Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/10/2016
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SkyboxSecurity Unveils Attack Surface Visualization Offering

SkyboxHorizon reduces exposure to cyberattacks by giving CISOs unprecedented visibility of the attack surface and Indicators of Exposure (IOEs).

SAN JOSE, Calif. (February 29, 2016) – Skybox® Security, a global leader in security analytics, unveiled today Skybox® Horizon, a first-of-its-kind security management tool that gives CISOs the unprecedented ability to visualize their enterprise attack surface in its entirety. Skybox will be previewing Horizon at the RSA Conference in San Francisco.

Integrating with the Skybox® Security Suite, the company’s award-winning analytics platform, Horizon uses the contextual intelligence gained from consolidating and analyzing data from various sources to create a visual, interactive model that links network topology, network connections, business units and organizational hierarchy. It shows Indicators of Exposure (IOEs) throughout the attack surface, such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations, and risky firewall access rules, giving CISOs deep insight into the state of their security from the widest possible range of sources.

In today’s complex security landscape, networks are getting larger and more complicated, creating myriad holes in defenses, while cyberattacks are increasing in sophistication and persistence. This is making it more difficult than ever for CISOs to centralize security and gain visibility over the attack surface, the ways in which their IT systems are vulnerable to threats including potential attack vectors.

According to a 2015 Gartner report*, enterprises are shifting security budgets to security management platforms that integrate existing technologies, provide insight through analytics of previously siloed data and enable security operations teams to automate and prioritize activities.

They are also looking for solutions that can help them more effectively report the security posture of the enterprise to the board and executives, in order to better inform IT security decision making throughout the organization.

“For years, CISOs have struggled to gain a satisfactory level of visibility over their attack surface so they can truly understand their organization’s vulnerability to threats,” said Skybox Founder and CEO Gidi Cohen. “Traditional approaches fall short — data is isolated between technologies from multiple vendors, providing only fleeting glimpses into the state of security. When CISOs only have access to partial information, they can’t analyze data in context, which limits their ability to quickly make decisions about where to direct scarce resources. We’re changing this with Horizon.”

At RSA, Skybox will demonstrate how Horizon works with the company’s vulnerability management, threat intelligence management, and security policy management products to create a comprehensive security management program that uses visibility to shrink the attack surface.

 

Skybox Horizon Features

 

·         Visualize and analyze the attack surface with an interactive model that links network topology, network connections, business units, and organizational hierarchy

·         Present IOEs such as exploitable attack vectors, hots spots of vulnerabilities, network security misconfigurations, and risky firewall access rules

·         Respond faster to emerging threats by pinpointing and protecting the systems most vulnerable to those threats; drill down with interactive tools to get quick summaries of actionable intelligence

·         Systematically manage and reduce the attack surface by allocating security resources to where they are most needed, identifying security teams within the enterprise that need extra support, streamlining audits, and demonstrating progress toward security and compliance goals

 

Horizon is scheduled for general release in late March, available with licensing of Skybox Security Suite modules. For more information on Skybox Horizon, go to https://www.skyboxsecurity.com/products/skybox-horizon

 

About Skybox Security
www.skyboxsecurity.com

 

Skybox arms security leaders with a powerful set of integrated security solutions that give unprecedented visibility of the attack surface and key Indicators of Exposure (IOEs) such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations and risky firewall access rules. By extracting actionable intelligence from data using modeling and simulation, Skybox gives leaders the insight needed to quickly make decisions about how to best address threat exposures that put their organization at risk, increasing operational efficiency by as much as 90 percent. Our award-winning solutions are used by the world’s most security-conscious enterprises and government agencies for vulnerability management, threat intelligence management and security policy management, including six of the top 10 global banks and six of the 10 largest NATO member countries.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.