Skybox Security Updates Firewall and Network Compliance Auditor Products For New PCI Standard

The new release from Skybox delivers unique analytics, modeling and what-if prediction capabilities that enable enterprises to automate their compliance and assurance management processes for PCI DSS requirements 1, 6, 11 and 12

December 4, 2008

5 Min Read


San Jose, Calif. - December 2, 2008 - Skybox' Security, Inc, the leader in automated risk and compliance management software, announced today the general availability of Skybox Assure(tm) version 4.1 composed of two products: Firewall Compliance Auditor and Network Compliance Auditor. The new release enables enterprises to automate their assessment and compliance processes for requirements 1, 6, 11 and 12 of the Payment Card Industry's Data Security Standard V1.2 (PCI DSS). With Skybox Assure 4.1, enterprises can eliminate today's manual approach to assessing the compliance of their networks against PCI requirements. Through automation, analytics, modeling and what-if prediction, enterprises can maintain compliance with the PCI DSS requirements on a daily basis or on an ad-hoc basis, while freeing expensive resources to other critical tasks. Customers report a dramatic reduction in cost while achieving a high degree of compliance.

Skybox Security is the first and only network compliance and assurance vendor to support the PCI DSS V1.2 standard released in October and is a member of the PCI Security Standards Council. First introduced in 2007, the Skybox Assure product line has been deployed by some of the most security conscious organizations in the world. Recent enhancements enable enterprises to:

* Shrink scope and time of PCI audits by assuring that systems processing cardholder data are well segmented from the rest of the IT infrastructure - so that PCI compliance requirements impact a smaller portion of the overall corporate network * Save 75%-85% in annual process costs by automating complex and tedious firewall and network configuration compliance requirements as stated in Requirement 1 * Significantly reduce the amount of expensive and disruptive patches by verifying that compensating controls are mitigating the potential exposure of critical vulnerabilities as stated in Requirements 6 and 11

Skybox Security CEO Gidi Cohen says organizations can save significant time and money through an efficient audit and compliance assessment process. "Skybox Security continues to raise the network compliance and assurance bar allowing organizations to better understand how a network is designed, built, and operated. By enhancing Skybox Assure, and specifically areas that address PCI DSS pressures, we increase our leadership position as we continue to deliver on our vision of bringing fully automated risk and compliance management solutions to the market."

Requirements 1, 6, 11 and 12 of PCI DSS are some of the most difficult requirements for an enterprise to enforce. Both the preparation and the audit work can each take an army of people weeks to complete. At the same time, poor IT risk visibility, complexity and rapid change makes it extremely difficult to manually and accurately determine if the right compensating controls are in place. As a result, many organizations are not aware of serious configuration compliance violations or risk exposures that can take the business down. In addition, inefficient compliance assessment processes put organizations on a patch "treadmill" that drives cost up dramatically.

Automation and Analytics a Clear Response to PCI DSS Pressures Automation and analytics not only reduce the effort necessary but also increase accuracy of compliance assessments. Organizations can quickly model and identify all possible network traffic that is allowed between unsecured networks, the DMZ, and the cardholder data network as required by PCI DSS Requirement 1 - replacing today's manual method of reviewing firewall policies and configurations. PCI DSS compliance reports can be generated and used for sharing the findings among the security, network operations, and management teams.

Key new capabilities include:

* Complete Risk and Compliance Lifecycle Management: When combined with Skybox Secure(tm), organizations can track security or compliance gaps such as exposed vulnerabilities, misconfigurations, and policy violations from identification through remediation. Alerts are generated if a defect is identified or not remediated within a certain amount of time based on internal policies. Reports are delivered via scheduled e-mail notification or immediately after analysis is completed.

* Complete Network Access Policy Management: Defines a "golden configuration" standard for the organization's network devices leveraging a range of policies built into the solution. Access policies can be customized to fit the unique needs of the business. Validates that network devices are properly configured based on the organization's internal best practices or external mandates like PCI DSS from identification through mitigation.

* Comprehensive Network Access Compliance Management: Sophisticated network access analysis and presentation. Summary of all violating ACL rules for a quicker understanding of compliance levels. Better management of policy violations, firewall rules, and exceptions.

* Unique Change Assurance: Verifies impact of proposed configuration or policy changes before they are deployed. Prevents the deployment of "bad" firewalls or routers configurations that can result in serious risk or compliance exposures. Configurations can be assessed continuously as new threats emerge and as the network environment evolves.

* Integration Improvements: Previous versions of Skybox Assure supported a range of network devices to maximize past and future investments. With version 4.1, Skybox Security becomes the first network compliance and assurance solution to support Juniper's NetScreen Manager API for environments with large Juniper firewall deployments. Other integration enhancements include RedHat Enterprise Linux v5 64 bit OS as well as broader virtual device support.. Availability:

Skybox Assure 4.1 is available immediately. Existing customers under software maintenance contracts can upgrade free of any additional charge. About Skybox Security Skybox' Security provides automated risk and compliance management software to global organizations. These enterprises represent the most security conscious organizations in the world with mission-critical global networks. For the first time, security and network operations professionals can visualize, automate, and optimize their risk, threat, vulnerability, as well as network compliance and assurance management processes. The result is dramatic savings in time, resources and money. Skybox Security markets two product lines: Skybox Secure(tm) and Skybox Assure(tm) - both supported by a common, scalable platform called Skybox View'. With Skybox View enterprises can protect their hard-earned reputation and irreplaceable brand by accurately pinpointing and prioritizing high areas of risk and compliance exposures in minutes versus weeks. For more information visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights