited in the Wild Vulnerability

Unsecure Device Configuration

Attack Surface Model

Context: Asset Exposure/Criticality

Exploits in the Wild

Main FW GatewayEastA IPS

Attack Surface Model

Context: Asset Exposure/Criticality

Exploits in the Wild Gradual risk

End–to–end path analysis

Policy compliance across networks

Visibility and path analysis

Article 33 Article 34 Article 35

Attack Surface Threat and

• Routers, LBs, FWs, Assets

• Risk assessment before change is made

• Reconcile changes Change

Capture Translate Identify policy Assign to Reconcile

Skybox Analytics Engine

Request for Other

Skybox Change Manager

ADVISORIES SCANNERS IPS OTHER

Data normalization Skybox

Threat-Centric Vulnerabilities Identified

• How do we prioritize for

Attack Simulation CVE 2014-0160

Potrebbero piacerti anche

Skybox Security Sales&Tech Overview

Skybox Security Sales&Tech Overview