Skybox Security Suite Reviews

Our company uses the solution to provide firewall and vulnerability management for customers. We work with our customer's IT and cybersecurity departments to determine the use case such as viral assurance, network assurance, and change management. We have implemented the solution for 60 customers. 

We provide firewall management for customers who can afford to purchase the Skybox firewall model. 

Most of our use cases are implementing Skybox Control as a firewall tool. We provide customers with more focus so they can understand attack vectors and whether they come from different parts of a network or a partner workforce. The vulnerability control determines how we operate with an attack vector. For example, we might close ports, close some vectors, or patch software. 

The solution is mature and powerful because it includes elaborate tools for getting a focused view of an infrastructure or creating attack vectors based on details from Qualys and Tenable. 

Robust modules can be used for different parts of network security to match the business needs of big organizations. 

There is a strong focus on customer retention because the customer satisfaction department works with the development department to implement customers' feedback in new releases.

The solution does not support certain devices or vendors in some regions or countries due to regulations. A universal connector would be an interesting way to ensure that support is worldwide. 

The UX interface could be simplified and more convenient. 

I have been using the solution for eight years. 

The solution has a mature environment and is quite stable. We properly implement any hardware and cover the infrastructure so we have no issues with operating and analyzing data. 

The solution includes tools for backup. If for some reason a customer experiences a slow down, then it takes only ten or twenty minutes to use the backup and recover. 

The solution is scalable so it works well for retail. For example, you can use a number of consoles or servers that operate with specific data in a specific segment. You can have a management server with a proxy in a different part of the network that operates specific devices on a segment or provides data for analyzing a management service. 

You can add RAM or cores for virtual machines if you need more or deeper infrastructure segments. 

Training and technical support are provided at no extra charge. 

Most of our customers were using custom tools or scripts. They may have been trying to get insights from Cisco or Juniper. 

Once businesses grow and mature, they understand the need for viral or vulnerability management tools. The solution can operate with custom tools so it provides the needed coverage.

For example, customers might have specific scanners but they do not cover or provide reports for all of the infrastructure's vulnerabilities. It is important for IT to manage the configuration of all network devices while competently managing vulnerabilities.  

I have years of experience so setup is quite simple. 

It is important to understand networking and how various modules work. In general, a bit of training from the solution's partners is beneficial. 

We implement the solution for customers. Easy use cases can be completed by one technician and more complex security networks might be completed by three technicians. 

We train our internal team and provide training to customers that includes general administration or common issues. 

One or two administrators can handle hardware maintenance and report interpretation. 

We work with customers to understand their ROI. The buy-in cost varies by customer because it is based on the modules selected. 

The cost of implementation might end up being equal to a yearly salary but the importance of cybersecurity cannot be outweighed. 

The solution is based on a subscription model with annual licenses. Modules of interest are purchased separately. Training and updates are included at no extra charge. 

A perpetual license used to be popular but is rarely used these days. 

The solution is the most interesting for customers because its complexity and power is a match to different parts of networks. 

AlgoSec is the toughest tool for viral management so is an option for customers who only want to focus on that. 

It is important to understand your company's needs. Jumping in and implementing all functionality or modules is not advised because they might not be needed.

Additionally, module implementation is complex because you must meet corporate compliance requirements for library management, network maps, and network security.

Take a step-by-step approach and try modules before purchasing them. Understand your needs and see if modules match them. 

I rate the solution an eight out of ten. 

Our company's main use case for Skybox Security Suite is typically for user architects. Since our company primarily serves enterprise clients, Skybox is often used as a cost-effective solution.

Overall, the tool has helped us reduce risks. If any step is missing, it's easier for my team or engineers to identify it. The tool provides accurate recommendations based on the data. Its integration is easy, and I have integrated it with Fortinet firewalls. 

The setup is expensive.

I have been using the product for one and a half years. 

The product's support offers remote assistance and is available in many countries. 

Neutral

The tool's deployment takes one month to complete. 

Skybox Security Suite has indeed helped us reduce costs. The prices of AlgoSec and Skybox Security Suite are approximately 50 percent different. The tool may require special vendor support from abroad, resulting in slightly higher costs. Its pricing is in the middle. 

I rate the overall product a seven out of ten. 

The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills.

They are not satisfied with the complexity of the solution and the price.

To be used, we must have proper skills that require additional support, and the entire potential of the tool is not utilized and addressed. As a result of a lack of skills, it is complex.

Network auditing, which AlgoSec does, could be included, or perhaps Sky Box does but we don't know how to use it.

The company has been using Skybox Security Suite for quite a while, and they are thinking about changing the solution.

They have been working with it for at least three years.

We are in a complex environment, and we have three teams, with approximately 30 people using it on various entities.

We did not contact technical support. We attempted to have the necessary skills in-house, but it was insufficient. That is why we are seeking alternatives.

We also, work with Tufin. We have not been working with it for that long, we are in the POC phase. We are testing the tool.

We are also considering AlgoSec. I believe that is our current favorite, but we don't have a final decision at this time, but it appears to be AlgoSec.

The environment is very complex.

The deployment took a long time. We are considering changing it because it simply did not finish. It's as if we didn't do it properly.

We have a team of two to maintain this solution.

The licensing fee is paid yearly and is approximately $100,000.

I am researching firewall security management tools like Tufin, and AlgoSec.

As a product manager, I don't work with any products. I am just assisting team members in finding alternatives. I am a consultant.

I believe it is a management contract. I believe that such solutions should not be handled on-premise, and we must obtain a proper support contract with SLAs from the service provider. When we do install it on-premises, we have no support, no feedback, and no commitment, except to extend the contract.

We are both customers and a partner with Skybox Security Suite.

I would rate Skybox Security Suite a five out of ten.

It's for integrating with firewall logs, and we are looking for automation where we can actually select all of the network architecture. Then, we can understand the rules that are available. We can look at the complexity as to whether the rules are compliant as per the standards or not. It's depends on the compliant order.

We are currently working on rule review and compliance. The logging features are good.

As for room for improvement, there are issues in logging. The logs are not coming into the log.

There are multiple dashboards but no custom dashboard. It would be good to include a custom dashboard so that we can actually choose which field and what kinds of things we want to look at.

We've been using it for probably more than six months.

In terms of scalability, I would give it a six out of ten. The logging features are good, but zones and zone mapping to get interactive topology are not straightforward.

I would give technical support an eight out of ten.

Positive

I used AlgoSec at another company. Skybox Security Suite is nicer than AlgoSec.

The initial setup is pretty straightforward. It gets more complex only when you try to integrate with the logs.

The implementation of Skybox is straightforward and you can integrate and get the logs and compliance reporting.

The integration might be a little tricky and may need tweaking.

Overall, I give Skybox Security Suite a seven out of ten.

Our clients are using it from the firewall assurance perspective. They want to do an audit of their firewalls. So, the use cases are related to policy audit, such as which shadow rules they have and which rules are not getting utilized. 

We are recommending the latest version to our clients because sometimes, a lot of integrations are required with respect to different firewalls and virtual devices. If we are using an old version, some of the things are not getting integrated. That's why we are going with the latest or the latest minus one version.

To my knowledge, most of the deployments that we have done are on-prem.

It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base.

It is reliable, and their support is good.

Change Manager can be improved. If they can improve Change Manager so that whatever we want to do on a firewall, we are able to do it through Change Manager, it will be helpful for us. Whenever we are doing a change, it only does them at an L3 and L4 level, but all the firewalls are at the application layer. So, whatever needs to be done on the firewall, we aren't able to get it done through Change Manager. Currently, this functionality is not there because of which we are sometimes losing customers. I can create a role on Layer 3, Layer 4, but when it comes to the application layer, such as configuring and defining URLs or other things at the application level, it can't be done through Change Manager. Customers demand that they should be able to do everything through Change Manager. They don't want to do it through some other mechanism to accomplish their complete change management policy. They don't want to use a firewall manager because sometimes, they don't have any manager. They ask if they can use our solution so that a manager is not required. If Change Manager can do all the management automatically without involving any other manager, it will be great. They can also provide better integration with other managers so that everything can be done through a central point.

On the OT side, if they can provide more visibility, it would help. We are working on some of the features related to OT, so more visibility would be helpful.

We have been working with this solution for two to three years.

It is reliable. Whatever features are there, they are reliable.

As of now, we don't have any challenges with scalability. If we are fulfilling all prerequisites, it is okay. 

Earlier, in some of the cases, it was a bit slow, but if we are fulfilling all the requirements, it gives a good performance. For a PoC, when we were using an old platform, the performance was not up to the mark, but when we use the latest platform and hardware, the performance is good.

Their support is good. Support is not a challenge.

It is not complex.

We are acting as a vendor and distributor for Skybox in India. So, our team is taking care of whatever implementations are coming on behalf of Skybox.

Licensing is normally on a yearly basis. There may also be a perpetual license. Normally, the customers ask for a lower price. If you want to sell more, you have to think about it.

I would definitely recommend this solution. If you have a complex network with more than 20 firewalls, it is better to go with this solution. It might not be suitable if you have only four or five firewalls, but when the network is complex, or you are managing a data center with a lot of security challenges, I would recommend this solution.

I would rate this solution a nine out of 10.

I mainly use Skybox to harden firewall rules and for rule usage analysis and compliances. We also use it for configuration compliance for firewalls, most of the Cisco switches and routers, and enterprise firewall vendors.

The most impressive feature is optimization and clean-up.

Skybox should improve their UX features by making them easier to use. They're also trying to transfer from Java GUI to web-based systems, but it's not consistent right now, so they need to develop and improve the features on that side. I mean, the native Java based GUI results and the new Web GUI results are not always the same. I have experienced some inconsistency results among them. So, I need to trust newer GUI for results.

I've been using Skybox Security Suite for more than five years.

Skybox is scalable.

Skybox's technical support is fine, but getting help takes some time because they request rules and models and pack logs instead of offering a remote session.

Neutral

The initial setup was extremely straightforward - the installation took about twenty minutes, but the integration took some more time because there were lots of different vendors and integrations. We also had some problems with login and port rules, which delayed integration. 

Skybox comes with extra licenses and has a change management license. The licenses are expensive, but they come with extra value.

Skybox is a full-feature product that comes with different modules like firewall and network assurance, network mapping, and a vulnerability control module. It's a very, very good solution for medium and large companies. I would advise anyone thinking of implementing Skybox to use a professional team to do the integration. I would rate Skybox seven out of ten.

We use this solution for data encryption.

We provide and deploy this solution for our customers and show them how to extract the reports. Our customers are really happy.

If they run into any issues, we resolve their queries.

It's a good product. We can extract the data from it very easily.

It's very supportive and very user-friendly.

We are not using the solution and rely on customer feedback. If the customer does not provide any, then we can't recommend what could be better.

If they have had any kind of issues, then we are able to know and have it perform better.

I have been using this solution for four months.

We are using the latest version.

It's a stable solution. We haven't had any issues with stability in the four months that we have been using it.

It's a scalable product. We scaled our internal projects.

We only have single customers who are using this solution.

We have not contacted technical support because we have not any issues.

Our clients have not had any queries. If they do, then we would contact technical support.

It's easy to install and deploy.

It took one month to deploy to all of the branches.

The integration was done by the vendor. We didn't do any kind of integration.

We purchase the license for the product.

Customers do not purchase the license, we take care of that.

When compared with other companies, the license is more costly.

The price could be cheaper.

We have deployed this solution for our clients and have not received any complaints.

I would definitely recommend this solution to others.

I would rate Skybox Security Suite a ten out of ten.

I primarily use the solution for my firewall. It offers a firewall compliance test and can check and verify firewall configurations and firewall changes on a daily basis. They also send you information on which are activated and which should be deactivated.

The solution is very good at dealing with firewall changes and firewall compliance. For network assurance, you need to know the compliance for your related devices, for example, the configuration and your network and switches. The solution allows you to look for something that is already in review or consultation and provides proper configuration. 

The most important feature in Skybox is the offline attack simulation. It helps you understand what your priorities should be in terms of deployments or patches. It's important to know what is the most important and what is the least, due to the fact that, every day, if you have a large enterprise network, it would be very difficult to install all of the patches on your environment. By having the most important highlights, you can start there and work your way down the list of patches. 

The solution offers very nice dashboards and they've recently added a very good Java-based web interface.

The pricing is too high. 

Other competitors provide a solution that rebuilds holes from scratch and rebuilds configurations on all the holes. Skybox does not offer this capability. It's something they should add to their list of features.

The support could be improved. 

The implementation process could be a lot faster and much less complex.

The search functionality could be better. There's no way to exclude items from your search criteria, for example.

They need to find a way to revamp the firewalls in a professional way. They need to figure out a proper implementation strategy for the firewalls.

I've been using the solution for six years now.

The stability is actually okay. We don't have any issues in that sense.

In terms of scalability, if you need anything to be extended in your environment, you have to pay for Skybox security in order for it to be supported. It costs extra money to scale.

We have about 14 people in our organization who use the solution.

Support is not the greatest. 

If you need help with a new product or service, they seem to take forever to be able to help you. They'll also not help you unless you are on the newest versions, so they sort-of force upgrades.

The initial setup was not straightforward at all. In fact, it was quite complex. We took about one and a half years to stabilize Skybox. It took far too much time.

Normally, when you require assistance, like we did, it's via Skybox consultants.

Due to the cost of the solution, I've decided to switch products. I'm already paying a lot and I have to pay a subscription each year. I'm looking for another solution that would less money and could provide the same features.

The pricing is very expensive. If you have the enterprise version, you have multiple products and multiple versions you need to activate. If you need to do a replacement, for example, you'll have to pay for Skybox professional services in order to support your version.

Currently, the licensing costs me about $300 USD for the year. This is a huge amount for my environment.

We were looking at FireMon and another solution previously. It is my understanding that we will be switching to FireMon soon due to the relative costliness of this product. We're going to do a POC on FireMon, and if all the features we need are supported, we're likely to switch.

We're just a customer.

The latest version is 11, however, I am currently one version behind.

For small and medium-sized environments, this may not be the best solution, due to the cost involved. However, if you are an enterprise-level company, this might work well for you.

Overall, I would rate the solution nine out of ten.