Total visibility.

Focused Protection.™

Skybox® Security’s integration with Qualys Cloud Platform provides contextual intelligence of asset vulnerability data to hone remediation priorities and effectively target risk. As new hosts and vulnerabilities are discovered by Qualys Cloud Platform, this information is automatically collected by Skybox and analyzed against asset values, surrounding network security controls and Skybox analyst–backed threat intelligence.

The integration of Skybox Security Suite with Qualys vulnerability management data provides customers with a range of capabilities and benefits:

Enhanced Vulnerability Assessments

Vulnerability scanners form part of the baseline for basic security threat detection and prevention. But limitations of what can be scanned and when — if at all — abound. Mission-critical assets may be too sensitive to scan, certain network zones may be off limits, network devices are unscannable by design and operational technology (OT) networks prohibit active scanning. As such, blind spots can form and subsequent analysis and remediation priorities are based on incomplete information.

Thanks to Skybox integrations with Qualys, other third–party scanners and security platforms that perform passive assessments in OT networks, Skybox can normalize and merge collected vulnerability data into a central repository.

Skybox also fills in blind spots of unscannable network devices and zones through our unique scanless assessment. It utilizes data collected from our integrations with asset repositories and network information sources, comparing the data to our analyst-backed Vulnerability Dictionary to deduce vulnerability occurrences in your network. Skybox is also able to use collected environment data to identify “rogue,” unscanned assets.

SKYBOX SECURITY AND QUALYSTechnology Brief

2

Skybox and Qualys | Technology Brief

Exposure and Exploitability Analysis in Vulnerability Prioritization

Skybox automatically builds and maintains a model that reflects an orga-nization’s hybrid network topology, security controls and assets, as well as vulnerability occurrences discovered by Qualys, other third–party scanners and Skybox’s scanless assessments. Skybox leverages model analysis across a variety of use cases, including attack simulations.

FIG 1: Skybox Vulnerability Control dashboard showing an organization’s vulnerability occurrences and details regarding risk levels, vendors, assets and trends over time.

Azure Test

VPN Partner

Partner

Los Angeles

London

OT

App DMZ DB App

Internet

PRIVATE CLOUD

Finance

AWSCustomers

AWSProduction

AWS

Microsoft Azure

Azure Production

Development

ON PREMISES

VPN

AWSDevelopment

OPERATIONALTECHNOLOGY

VMware NSX

PUBLIC CLOUD

Azure Production Azure Test

VPNVPN IPS

VPN Partner

Partner

Los Angeles

VMware NSXVMware NSX

London

OT

AWS

Microsoft Azure

AWSCustomers

AWSProduction

AWSDevelopment

AWSDevelopment

App DMZ DB App

Internet

ON PREMISES

PRIVATE CLOUD

Development Finance

OPERATIONALTECHNOLOGY

PUBLIC CLOUDPUBLIC CLOUD

CompromisedServer

DirectExposure

NoExposure

High Risk

ATTACK SIMULATIONLow Risk

CVE-2018-1000115

Vulnerability Occurrence on Finance Server

Shielded by IPS Signature

IPS

FIG 2: The most critical step of vulnerability analysis is determining its exposure in your network, as shown in the graphical representation above. By understand-ing exposure, resources can be devoted to vulnerabilities accessible to threats or identify mitigation options to cut off attack paths.

3

Skybox and Qualys | Technology Brief

By simulating access from a threat origin to vulnerable assets, Skybox can pinpoint exposed vulnerabilities not protected by network security controls. The simulation clarifies which vulnerabilities are protected from potential attacks by compensating controls (e.g., IPS signature, firewall rule) and thus are a lower remediation priority, and which vulnerabilities are exposed and thus present a critical risk. These vulnerabilities can also be cross referenced with exploitability information, further honing remediation priorities.

All Known Vulnerabilities

Your Vulnerabilities

Critical Severity Vulnerabilities

VulnerabilitiesExploited in the Wild

Exposed Vulnerabilities

Exposed +Exploitable

Total identified vulnerabilities via Skybox intelligence feed

IDENTIFY KNOWN VULNERABILITIES

Third–party scanners and Skybox Vulnerability Detector

IDENTIFY YOUR VULNERABILITIES

Skybox Vulnerability ControlPrioritization CenterIMMINENT THREATS(HIGHEST PRIORITY)

PINPOINT BIGGEST RISKS

Skybox network modeling and attack vector analytics IMMINENT THREATS

IDENTIFY EXPOSURES

Skybox Research Lab threat intelligence IMMINENT THREATS

IDENTIFY EXPLOITS

CVSS critical scorePOTENTIAL OR IMMINENT THREATS

CORRELATE TO CVSS

Typically account for20-30% of vulnerability occurrences

Typically account for10% of vulnerability occurrences

Typically account for1% of vulnerability occurrences

Typically account for<1% of vulnerability occurrences

FIG 3: Skybox analyzes vulnerabilities using a combination of factors to define the risk they pose to a unique organization, including CVSS scores, proof-of-concept exploits, active exploits in the wild and network exposure, among others.

NETWORK MITIGATION OPTIONS

Because of Skybox’s understanding of the network infrastructure, users can also gain fast insight to network changes that would minimize vulner-ability risks if patches can’t be deployed, such as IPS signatures or firewall rule changes.

4

Skybox and Qualys | Technology Brief

About Skybox Security

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 130 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intel-ligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.

www.skyboxsecurity.com | info@skyboxsecurity.com | +1 408 441 8060

Copyright © 2019 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 05022019

Firewall and Regulatory Compliance

The Skybox–Qualys integration allows in-depth analysis of complex firewall rules in addition to automating the process of auditing firewalls. On-demand audits take only a few minutes, streamlining regulatory compliance (PCI, FISMA, NIST, Common Criteria, GDPR, etc.). In addition, network access and connectivity issues are continuously analyzed.