RealTime IT News

SkyBox Offers Risk Management For Network Security

It's not the strength of your attacker, but the weakness of your network.

Although security remains a top IT spending priority, companies may often focus on the wrong issues.

Most security solutions identify critical vulnerabilities based on third-party analysis, but those vulnerabilities don't mean the same thing for every network.

"One of the problems with most security tools is they can't tell how an attacker uses different vectors to get to a single point of your network," said Amrit Williams, an analyst with Gartner, a research firm based in Stamford, CT.

That's the value of solutions that do threat modeling and attack path analysis, noted Williams.

Skybox Security, based in San Jose, Calif., provides a suite of security risk management tools called Skybox View, that does just that.

The solution provides IT administrators with a holistic view of all of their firewalls, routers and servers and the security tools and policies that protect their networks.

Skybox View is intended to help measure the relative strengths and weaknesses of each layer of security, and identify policy violations that may need attention.

According to Ed Cooper, vice president of worldwide marketing for Skybox, the solution helps IT administrators prioritize their tasks.

"Eighty-five percent of vulnerabilities [in a given network] are already blocked," he told internetnews.com.

"The 15 percent that aren't blocked are the ones you should be focused on."

"Why would you mitigate a high-ranked vulnerability that is buried in your network when there is a low-ranked vulnerability sitting up by the perimeter?" he said.

According to Cooper, Skybox View also allows users to create a virtual model of their network.

This can help administrators determine where the network might be vulnerable to worms; it can also help determine which features of security tools in place the administrators should enable.

"Most sophisticated companies have invested in intrusion prevention systems," said Cooper. "But they're not using all the capabilities of those tools because they're afraid of false positives."

Cooper also noted that Skybox View offers administrators a holistic view of how their systems work together.

"People are by and large still flying blind. They have no ability to understand the impacts of how their systems are working together," he said.

Williams noted that increasing visibility into a system can never be a bad thing, but it's not a panacea either.

"The success or value of threat modeling and attack path analysis is highly dependent on having a process and a team to analyze the results so that action can be taken and better decisions can be made," he said.

Indeed, while Cooper argued that the Skybox solution could automate a firewall audit process that could take a full year to accomplish, and get it done in five minutes, Williams cautioned that it's not that simple.

"Technology doesn't replace the need for a process to deal with the information and a set of people who can analyze the data," he said.