Please share with the community what you think needs improvement with Skybox Security Suite.
What are its weaknesses? What would you like to see changed in a future version?
The Network Assurance, which helps to create the network model, is not so rich. It tells you the best part, and it gives you the alternate routes that are available based on the configuration and the routing table, but it doesn't give you the analytics. One of the issues with security is that if the network model is incorrect then no matter what I add on top of it, it's going to be of no use. Network modeling is the foundation for vulnerability management, test management, firewall management, and change management. The focus on risk analytics is not very good and should be improved. It relies on the CVSS (Common Vulnerability Security Score), which gives you a vulnerability score based on the standard. The difficulty with this is that sometimes, risks are based on critical assets, and these can differ between environments. My critical assets, for example, may be different than those of my customers. As such, it doesn't give you a fully-fledged risk score. On top of this, it doesn't give you the flexibility to configure a set of weights to adjust the criticality of the assets, the users, and the entities within the infrastructure. Another area where Skybox lacks is the calculation for combinations and permutations of traffic from each interface. For example, in RedSeal, if traffic comes in from one interface and doesn't go out the desired interface, you can see what is vulnerable, what the vulnerability is, what is exposed, what is exploitable, whether it is subject to an insider threat or an outside threat, what the criticality is, and so on. It is all related to network modeling and seeing what happens when an interface goes down. In general, it needs to be enhanced. They have to improve their integration with vulnerability management tools. It is good with some products, such as Tenable, but not really good with Rapid7. Technical support can be improved in some regards because certain teams are better than others. There is no dashboard for ISR compliance or NESA compliance.
The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving.
The solution was quite technical. It would be easier to manage if the solution was more specific about certain aspects and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything. The solution requires more integration in terms of automation features. It would be great to have proxies, IDs, IPs, firewalls, certain network centers, etc. on the solution. If more of that can be looked at or reviewed from a Skybox standpoint it would be helpful. The solution needs to expand its scope.
The solution needs more detailed reporting. In Skybox the reporting is good, but it could be improved. The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.
We really need to see how it can help us with cloud connectivity. It's there but I think it could give us a far better visualization.
As a reseller, I feel the marketing of this product could be better. It seems awareness is a bit low. We are trying to get the message out. I equate it to the early Palo Alto Networks days, where we had to market the concept of what a next-gen firewall was before we could get customers to buy in.
The vendor's support is terrible. The rest of the product is fine.
Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything. In our business, our company buys a lot of other companies and a lot of them manage themselves. Unfortunately, for Firewall Assurance in particular, if you need a group of people to be able to manage their firewalls and only theirs, it's almost impossible because to add a new firewall you have to be an admin, and you can't limit what an admin sees. If I want a particular company to be able to add their firewalls, they're going to see everybody else's firewalls as well, which is much more access than they need. That is one thing I would love to see fixed.