Total visibility.

Focused Protection.™

When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands — even millions — of vul-nerabilities in their environment are posing the biggest risk of attack. Traditional approaches don’t take into account all factors that influence vulnerability risk. This leaves security teams wasting resources on issues that attackers may never find or know how to exploit. And for programs relying on spreadsheets and manual analysis, the problems of gaining this insight and effectively using resources only increase.

Risk–Based Vulnerability Prioritization

To intelligently prioritize remediation and manage vulnerability risk, Skybox® Security takes a fundamentally different approach from tradi-tional scanners. It helps to mature security processes and escape the mentality of “patch everything all the time,” focusing action on real risks and orchestrating a variety of vulnerability management tasks. By analyzing vulnerabilities from multiple perspectives — including asset importance to your business, threat activity in the wild and exposure to threat origins — Skybox gives you the power to target action where it matters most, proactively reducing your risk of attack.

Our risk–based vulnerability management solution, Skybox® Vulnerability Control, simplifies the complex prioritization process by:

• Automating vulnerability analysis based on severity, asset importance, exploitability and exposure, among other factors

• Assigning straightforward, trackable risk scores to vulnerabilities, assets and groups

• Prioritizing patches that will have the biggest impact on risk reduction

INTELLIGENTVULNERABILITY PRIORITIZATION

Solution Brief

USING ASSET, NETWORK AND THREAT CONTEXT

2

Vulnerability Prioritization | Solution Brief

Skybox Prioritization Methods

Vulnerabilities don’t exist in a vacuum. That’s why Skybox takes into con-sideration a broad range of sources and perspectives, applying advanced analytics to contextualize data and define risk.

1. Vulnerability Presence

The Skybox prioritization approach starts with information about your organization’s current vulnerabilities learned in the discovery phase.

MORE CONTENT, BETTER CONTEXT

Accurate vulnerability prioritization starts with good data. Active scanning is an important component of vulnerability discovery, but can leave blind spots in “unscannable” network zones and devices, as well as rapidly changing cloud environments.

The Skybox approach to vulnerability discovery enhances scanner data, consolidating results from multiple third–party scanners, app and web scanners, OT security platforms and more. It also fills in blind spots using unique scanless assessment technology that can detect vulnerabilities in off-limits network zones and devices.

Learn more about our approach to comprehensive vulnerability discovery >

2. Vulnerability Intelligence

Skybox uses vulnerability intelligence to better understand the impli-cations of your current vulnerabilities. This intelligence comes from extensive databases of information on known vulnerabilities and includes details such as:

• Conditions such as operating systems, versions and other applications installed that would affect the exploitability of a vulnerability

• Exploitation effect on confidentiality, integrity and availability (CIA) values

• Research on the vulnerability, such as the National Vulnerability Database (NVD) listing, vendor bulletins, etc.

• List of remediation and mitigation solutions

• Severity ratings from multiple sources (NVD, IBM X–Force, scanning vendors, etc.) and Common Vulnerability Scoring System (CVSS) scores

• History of changes in the vulnerability as it relates to severity, exploitation, available patches, etc.

3

Vulnerability Prioritization | Solution Brief

3. Threat Intelligence

Skybox ingests information on the characteristics of exploits — active exploits in the wild, sample exploit code and exploits packaged in distrib-uted crimeware. Skybox’s threat intelligence is acquired from both public and private sources on an ongoing basis, analyzed and vetted by the Skybox® Research Lab and delivered to Skybox products via the Skybox intelligence feed.

4. Network Intelligence

Next, Skybox analyzes information about your organization’s assets and networks and their importance to the business to provide a contextual understanding of your attack surface.

Collecting the details of your environment, Skybox builds a comprehen-sive model of your attack surface, including:

• Network topology (routers, load balancers, switches)

• Security controls (firewalls, IPSs, VPNs)

• Assets (servers, workstations, networks — including traditional IT, multi–cloud and OT environments)

The model is regularly and automatically updated to reflect the actual state of your network.

FIG 2: An overview dashboard of top risks identified by Skybox Vulnerability Control. Flexible and custom-izable widgets allow users to view risks from the perspective of vulnerabilities or assets, gain quick insight to exposed and exploitable vulnerabilities and dive deeper into any metric.

4

Vulnerability Prioritization | Solution Brief

Azure Test

VPN Partner

Partner

Los Angeles

London

OT

App DMZ DB App

Internet

PRIVATE CLOUD

Finance

AWSCustomers

AWSProduction

AWS

Microsoft Azure

Azure Production

Development

ON PREMISE

VPN

AWSDevelopment

OPERATIONALTECHNOLOGY

VMware NSX

PUBLIC CLOUD

CompromisedServer

DirectExposure

NoExposure

High Risk

ATTACK SIMULATIONLow Risk

CVE-2018-1000115

Vulnerability Occurrence on Finance Server

Shielded by IPS Signature

IPS

FIG 2: A representation of the Skybox model and an attack simulation. An attack path is shown from a compromised server in the AWS environment to two identical vulnerabilities on a development and finance server in on–prem networks.

The development server is directly exposed, thus the vulnerability presents a high risk; the finance server is protected by an IPS signature and thus presents a low risk.

5. Exposure Analysis and Attack Simulation

The most critical step of vulnerability analysis is determining its exposure in your network. By understanding exposure, resources can be devoted to vulnerabilities accessible to threats or identify mitigation options to cut off attack paths.

Using the intelligence gathered to this point, Skybox determines the exposure of the vulnerability by simulating attacks on the network model. Automated simulations are run from all threat origins (ingress points) and assess all network paths to determine whether or not a vulnerable asset can be reached. Such vulnerabilities are flagged as direct exposures. Directly exposed assets are used in secondary simulations to represent a compromised asset (as would be the case in multi–step attacks). Vulnerabilities reached in these secondary simulations are flagged as indirect exposures.

5

Vulnerability Prioritization | Solution Brief

About Skybox Security

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with over 130 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security opera-tions in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.

www.skyboxsecurity.com | info@skyboxsecurity.com | +1 408 441 8060

Copyright © 2019 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 08202019

Take the Smarter Approach

With intelligent prioritization from Skybox, security and operational teams can focus on the vulnerabilities that pose the biggest risk to their organi-zation, quickly rolling out patches or identifying network–based mitigation options. Using Skybox, you can:

• Ensure analysis is based on complete and up–to–date vulnerability info — no blind spots, no stale data

• Automate the complex analysis of all of your vulnerabilities from multiple perspectives

• Know which vulnerabilities are exposed to a threat origins, have been exploited in the wild and are on business–critical assets

• Reduce patching needs by pinpointing vulnerabilities at risk of attack and which are protected by compensating controls

• Gain fast insight to risk levels of vulnerabilities, assets and groups with simple, straightforward risk scores

• Establish a consistent definition of risk to align security, operations and incident response teams

To learn more about risk–based vulnerability management with Skybox, download our e-book or schedule a demo today.