Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Total visibility.
Focused Protection.™
Skybox® Security’s integration with Qualys Cloud Platform provides contextual intelligence of asset vulnerability data to hone remediation priorities and effectively target risk. As new hosts and vulnerabilities are discovered by Qualys Cloud Platform, this information is automatically collected by Skybox and analyzed against asset values, surrounding network security controls and Skybox analyst–backed threat intelligence.
The integration of Skybox Security Suite with Qualys vulnerability management data provides customers with a range of capabilities and benefits:
Enhanced Vulnerability Assessments
Vulnerability scanners form part of the baseline for basic security threat detection and prevention. But limitations of what can be scanned and when — if at all — abound. Mission-critical assets may be too sensitive to scan, certain network zones may be off limits, network devices are unscannable by design and operational technology (OT) networks prohibit active scanning. As such, blind spots can form and subsequent analysis and remediation priorities are based on incomplete information.
Thanks to Skybox integrations with Qualys, other third–party scanners and security platforms that perform passive assessments in OT networks, Skybox can normalize and merge collected vulnerability data into a central repository.
Skybox also fills in blind spots of unscannable network devices and zones through our unique scanless assessment. It utilizes data collected from our integrations with asset repositories and network information sources, comparing the data to our analyst-backed Vulnerability Dictionary to deduce vulnerability occurrences in your network. Skybox is also able to use collected environment data to identify “rogue,” unscanned assets.
SKYBOX SECURITY AND QUALYSTechnology Brief
2
Skybox and Qualys | Technology Brief
Exposure and Exploitability Analysis in Vulnerability Prioritization
Skybox automatically builds and maintains a model that reflects an orga-nization’s hybrid network topology, security controls and assets, as well as vulnerability occurrences discovered by Qualys, other third–party scanners and Skybox’s scanless assessments. Skybox leverages model analysis across a variety of use cases, including attack simulations.
FIG 1: Skybox Vulnerability Control dashboard showing an organization’s vulnerability occurrences and details regarding risk levels, vendors, assets and trends over time.
Azure Test
VPN Partner
Partner
Los Angeles
London
OT
App DMZ DB App
Internet
PRIVATE CLOUD
Finance
AWSCustomers
AWSProduction
AWS
Microsoft Azure
Azure Production
Development
ON PREMISES
VPN
AWSDevelopment
OPERATIONALTECHNOLOGY
VMware NSX
PUBLIC CLOUD
Azure Production Azure Test
VPNVPN IPS
VPN Partner
Partner
Los Angeles
VMware NSXVMware NSX
London
OT
AWS
Microsoft Azure
AWSCustomers
AWSProduction
AWSDevelopment
AWSDevelopment
App DMZ DB App
Internet
ON PREMISES
PRIVATE CLOUD
Development Finance
OPERATIONALTECHNOLOGY
PUBLIC CLOUDPUBLIC CLOUD
CompromisedServer
DirectExposure
NoExposure
High Risk
ATTACK SIMULATIONLow Risk
CVE-2018-1000115
Vulnerability Occurrence on Finance Server
Shielded by IPS Signature
IPS
FIG 2: The most critical step of vulnerability analysis is determining its exposure in your network, as shown in the graphical representation above. By understand-ing exposure, resources can be devoted to vulnerabilities accessible to threats or identify mitigation options to cut off attack paths.
3
Skybox and Qualys | Technology Brief
By simulating access from a threat origin to vulnerable assets, Skybox can pinpoint exposed vulnerabilities not protected by network security controls. The simulation clarifies which vulnerabilities are protected from potential attacks by compensating controls (e.g., IPS signature, firewall rule) and thus are a lower remediation priority, and which vulnerabilities are exposed and thus present a critical risk. These vulnerabilities can also be cross referenced with exploitability information, further honing remediation priorities.
All Known Vulnerabilities
Your Vulnerabilities
Critical Severity Vulnerabilities
VulnerabilitiesExploited in the Wild
Exposed Vulnerabilities
Exposed +Exploitable
Total identified vulnerabilities via Skybox intelligence feed
IDENTIFY KNOWN VULNERABILITIES
Third–party scanners and Skybox Vulnerability Detector
IDENTIFY YOUR VULNERABILITIES
Skybox Vulnerability ControlPrioritization CenterIMMINENT THREATS(HIGHEST PRIORITY)
PINPOINT BIGGEST RISKS
Skybox network modeling and attack vector analytics IMMINENT THREATS
IDENTIFY EXPOSURES
Skybox Research Lab threat intelligence IMMINENT THREATS
IDENTIFY EXPLOITS
CVSS critical scorePOTENTIAL OR IMMINENT THREATS
CORRELATE TO CVSS
Typically account for20-30% of vulnerability occurrences
Typically account for10% of vulnerability occurrences
Typically account for1% of vulnerability occurrences
Typically account for<1% of vulnerability occurrences
FIG 3: Skybox analyzes vulnerabilities using a combination of factors to define the risk they pose to a unique organization, including CVSS scores, proof-of-concept exploits, active exploits in the wild and network exposure, among others.
NETWORK MITIGATION OPTIONS
Because of Skybox’s understanding of the network infrastructure, users can also gain fast insight to network changes that would minimize vulner-ability risks if patches can’t be deployed, such as IPS signatures or firewall rule changes.
4
Skybox and Qualys | Technology Brief
About Skybox Security
Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 130 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intel-ligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.
www.skyboxsecurity.com | [email protected] | +1 408 441 8060
Copyright © 2019 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 05022019
Firewall and Regulatory Compliance
The Skybox–Qualys integration allows in-depth analysis of complex firewall rules in addition to automating the process of auditing firewalls. On-demand audits take only a few minutes, streamlining regulatory compliance (PCI, FISMA, NIST, Common Criteria, GDPR, etc.). In addition, network access and connectivity issues are continuously analyzed.