Skybox Security Suite Review

Streamlines reporting on ACL usage and on shadowed and redundant rules on the firewall


What is our primary use case?

Auditing firewall changes on a weekly basis. We use the Network and the Firewall modules. Firewall as I said, and we use the Network and Firewall for PCI compliance reporting.

How has it helped my organization?

It has automated things. What was a manual process is now just running a report and delivering it to the people who have to mitigate the issues. A better workflow.

What is most valuable?

It's the firewall change audit every week. Also, being able to track firewall ACL usage, so that we can produce semiannual reports on ACL usage and on shadowed and redundant rules on the firewall.

What needs improvement?

It's tough to say, because the areas of improvement, I understand the difficulty. For example, they pull configs from thousands of types of devices, and it's difficult for them to stay on top of when vendors change the way their commands work. If anything, it would be staying on top of the collector scripts, but I understand that's a very tough challenge.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We had an issue one time, but it was related to a major release upgrade. But that happens every now and then with vendors. 

What do I think about the scalability of the solution?

We've had no need to scale it.

How is customer service and technical support?

 Excellent. They're right on top of it. Very reactive.

How was the initial setup?

Straightforward.

What's my experience with pricing, setup cost, and licensing?

The product's pricing is excellent value.

In terms of licensing, make sure you understand your network components, all your hops through your network, thoroughly, before you decide on the total cost. If you want to do point-to-point flow analysis and such, you need to have the configuration of all the devices in between point A and point B. A lot of people don't realize all their network components until they start using this product.

Which other solutions did I evaluate?

We evaluated FireMon versus Skybox when we selected Skybox - they were really the two that were best at doing automated reporting for PCI. It was a compliance issue. We thought Skybox really fit our needs best.

What other advice do I have?

Other than what I said - ensuring that you have a really good understanding of all the network components that you have to ingest configurations from - definitely take it out for a proof of concept for 30 days. There are a lot of features in here that we don't use, Change Management and stuff like that, that you want to take a look at and see if they fit your needs.

I would say the reason I can't go higher than eight out of 10 is that their major release announcements aren't always straightforward. You usually discover that there is a new major release when going to their website and you discover it on your own. So they're not really good at major release announcements. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email