Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/10/2016
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SkyboxSecurity Unveils Attack Surface Visualization Offering

SkyboxHorizon reduces exposure to cyberattacks by giving CISOs unprecedented visibility of the attack surface and Indicators of Exposure (IOEs).

SAN JOSE, Calif. (February 29, 2016) – Skybox® Security, a global leader in security analytics, unveiled today Skybox® Horizon, a first-of-its-kind security management tool that gives CISOs the unprecedented ability to visualize their enterprise attack surface in its entirety. Skybox will be previewing Horizon at the RSA Conference in San Francisco.

Integrating with the Skybox® Security Suite, the company’s award-winning analytics platform, Horizon uses the contextual intelligence gained from consolidating and analyzing data from various sources to create a visual, interactive model that links network topology, network connections, business units and organizational hierarchy. It shows Indicators of Exposure (IOEs) throughout the attack surface, such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations, and risky firewall access rules, giving CISOs deep insight into the state of their security from the widest possible range of sources.

In today’s complex security landscape, networks are getting larger and more complicated, creating myriad holes in defenses, while cyberattacks are increasing in sophistication and persistence. This is making it more difficult than ever for CISOs to centralize security and gain visibility over the attack surface, the ways in which their IT systems are vulnerable to threats including potential attack vectors.

According to a 2015 Gartner report*, enterprises are shifting security budgets to security management platforms that integrate existing technologies, provide insight through analytics of previously siloed data and enable security operations teams to automate and prioritize activities.

They are also looking for solutions that can help them more effectively report the security posture of the enterprise to the board and executives, in order to better inform IT security decision making throughout the organization.

“For years, CISOs have struggled to gain a satisfactory level of visibility over their attack surface so they can truly understand their organization’s vulnerability to threats,” said Skybox Founder and CEO Gidi Cohen. “Traditional approaches fall short — data is isolated between technologies from multiple vendors, providing only fleeting glimpses into the state of security. When CISOs only have access to partial information, they can’t analyze data in context, which limits their ability to quickly make decisions about where to direct scarce resources. We’re changing this with Horizon.”

At RSA, Skybox will demonstrate how Horizon works with the company’s vulnerability management, threat intelligence management, and security policy management products to create a comprehensive security management program that uses visibility to shrink the attack surface.

 

Skybox Horizon Features

 

·         Visualize and analyze the attack surface with an interactive model that links network topology, network connections, business units, and organizational hierarchy

·         Present IOEs such as exploitable attack vectors, hots spots of vulnerabilities, network security misconfigurations, and risky firewall access rules

·         Respond faster to emerging threats by pinpointing and protecting the systems most vulnerable to those threats; drill down with interactive tools to get quick summaries of actionable intelligence

·         Systematically manage and reduce the attack surface by allocating security resources to where they are most needed, identifying security teams within the enterprise that need extra support, streamlining audits, and demonstrating progress toward security and compliance goals

 

Horizon is scheduled for general release in late March, available with licensing of Skybox Security Suite modules. For more information on Skybox Horizon, go to https://www.skyboxsecurity.com/products/skybox-horizon

 

About Skybox Security
www.skyboxsecurity.com

 

Skybox arms security leaders with a powerful set of integrated security solutions that give unprecedented visibility of the attack surface and key Indicators of Exposure (IOEs) such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations and risky firewall access rules. By extracting actionable intelligence from data using modeling and simulation, Skybox gives leaders the insight needed to quickly make decisions about how to best address threat exposures that put their organization at risk, increasing operational efficiency by as much as 90 percent. Our award-winning solutions are used by the world’s most security-conscious enterprises and government agencies for vulnerability management, threat intelligence management and security policy management, including six of the top 10 global banks and six of the 10 largest NATO member countries.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.