Skybox Security Suite Reviews

I primarily use the solution for my firewall. It offers a firewall compliance test and can check and verify firewall configurations and firewall changes on a daily basis. They also send you information on which are activated and which should be deactivated.

The solution is very good at dealing with firewall changes and firewall compliance. For network assurance, you need to know the compliance for your related devices, for example, the configuration and your network and switches. The solution allows you to look for something that is already in review or consultation and provides proper configuration. 

The most important feature in Skybox is the offline attack simulation. It helps you understand what your priorities should be in terms of deployments or patches. It's important to know what is the most important and what is the least, due to the fact that, every day, if you have a large enterprise network, it would be very difficult to install all of the patches on your environment. By having the most important highlights, you can start there and work your way down the list of patches. 

The solution offers very nice dashboards and they've recently added a very good Java-based web interface.

The pricing is too high. 

Other competitors provide a solution that rebuilds holes from scratch and rebuilds configurations on all the holes. Skybox does not offer this capability. It's something they should add to their list of features.

The support could be improved. 

The implementation process could be a lot faster and much less complex.

The search functionality could be better. There's no way to exclude items from your search criteria, for example.

They need to find a way to revamp the firewalls in a professional way. They need to figure out a proper implementation strategy for the firewalls.

I've been using the solution for six years now.

The stability is actually okay. We don't have any issues in that sense.

In terms of scalability, if you need anything to be extended in your environment, you have to pay for Skybox security in order for it to be supported. It costs extra money to scale.

We have about 14 people in our organization who use the solution.

Support is not the greatest. 

If you need help with a new product or service, they seem to take forever to be able to help you. They'll also not help you unless you are on the newest versions, so they sort-of force upgrades.

The initial setup was not straightforward at all. In fact, it was quite complex. We took about one and a half years to stabilize Skybox. It took far too much time.

Normally, when you require assistance, like we did, it's via Skybox consultants.

Due to the cost of the solution, I've decided to switch products. I'm already paying a lot and I have to pay a subscription each year. I'm looking for another solution that would less money and could provide the same features.

The pricing is very expensive. If you have the enterprise version, you have multiple products and multiple versions you need to activate. If you need to do a replacement, for example, you'll have to pay for Skybox professional services in order to support your version.

Currently, the licensing costs me about $300 USD for the year. This is a huge amount for my environment.

We were looking at FireMon and another solution previously. It is my understanding that we will be switching to FireMon soon due to the relative costliness of this product. We're going to do a POC on FireMon, and if all the features we need are supported, we're likely to switch.

We're just a customer.

The latest version is 11, however, I am currently one version behind.

For small and medium-sized environments, this may not be the best solution, due to the cost involved. However, if you are an enterprise-level company, this might work well for you.

Overall, I would rate the solution nine out of ten.

We primarily use the solution for our management and optimization.

The solution's simplicity of use is its most valuable feature.

The solution needs more detailed reporting. In Skybox the reporting is good, but it could be improved.

The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.

I've been using the solution for about four years now.

We've found the product to be quite stable. We haven't come across any bugs or glitches. We also haven't experienced any crashes that would lead us to believe there was instability.

The scalability of the solution is very good. There's nothing stopping a company from expanding if they need to.

Reaching out to the solution's technical support wasn't in my remit. I'm the enterprise architect, so I don't get involved in tech support issues.

We did evaluate other solutions before choosing this one. In fact, I'd recommend other companies to also take a look at Tufin and AlgoSec. Evaluating each of these will help organizations pick the best solution for their needs.

We're just a customer. We're not a partner or reseller of the solution.

I'd rate the solution seven out of ten.

I'd recommend those considering the solution to also look at Tufin and AlgoSec. I'd advise anyone considering any of these three options to compare them together and request a detailed proof of concept.

In general, I'd recommend the product. 

We use the product for network visibility and firewall and vulnerability management.

The product's most valuable feature is vulnerability management.

Skybox Security Suite's attack surface management feature needs improvement.

We have been using Skybox Security Suite for four or five years.

I rate the product's stability a five or six out of ten. We encountered a few issues during data migration in terms of customization.

The product is highly scalable. It is suitable for enterprise businesses. I rate its scalability a ten out of ten.

The local support services are good. However, we encountered difficulties while using the multilingual feature for communicating with the support team.

Neutral

The initial setup process is easy. However, the complexity depends on the customer's environment, including the broker and control management system of a specific cloud. It takes around three hours to complete the process and a month for system integration.

The software is expensive. I rate its pricing an eight out of ten.

I rate Skybox Security Suite a six out of ten.

The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills.

They are not satisfied with the complexity of the solution and the price.

To be used, we must have proper skills that require additional support, and the entire potential of the tool is not utilized and addressed. As a result of a lack of skills, it is complex.

Network auditing, which AlgoSec does, could be included, or perhaps Sky Box does but we don't know how to use it.

The company has been using Skybox Security Suite for quite a while, and they are thinking about changing the solution.

They have been working with it for at least three years.

We are in a complex environment, and we have three teams, with approximately 30 people using it on various entities.

We did not contact technical support. We attempted to have the necessary skills in-house, but it was insufficient. That is why we are seeking alternatives.

We also, work with Tufin. We have not been working with it for that long, we are in the POC phase. We are testing the tool.

We are also considering AlgoSec. I believe that is our current favorite, but we don't have a final decision at this time, but it appears to be AlgoSec.

The environment is very complex.

The deployment took a long time. We are considering changing it because it simply did not finish. It's as if we didn't do it properly.

We have a team of two to maintain this solution.

The licensing fee is paid yearly and is approximately $100,000.

I am researching firewall security management tools like Tufin, and AlgoSec.

As a product manager, I don't work with any products. I am just assisting team members in finding alternatives. I am a consultant.

I believe it is a management contract. I believe that such solutions should not be handled on-premise, and we must obtain a proper support contract with SLAs from the service provider. When we do install it on-premises, we have no support, no feedback, and no commitment, except to extend the contract.

We are both customers and a partner with Skybox Security Suite.

I would rate Skybox Security Suite a five out of ten.

We use this solution for data encryption.

We provide and deploy this solution for our customers and show them how to extract the reports. Our customers are really happy.

If they run into any issues, we resolve their queries.

It's a good product. We can extract the data from it very easily.

It's very supportive and very user-friendly.

We are not using the solution and rely on customer feedback. If the customer does not provide any, then we can't recommend what could be better.

If they have had any kind of issues, then we are able to know and have it perform better.

I have been using this solution for four months.

We are using the latest version.

It's a stable solution. We haven't had any issues with stability in the four months that we have been using it.

It's a scalable product. We scaled our internal projects.

We only have single customers who are using this solution.

We have not contacted technical support because we have not any issues.

Our clients have not had any queries. If they do, then we would contact technical support.

It's easy to install and deploy.

It took one month to deploy to all of the branches.

The integration was done by the vendor. We didn't do any kind of integration.

We purchase the license for the product.

Customers do not purchase the license, we take care of that.

When compared with other companies, the license is more costly.

The price could be cheaper.

We have deployed this solution for our clients and have not received any complaints.

I would definitely recommend this solution to others.

I would rate Skybox Security Suite a ten out of ten.

The primary use case is security and network for security.

It has grown organically and become a full featured suite. If you have the funding, you can make it do all types of great things.

Security review is the most important feature, because it offers a single pane of glass to analyze multiple firewalls.

The vendor's support is terrible. The rest of the product is fine.

With certain versions, we have encountered stability.

The stability is fine for my organization.

The technical support is not good. I would rate them as a three out of 10.

We did not previously use a different solution.

The initial setup is easy.

The pricing has increased exorbitantly in the last few years, so now it is questionable. Now, it makes me want to review other products.

With licensing, the number of network nodes becomes very expensive to the point where you have to rationalize if the tools are warranted anymore.

Fully understand the total cost of ownership. They have gone to a new model where you have to replace the hardware every X amount of years at a very substantial cost and fully understand your intended number of nodes. To operate a firewall, you have to pay two licenses, a firewall node and a network node. If you are a reasonable-sized organization, this gets expensive very quickly.

We go through an evaluated reseller to purchase the product.

We did evaluate other options many years ago when Skybox was the leader in this space, but today, there are others that can compete.

I am looking at using other competitive products from other vendors. The reason would be because other people are using them and we need to or consolidate our tools.

I really like the product. I do not have the experience with its competitors, either in function or pricing. It is a very useful tool, especially for those who do not have access to the devices they are monitoring. Because of separation of duties, you often do not have access to the firewalls or network devices. This type of tool does a great job of reaching into those other devices producing risk recommendations, compliance recommendations, and a single plane of glass to do your queries, so you can find where these rules might exist.

We are a system integrator and this is one of the products that we implement for our clients. This is one of the vendors that we focus on, from a security standpoint.

Skybox has an amazing portfolio that makes up the security solution. You can onboard your network devices with the network assurance module. This includes layer three, layer two switches, load balancers, and so on. This partially builds the network model for the infrastructure and the entire security platform is built off of that.

With the combination of the vulnerability management database and third-party integration, vulnerability management is very rich. When you add the network model, Skybox can tell you exactly which vulnerabilities in the infrastructure are exploitable. I have seen examples where there are 7,000 vulnerabilities exposed at one time. This includes highlighting things that are open, or exposed.

The most valuable feature is firewall management. It is excellent. It works by onboarding different firewall vendors and together with network assurance, builds a complete network model.

Vulnerability management is very good and it has its own vulnerability database. It gives you the ability to integrate with vulnerability management tools like Nessus, which is used by Tenable, Rapid7, and Qualys. The vulnerability software also integrates with endpoint software such as Symantec, Trend Micro, and McAfee. This is important because in this era, the biggest threat is from the endpoint. This is where most of the attacks are coming from these days.

Skybox integrates with patch management, which contributes to the broad functionality.

Everything is controlled from a single pane of glass.

The Skybox Suite includes change management, which makes up part of the complete security solution.

Skybox Horizon is a dashboard that shows you all of the modules. It is nice because it can show granularity at the level of interest for the NOC or SOC, but it can also give executive dashboarding for the VP or CTO at a business level that is not as concerned about the details.

The out-of-the-box compliance is very good, as it handles PCI and ISO.

The Network Assurance, which helps to create the network model, is not so rich. It tells you the best part, and it gives you the alternate routes that are available based on the configuration and the routing table, but it doesn't give you the analytics. One of the issues with security is that if the network model is incorrect then no matter what I add on top of it, it's going to be of no use. Network modeling is the foundation for vulnerability management, test management, firewall management, and change management.

The focus on risk analytics is not very good and should be improved. It relies on the CVSS (Common Vulnerability Security Score), which gives you a vulnerability score based on the standard. The difficulty with this is that sometimes, risks are based on critical assets, and these can differ between environments. My critical assets, for example, may be different than those of my customers. As such, it doesn't give you a fully-fledged risk score. On top of this, it doesn't give you the flexibility to configure a set of weights to adjust the criticality of the assets, the users, and the entities within the infrastructure.

Another area where Skybox lacks is the calculation for combinations and permutations of traffic from each interface. For example, in RedSeal, if traffic comes in from one interface and doesn't go out the desired interface, you can see what is vulnerable, what the vulnerability is, what is exposed, what is exploitable, whether it is subject to an insider threat or an outside threat, what the criticality is, and so on. It is all related to network modeling and seeing what happens when an interface goes down. In general, it needs to be enhanced.

They have to improve their integration with vulnerability management tools. It is good with some products, such as Tenable, but not really good with Rapid7.

Technical support can be improved in some regards because certain teams are better than others.

There is no dashboard for ISR compliance or NESA compliance.

3 years

Skybox Suite is an unstable solution.

This is a scalable solution.

In the region that I am working in, the director has indicated that we want to target organizations with a minimum of 15 firewalls and 500 devices. Essentially, the networks are very big, the firewalls and devices might be from different vendors, and the operations teams are having trouble managing them.

Skybox, from a scalability perspective, is only for customers with a very large environment that is complex.

Scalability is also a factor when a customer is migrating to the cloud. Specifically, when transitioning from on-premises to the cloud the customer will need cloud-based firewalls, load balancing, sandboxing, etc. This means that the network map in Skybox needs to include the cloud.

When I am working on a deployment or on a PoC, and I see an issue with the software that is not related to the configuration, I open a ticket with the support team.

I am not always satisfied with the support that they provide. In general, I am satisfied, but there are different teams within Skybox that handle different modules. The firewall management team is the best, the network assurance team is very good, and the vulnerability and threat management team is not so good. Sometimes, I get the wrong person and I have to escalate the ticket to the highest priority and get the engineering team on it. With change management, I have only had technical support in regards to a single client.

The initial setup is straightforward, as you have a template for the network assurance.

This solution can be installed on-premises or as a cloud-based deployment with the virtual edition. The architecture for the latter is very simple. In a small environment with less than 1,000 devices, you can use one server, install the software, and it has a database associated with it. You just have to make sure that it can be accessed by every device across the VLAN.

The tricky part of the configuration has to do with vulnerability management, threat management, and change management. When it comes to difficulty, change management is the hardest one when it comes to configuration. The reason for this is that customers normally have their own change management solution, such as ServiceNow and they are not very comfortable offloading the ITSM to do change management. It's a hard shift and a difficult sell. If it is done properly, however, it can automatically identify the vulnerabilities and threats and mitigate them as per the change management policy. Workflows need to be defined. For example, when a firewall change is needed then it needs to know the chain of approval. Since every customer has their own approval or rejection procedure, it has to be based on their requirements.

When it comes to deployment, we use a "Land and Expand" strategy. We land with network assurance and firewall management, which gives the customer a taste of the product. From there, we onboard vulnerability management and threat management. I don't recommend to anybody that they start with this solution full-fledged because it will not necessarily yield a better ROI.

For a network of perhaps a thousand network devices, if all of the ports are open and the permissions are in place, then it should not take longer than two days. You can take one extra day for fine-tuning, but three days is more than enough. After this, it will take another two days for firewall management. When we consider the vulnerability management and threat management modules, we have to take them on a case-by-case basis.

Sometimes, a customer will not have a vulnerability management tool like Tenable or Rapid7, so we rely solely on the Skybox vulnerability database. We also integrate with endpoint solutions because of the importance of protecting them. As an example, if the customer is using McAfee for the endpoint protection then it will take me around three days to complete the integration. Certain vendors do not provide out of the box integration, so we have to use the API, which adds to the time required for deployment. Often, it can be done in three days.

Finally, change management is a tough thing to do that depends on the use cases. Without this aspect considered, I would say that the deployment can be completed in 15 days. This is all for a typical deployment. If the customer needs customization then it will change the deployment date.

A deployment engineer is a single person and I can do the deployment myself. It is not often very complex, as long as things are done correctly from the beginning. The checklist has to be complete, which means that the image has to be stable and the compute that you requested is there. You also need to ensure that the required port numbers for device accessibility are there from the server, and the database is there. Once all of that is in place, the configuration is not difficult.

When it comes to integration, the other vendor has to be available during the same period. It is sometimes difficult to schedule but it is necessary to complete the deployment in a specified timeframe.

The ROI would not be good for a smaller company, which is why Skybox is better for large networks. It may take three or four years for a small company to break even.

All of the firewall vendors have their own firewall manager. Fortinet, for example has FortiManager, whereas Palo Alto has Panorama. If a customer has only four firewalls and they are all from Fortinet then it makes more sense for them just to use FortiManager.

The value really comes in when there are a large number of firewalls and they are from different vendors. This is where 360-degree visibility really starts to help. When you see the amount of time it saves, this is where the ROI becomes obvious.

I have been evaluating other options including RedSeal, AlgoSec, Tufin, and FireMon. Each vendor has its own strengths and weaknesses. I think that the network modeling capability in RedSeal is far ahead of the rest. Also, in terms of vulnerability management, RedSeal is amazing.

FireMon is really lacking in terms of network modeling.

My best choice is RedSeal.

My advice to anybody who is implementing this product is to make sure that they utilize it. The usage of it should be mandated for the NOC and SOC. They should use a single dashboard to take care of all of your infrastructure components.

When a Skybox representative visits to discuss this solution, it is important to discuss the use cases properly. Have a good project plan and it is also very important to have the right partner. They should be certified, trained, and involved at all stages.

Overall, it is a pretty good product. When you use it, you will see the benefit of it.

I would rate this solution a seven out of ten.

We use it to verify firewall compliance with NIST best practices for access and that our firewalls are configured correctly. We're also getting ready to roll out their Vulnerability Management package.

We mostly use Firewall Assurance and we're getting ready to start using Vulnerability Control.

What we have done is found a lot of misconfigured stuff on firewalls. Our company, Verisk, is a company that buys other companies. We have 70 or so companies at last count and most of them are founder-based companies we bought. They had little to no idea of how to actually secure a firewall correctly. Using Skybox, when we bring them on we take a look at how their firewalls are configured and then make recommendations as far as what they need to do to tighten it up. That is the main function we've been using it for and that is where we have gotten the most benefit out of it.

From Firewall Assurance, the only other real benefit you get is eliminating shadowed rules and redundant rules. You can optimize a little bit based on real usage to move the rules that are used more towards the top of the access lists so that the firewall processes them a little faster. It's a small benefit but it's definitely something that, depending on your business, may be important to you.

The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines.

Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything.

In our business, our company buys a lot of other companies and a lot of them manage themselves. Unfortunately, for Firewall Assurance in particular, if you need a group of people to be able to manage their firewalls and only theirs, it's almost impossible because to add a new firewall you have to be an admin, and you can't limit what an admin sees. If I want a particular company to be able to add their firewalls, they're going to see everybody else's firewalls as well, which is much more access than they need. That is one thing I would love to see fixed.

Stability is good. They do come out with a lot of patches and the updating process, while not a pain, is pretty frequent.

We had to separate our initial appliance into the server and a separate collector just because we have, at last count, about 120 firewalls in there. Collecting all the firewall information in all the logs daily during off hours, it started to get a little choked up. When we separated the server and the collector onto two different machines that fixed the problem.

On a scale of one to 10, I would rate Skybox technical support at about eight. It's not perfect, but good. They are not always able to answer questions on first contact but the questions always get answered. The answer is not always what I want to hear, but they do get answered.

I used the AlgoSec. AlgoSec wasn't broken up into modules, it was one solution. It was good; again, not perfect, but then their prices just got ridiculous. The fact that Skybox is broken up into modules and you only have to pay for what you're actually going to use, that was the main reason for switching. The pricing was secondary. AlsoSec doesn't do everything that Skybox does, but they were charging a lot more.

Setup is relatively straightforward. There were a couple of things that I found a little difficult. They have an Add Firewall Wizard, but if you want to create a task list or a task group that runs on a certain schedule, it's almost easier to import the firewall as a task rather than using the wizard. You almost have to do the work twice if you do use the wizard. 

The other difficulty was, it really wasn't made clear that separating the server and the collector, for a certain number of firewalls or over, was a best practice. Having to go back and redo that was a little bit of a surprise.

But overall, it's relatively easy to use. There is a little bit of learning curve to figure out how to get the right information out of the reporting. But once you do it, it works.

As with anything else, I would love it to be less expensive, but do I think pricing is a good value? Sure.

I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been. When you get the licenses you just put in the license numbers so it's working. That part is easy. It's getting the correct licenses that can be a little cumbersome.

We looked at AlgoSec, but their pricing was too high. And previously I had looked at Tufin but they just didn't have the wealth of features that either Skybox or AlgoSec have. Overall, we evaluated other stuff. It's just that Skybox made the most sense for us.

• Determine what your needs are.
• Buy only the products you need, when you need them.
• Make sure that your sales engineer goes over best practices with you so that you do it right the first time.