Skybox Security Suite Reviews

We use it for change management control and firewall policy management.This helps is keeping the compliance is Check

When we are adding new users to the network it has an impact on the security posture of the organization. So we use this product to do analysis, what kind of impact it will have on the security. What are the particular applications which may be required in terms of access controls, what are the changes, what are the policies we should put on the firewall? And in case we need to have a temporary policy, we can then revert back to the original one. All of these things have really helped us improve the security and network systems.

Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool. It's the most important one to use.

We really need to see how it can help us with cloud connectivity. It's there but I think it could give us a far better visualization.

It's a stable product.

We've had no issues with scalability.

Technical support is not something which I would rate very high. Support is available but they need to ensure that they bring in their local team to give us support. I wouldn't say that it is bad, but it's not top-notch.

We were not using any solution before this one.

The initial setup was complex, a little complex, but I think that is what the product entails. There was good documentation available on site from Skybox.

Pricing is on the higher side.

In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at.

We did evaluate other products, including Tufin, but we chose this one.

Anyone implementing this product should bring together the teams which have security and network understanding, as a part of the project and, of course, they should look into the product properly before they implement it.

I rate this product at about seven out of ten. The product is good but pricing and technical support are the ones which take marks off.

The use case is firewall rule lifecycle management.

This is something we are on the way to doing.

Network path analysis is the most valuable feature. There is a lot of work in my team to support internal and external customers, to answer their questions and difficulties with connectivity that doesn’t work. Mostly, the problem is missing orders. So if the customer can do the network path analysis for himself, the customer is able to write the request for the missing connectivity, without any support from my team.

Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset. 

At the moment we have a lot of work in implementing the tool in our workflow, so we are not looking for new features. But this could change in the next six to 12 months.

We have had some issues implementing the tool, but we are in contact with Professional Services to fix them.

No issues with scalability at the moment.

We are still in project mode, and we have direct contact.

No previous solution.

It was not so straightforward, but we bought onsite support from Skybox Professional Services.

The pricing is high, and the licensing model needs more flexibility.

In my case it was important to know the workflow, and then to look for a tool that could support this workflow to make it easier.

The primary use of this solution is as a firewall and for cybersecurity.

We are a solution provider and this is one of the security solutions that we implement for our customers.

Our customers have not had any complaints about the Skybox Security Suite.

The most valuable features are Firewall Assurance and Vulnerability Control.

This solution is easy to use.

This device has support for 130 vendors.

The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving.

I have been using Skybox Security Suite for about six months.

Our customers have not faced any issues with stability.

We have not had to contact technical support.

The initial setup is easy.

We have an in-house team to deploy this solution. We have four or five engineers who can deploy and perform maintenance.

The price is not expensive.

This solution is pretty good. Our customers have found that Skybox has a lot of good features and I don't expect that any of them will be changing to another product.

I would rate this solution a nine out of ten.

Aside from Firewall Assurance, we use Vulnerability Control and Change Manager to prioritize and focus on key risks.

Focuses resources on business-critical remediation, as opposed to remediation that is quantity-based.

The platform provides insight and context from many threat logs and prioritizes them. 

There is not anything on the market that 

• correlates logs and threats and prioritizes 
• provides network maps
• provides change result context and resulting vulnerability 

for the network/enterprise.

As a reseller, I feel the marketing of this product could be better. It seems awareness is a bit low. We are trying to get the message out. I equate it to the early Palo Alto Networks days, where we had to market the concept of what a next-gen firewall was before we could get customers to buy in.

No issues with stability.

No issues with scalability.

Technical support is excellent.

We use several different solutions: Qualys, ServiceNow, Rapid7. We did not switch but have Skybox ingest all logs to provide an action plan.

The setup is straightforward; clear instructions.

FireMon, RedSeal.

Educate other IT teams about its value.

In my personal experience, I use a Skybox to do some proof of concept for clients. We show characteristics about how the client can connect their firewalls and network.

Within our company, three employees use this solution to run tests.

Skybox is a very busy environment because it shows me a client's or an organization's entire network. I can see everything. When I see an issue, Skybox allows me to create a new ticket to redirect to the pertinent area.

Honestly, I love this solution. As of now, although I have a minimum amount of experience with this solution, Skybox has been great.

I have been using this solution for six months.

This solution is very stable.

As we are new to this solution, we haven't attempted to scale it yet.

We haven't had to contact technical support yet. 

The initial setup was very easy. It took us one week to deploy it.

A developer helped install this solution — he was great.

Skybox is a great solution; I would absolutely recommend it to others. Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use it for Vulnerability Management.

Standard scanning solutions are not able to give any priority in terms of associated risk from identified vulnerabilities. Understanding the real exposure from vulnerabilities and associated assets can reduce the time and investment needed to mitigate risks.

Also, by reducing the number of vulnerabilities that have to be analyzed and managed we have the chance to create a process of management.

Identifies direct exposed vulnerabilities.

Firewall Change Management has to be improved with rules provisioning on firewalls because that is where the competition is going and is what customers need.

No issues with stability.

No issues with scalability.

Technical support is good.

Initial setup was simple because we approached the project in small steps.

The pricing is okay.

We evaluated Tufin, Algosec for Firewall Assurance. We did not evaluate other products for VC.

Involve network, security, and operations at the same table for smooth project startup.

• Potential attack vector discovery
• Network troubleshooting
• Security check
• Compliance

Aside from Firewall Assurance, we use Network Assurance for network visualisation and troubleshooting. Currently, we are not using the Change Manager Module.

User interface. A web interface would be better.

• Change Tracking (audit logs)
• Access Analyser (access checks)
• Compliance

No issues.

No changes to check.

It is sufficient.

No.

The initial setup was easy.

No.

Check product compatibility. In our case, during implementation, we realised approximately 30 devices were not supported by the Skybox platform.

We are a system integrator and this is one of the products that we implement for our clients. This is one of the vendors that we focus on, from a security standpoint.

Skybox has an amazing portfolio that makes up the security solution. You can onboard your network devices with the network assurance module. This includes layer three, layer two switches, load balancers, and so on. This partially builds the network model for the infrastructure and the entire security platform is built off of that.

With the combination of the vulnerability management database and third-party integration, vulnerability management is very rich. When you add the network model, Skybox can tell you exactly which vulnerabilities in the infrastructure are exploitable. I have seen examples where there are 7,000 vulnerabilities exposed at one time. This includes highlighting things that are open, or exposed.

The most valuable feature is firewall management. It is excellent. It works by onboarding different firewall vendors and together with network assurance, builds a complete network model.

Vulnerability management is very good and it has its own vulnerability database. It gives you the ability to integrate with vulnerability management tools like Nessus, which is used by Tenable, Rapid7, and Qualys. The vulnerability software also integrates with endpoint software such as Symantec, Trend Micro, and McAfee. This is important because in this era, the biggest threat is from the endpoint. This is where most of the attacks are coming from these days.

Skybox integrates with patch management, which contributes to the broad functionality.

Everything is controlled from a single pane of glass.

The Skybox Suite includes change management, which makes up part of the complete security solution.

Skybox Horizon is a dashboard that shows you all of the modules. It is nice because it can show granularity at the level of interest for the NOC or SOC, but it can also give executive dashboarding for the VP or CTO at a business level that is not as concerned about the details.

The out-of-the-box compliance is very good, as it handles PCI and ISO.

The Network Assurance, which helps to create the network model, is not so rich. It tells you the best part, and it gives you the alternate routes that are available based on the configuration and the routing table, but it doesn't give you the analytics. One of the issues with security is that if the network model is incorrect then no matter what I add on top of it, it's going to be of no use. Network modeling is the foundation for vulnerability management, test management, firewall management, and change management.

The focus on risk analytics is not very good and should be improved. It relies on the CVSS (Common Vulnerability Security Score), which gives you a vulnerability score based on the standard. The difficulty with this is that sometimes, risks are based on critical assets, and these can differ between environments. My critical assets, for example, may be different than those of my customers. As such, it doesn't give you a fully-fledged risk score. On top of this, it doesn't give you the flexibility to configure a set of weights to adjust the criticality of the assets, the users, and the entities within the infrastructure.

Another area where Skybox lacks is the calculation for combinations and permutations of traffic from each interface. For example, in RedSeal, if traffic comes in from one interface and doesn't go out the desired interface, you can see what is vulnerable, what the vulnerability is, what is exposed, what is exploitable, whether it is subject to an insider threat or an outside threat, what the criticality is, and so on. It is all related to network modeling and seeing what happens when an interface goes down. In general, it needs to be enhanced.

They have to improve their integration with vulnerability management tools. It is good with some products, such as Tenable, but not really good with Rapid7.

Technical support can be improved in some regards because certain teams are better than others.

There is no dashboard for ISR compliance or NESA compliance.

3 years

Skybox Suite is an unstable solution.

This is a scalable solution.

In the region that I am working in, the director has indicated that we want to target organizations with a minimum of 15 firewalls and 500 devices. Essentially, the networks are very big, the firewalls and devices might be from different vendors, and the operations teams are having trouble managing them.

Skybox, from a scalability perspective, is only for customers with a very large environment that is complex.

Scalability is also a factor when a customer is migrating to the cloud. Specifically, when transitioning from on-premises to the cloud the customer will need cloud-based firewalls, load balancing, sandboxing, etc. This means that the network map in Skybox needs to include the cloud.

When I am working on a deployment or on a PoC, and I see an issue with the software that is not related to the configuration, I open a ticket with the support team.

I am not always satisfied with the support that they provide. In general, I am satisfied, but there are different teams within Skybox that handle different modules. The firewall management team is the best, the network assurance team is very good, and the vulnerability and threat management team is not so good. Sometimes, I get the wrong person and I have to escalate the ticket to the highest priority and get the engineering team on it. With change management, I have only had technical support in regards to a single client.

The initial setup is straightforward, as you have a template for the network assurance.

This solution can be installed on-premises or as a cloud-based deployment with the virtual edition. The architecture for the latter is very simple. In a small environment with less than 1,000 devices, you can use one server, install the software, and it has a database associated with it. You just have to make sure that it can be accessed by every device across the VLAN.

The tricky part of the configuration has to do with vulnerability management, threat management, and change management. When it comes to difficulty, change management is the hardest one when it comes to configuration. The reason for this is that customers normally have their own change management solution, such as ServiceNow and they are not very comfortable offloading the ITSM to do change management. It's a hard shift and a difficult sell. If it is done properly, however, it can automatically identify the vulnerabilities and threats and mitigate them as per the change management policy. Workflows need to be defined. For example, when a firewall change is needed then it needs to know the chain of approval. Since every customer has their own approval or rejection procedure, it has to be based on their requirements.

When it comes to deployment, we use a "Land and Expand" strategy. We land with network assurance and firewall management, which gives the customer a taste of the product. From there, we onboard vulnerability management and threat management. I don't recommend to anybody that they start with this solution full-fledged because it will not necessarily yield a better ROI.

For a network of perhaps a thousand network devices, if all of the ports are open and the permissions are in place, then it should not take longer than two days. You can take one extra day for fine-tuning, but three days is more than enough. After this, it will take another two days for firewall management. When we consider the vulnerability management and threat management modules, we have to take them on a case-by-case basis.

Sometimes, a customer will not have a vulnerability management tool like Tenable or Rapid7, so we rely solely on the Skybox vulnerability database. We also integrate with endpoint solutions because of the importance of protecting them. As an example, if the customer is using McAfee for the endpoint protection then it will take me around three days to complete the integration. Certain vendors do not provide out of the box integration, so we have to use the API, which adds to the time required for deployment. Often, it can be done in three days.

Finally, change management is a tough thing to do that depends on the use cases. Without this aspect considered, I would say that the deployment can be completed in 15 days. This is all for a typical deployment. If the customer needs customization then it will change the deployment date.

A deployment engineer is a single person and I can do the deployment myself. It is not often very complex, as long as things are done correctly from the beginning. The checklist has to be complete, which means that the image has to be stable and the compute that you requested is there. You also need to ensure that the required port numbers for device accessibility are there from the server, and the database is there. Once all of that is in place, the configuration is not difficult.

When it comes to integration, the other vendor has to be available during the same period. It is sometimes difficult to schedule but it is necessary to complete the deployment in a specified timeframe.

The ROI would not be good for a smaller company, which is why Skybox is better for large networks. It may take three or four years for a small company to break even.

All of the firewall vendors have their own firewall manager. Fortinet, for example has FortiManager, whereas Palo Alto has Panorama. If a customer has only four firewalls and they are all from Fortinet then it makes more sense for them just to use FortiManager.

The value really comes in when there are a large number of firewalls and they are from different vendors. This is where 360-degree visibility really starts to help. When you see the amount of time it saves, this is where the ROI becomes obvious.

I have been evaluating other options including RedSeal, AlgoSec, Tufin, and FireMon. Each vendor has its own strengths and weaknesses. I think that the network modeling capability in RedSeal is far ahead of the rest. Also, in terms of vulnerability management, RedSeal is amazing.

FireMon is really lacking in terms of network modeling.

My best choice is RedSeal.

My advice to anybody who is implementing this product is to make sure that they utilize it. The usage of it should be mandated for the NOC and SOC. They should use a single dashboard to take care of all of your infrastructure components.

When a Skybox representative visits to discuss this solution, it is important to discuss the use cases properly. Have a good project plan and it is also very important to have the right partner. They should be certified, trained, and involved at all stages.

Overall, it is a pretty good product. When you use it, you will see the benefit of it.

I would rate this solution a seven out of ten.