SkyBox Security

Security management tool with endpoint software integration

SkyBox Security
(Image: © SkyBox Security)

TechRadar Verdict

SkyBox Security helps to address cybersecurity gaps within an organization, identifies weak spots, and helps remedy them. Although it supports some valuable features, it sometimes seems unnecessarily complex and slows the workflow.

Pros

  • +

    Network mapping and modeling

  • +

    Threat emulation

  • +

    Seamless integration with endpoint software

  • +

    Systematic vulnerability approach

Cons

  • -

    A bit pricey

  • -

    Sometimes provides too much information

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

Founded in San Jose, California, over 20 years ago, SkyBox Security has helped over 500 enterprises and organizations improve their security management and efficiency. The software provides a cybersecurity management platform to address security challenges and enable comprehensive attack surface visibility with insights to reduce risks. 

SkyBox connects and centralizes multiple manufacturers' traditional, next-gen, and cloud-based firewall solutions while automating and improving tasks like logging, configuration, and change tracking. Moreover, users can analyze and optimize rules and firewall reporting. 

The solution is designed to meet the needs of both network and cloud security systems for accessing policy violations, rule conflicts, and misconfigurations while ensuring compliance with regulations and internal policies.

Furthermore, SkyBox offers vulnerability discovery, prioritization, remediation, and reporting. This enables users to aggregate and remedy a wide range of data from scanners, security, and network infrastructure, configuration databases, non-scannable assets, etc.

Although the official site is colorful, it is cluttered with textual information, making it challenging to understand all at once. Notably, the resource page offers video presentations, guides, case studies, webinars, solution briefs, and infographics.

Plans and pricing

Like with its competitors, SkyBox's pricing largely depends on the organization's size, options included in the package, number of devices, and support program. On the official site, customers have the option to discuss pricing directly with SkyBox sales representatives by filling out an application form.

The application form is straightforward to fill out with usual info like full name, email, phone number, country, and requested product. Customers can choose between products such as Security Posture Management Platform, Security Policy Management and Vulnerability, and Threat Management, or they can opt to get price quotes for all three.

SkyBox Security

(Image credit: SkyBox Security)

Features and Functionality

SkyBox Security is a comprehensive security management tool offering various features and functionalities, notably the ability to simulate and emulate threats, which is handy for adjusting and testing security practices in an organization. Obtained results are then analyzed from multiple perspectives, such as threat origin, a section of the network, a business unit, or an asset.

Moreover, it seamlessly integrates with endpoint software like McAfee or Symantec, an essential function since it presents the most significant threat considering that most attacks come from that end.

The tool allows users to visualize and analyze multi-cloud, on-site, and hybrid network systems with a complete overview and understanding of attack paths. While network maps are limited to only showing physical connections of devices, the supported feature of network modeling envisions all possible interactions, analyzes security effectiveness, and identifies risks.

Risk scoring was very useful during our product testing since it gave us a clear picture of our asset vulnerabilities and the probability of being exposed to threats and thus exploited. The software achieves this by analyzing security controls and configurations in places across the entire network.

Although it is worth noting that we did get some false positives cases during our testing, which can block usable ports and lead to an increased workload to fix the issue.

SkyBox Security

(Image credit: SkyBox Security)

Interface and ease of use

SkyBox is mainly used to scan and identify critical vulnerabilities, help manage all the network aspects, and apply corrective measures to eliminate threats.

The solution offers two types of installations of SkyBox Security Suite, a single-box installation mainly used for testing and demonstration purposes and a multiple-box installation. Although single-box can be deployed in a production environment, we do not recommend that. Multiple-box installation is the type that most businesses will utilize, as the Skybox Security Suite and collector are both installed on a server.

Once logged in, users will be presented with a comprehensive management dashboard with many options to choose from. The dashboard is clear with big icons and concise graphical data that is easy to read and export. By cycling through tabs on the left side of the dashboard, users can review all the information in the environment.

SkyBox Security

(Image credit: SkyBox Security)

When generating reports, users have many customization options available, which should satisfy most customers' needs. The generated reports are designed and formatted professionally in line with what is expected from a professional report. 

What is surprising is the lack of a simple button on the dashboard that could be used as a shortcut allowing users to scan their network without the need to go into the advanced settings.

Customer support

SkyBox Security

(Image credit: SkyBox Security)

SkyBox offers two technical support programs, Standard and Premium support. With the Standard Support Program, users get access to the support knowledge base, support portal, and support hotline to help troubleshoot problems and mitigate issues. 

These options enable users to submit and manage their support cases, get the latest security features, download software, upgrades, updates, and patches and review Skybox Security product documentation.

The Premium Support Program is the right choice for businesses with 24-hour operations that operate the whole year around. The program has global coverage and highly trained technical staff, providing all of the features of Standard Support with 24/7 coverage and a faster initial response time. The company promises a response in as little as two hours (or less) for mission-critical incidents.

In addition, the company also offers training for administrators, end-users, and custom training in a self-paced or instructor-led format. Depending on the user's choice, these can be conducted virtually or on-site.

Competition

Palo Alto Networks Panorama offers an intuitive GUI called Panorama, where users can easily configure everything related to firewall security and avoid duplicate task policy, configuration, etc. High reconfigurability makes the tool versatile, but high licensing costs could be limiting for many potential customers.

Similarly Cisco Secure Firewall Management Center is a management system focused on firewall threat policy and intrusion detection with unified management over firewalls, application control, and advanced malware protection. Cisco is a solid alternative, although with limited features update.  

Another competitor that comes to mind is FireMon, which offers a comprehensive suite of security management tools that provide complete control of network security, help identifies vulnerabilities, and record log history, including firewall rules, rule documentation, and rule certification details.

Final verdict

SkyBox Security is a comprehensive network management tool that will provide you with network mapping and modeling, the ability to simulate attacks, integrations with endpoint software, and risk-scoring capabilities. 

All in all, it’s a solid security management solution for a business environment. However, depending on the organization's needs, it could prove to be a bit pricey.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.