Skybox Security Introduces Next-Generation Vulnerability Management Solution

Skybox Risk Control 6.5 includes new nondisruptive Vulnerability Detector

July 18, 2012

4 Min Read


Skybox® Security, the leading vendor of proactive security risk management solutions, today announced a ‘next-generation’ solution for vulnerability management that detects network vulnerabilities in an automated and non-disruptive manner, without an active scan, as well as security metrics to measure the magnitude of the attack surface and track effectiveness of remediation tasks. The new technologies are embedded in Skybox Risk Control 6.5, the first integrated vulnerability management solution that combines the capabilities to discover vulnerabilities, prioritize risk automatically, and drive remediation activities.

Vulnerability scanners have been the primary tool to identify network vulnerabilities for the past 15 years. However, a June 2012 Skybox Security survey of enterprise Vulnerability Management practices revealed that enterprises don’t scan as often as they would like, due to potential network disruptions, non-scannable hosts, and a lack of resources to analyze vulnerability data or apply patches more frequently.

“Enterprises rely heavily on active vulnerability scanning as the primary way to determine and minimize the risk presented by vulnerabilities in the IT infrastructure,” said Gidi Cohen, CEO at Skybox Security. “Unfortunately most enterprises respond to scanning headaches by adopting a ‘round robin’ scanning approach that assesses only a small portion of their infrastructure on an infrequent basis. This may lead to fewer disruptions, but leaves a large window of risk exposure that is wide open to data breaches and attacks.”

Available in September 2012, Skybox Risk Control 6.5 with Vulnerability Detector consolidates data from multiple sources, including Microsoft Active Directory, Microsoft System Center Configuration Manager (SCCM), Windows Server Update Services (WSUS), and more. Using Skybox’s patent-pending Rule-driven Profiling technology, Vulnerability Detector derives an accurate list of vulnerabilities without actively probing network hosts.

“We have been using the Skybox solution to identify vulnerabilities directly from Microsoft WSUS data without a scan, and then prioritize vulnerabilities and critical patches. We are pleased that this capability has been integrated into the Skybox Risk Control 6.5 product,” said Alejandro Villar, CISO at Repsol, a Spanish oil and gas company.

This scanless discovery approach can be used independently or in concert with a traditional vulnerability scanner. When used together, Risk Control augments weekly or monthly active scans with continuous updates from Vulnerability Detector for highly accurate and up-to-date security intelligence.

Skybox Risk Control 6.5 also minimizes the security analyst time required to evaluate vulnerabilities and plan remediation steps. Attack Simulation performs a virtual ‘penetration test’ in minutes to find all vulnerabilities that can be exploited, taking into account all possible attack vectors, available vulnerabilities, network topology, security controls, and the value of assets. Remediation suggestions are generated automatically, and security managers can track operational response with new endpoint security KPIs (Key Performance Indicators).

“Attackers are becoming increasingly sophisticated, improving their ability to find and exploit security weaknesses quickly within an organization’s network,” said Anton Chuvakin, research director at Gartner. “Vulnerability assessment technology is an integral component of an organization’s security infrastructure and if used properly and frequently can help mitigate critical vulnerabilities ahead of an attack.”

Key benefits of Skybox Risk Control 6.5:

Performs non-intrusive vulnerability detection – uses system configuration repositories and rule-driven profiler to derive vulnerability data without an active scan, so enterprise risk is not dependent on infrequent “scan windows”

Provides daily assessment of vulnerabilities – continuous assessments and visibility requires less management time and delivers greater network coverage

Reduces risk exposure – up-to-date information from highly accurate data sources shrinks risk exposure levels by shortening the time between identification of a vulnerability to remediation

Integrates vulnerability management processes – links assessment, risk and exposure analysis, prioritization and remediation

Easy to deploy and manage – connect to one or a few available data repositories, eliminating the need to touch every endpoint

For more information on Risk Control 6.5 and all of the Skybox Security solutions visit

About Skybox Security, Inc.

Skybox Security, Inc. is the leader in proactive security risk management solutions, providing automated, non-intrusive tools that detect, prioritize, and drive remediation of critical risks such as exposed vulnerabilities and firewall configuration errors. Skybox solutions prevent potential cyber attacks and data breaches by providing IT decision makers with continuous network visibility and sophisticated security analytics. Organizations in Financial Services, Government, Energy, Defense, Retail, and Telecommunications rely on Skybox Security solutions daily to reduce risk exposure, implement secure change management processes, and achieve continuous compliance. For more information visit

NOTE: Skybox® Security is a registered trademark of Skybox Security Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. Product specifications subject to change at any time without prior notice. © 2012 Skybox Security, Inc. All rights reserved

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights