Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

AlterPoint, Skybox Announce Partnership

AlterPoint and Skybox Security announced a partnership that delivers the first end-to-end risk management solution

AUSTIN, Tx. -- AlterPoint, the leader in intelligent Network Change and Configuration Management (NCCM) solutions, and Skybox Security, the leader in Security Risk Management (SRM), today announced a partnership that delivers the first end-to-end risk management solution. Driven by the need to enable business-oriented risk reporting and analysis of vulnerabilities as well as to satisfy audit and regulatory requirements, AlterPoint and Skybox have integrated the workflow and data exchange of their respective solutions. By combining AlterPoint DeviceAuthority with Skybox View, security management and network operations organizations can work as a unit to model and analyze device configurations and security controls and dramatically reduce the time to mitigate vulnerabilities. The overall goal of this convergence is to transform security information into business-oriented risk, audit and compliance intelligence and ultimately reduce the IT workload required to manage risk.

“The pressing need to increase the speed of vulnerability mitigation, coupled with pressure to meet new regulatory requirements, is driving the convergence of vulnerability management and IT security management functions,” reports Gartner in a recent article written for CSO entitled, “Vulnerability and IT Security Management are Converging”.

The integration of Skybox View’s unique virtual modeling and simulation capability with DeviceAuthority’s network configuration and release management functions enables organizations to deploy a predictive, closed-looped security risk assessment and change management process. Network configurations can be deployed with confidence that they are effective from an access, policy compliance, and risk perspective. With this integrated offering, organizations can achieve the right balance between the connectivity needs of the business while minimizing risk exposure through a virtual analysis and staging environment. The two technologies complement each other by offering a unique and comprehensive set of capabilities to:

  • Classify business assets
  • Discover configurations, vulnerabilities, controls and rules
  • Visualize threats, configurations and rules
  • Analyze configuration effectiveness and quantify risk exposures
  • Validate configuration and mitigation changes
  • Deploy, enforce, and manage standard network configurations
  • Monitor for continuous compliance and improvement

“Offering our Security Risk Management software as part of a comprehensive change management solution is a natural evolution of our go-to-market strategy. We partnered with AlterPoint because a significant number of organizations want our software as the backbone of a comprehensive end-to-end offering that effectively combines risk assessment with network change and configuration management,” said Gidi Cohen, chief strategy officer and founder for Skybox.

“To reduce risk and meet service levels, enterprises are demanding a consolidated approach for security, configuration and change across applications, servers and networks,” said Dave Barry, vice president for business development for AlterPoint. “By partnering with Skybox we can deliver to our customers deeper visibility into their security risk profile and close the loop with the capabilities to remediate problems.”

AlterPoint Inc.

Skybox Security Inc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.