Skybox Security Suite Reviews

We use it to verify firewall compliance with NIST best practices for access and that our firewalls are configured correctly. We're also getting ready to roll out their Vulnerability Management package.

We mostly use Firewall Assurance and we're getting ready to start using Vulnerability Control.

What we have done is found a lot of misconfigured stuff on firewalls. Our company, Verisk, is a company that buys other companies. We have 70 or so companies at last count and most of them are founder-based companies we bought. They had little to no idea of how to actually secure a firewall correctly. Using Skybox, when we bring them on we take a look at how their firewalls are configured and then make recommendations as far as what they need to do to tighten it up. That is the main function we've been using it for and that is where we have gotten the most benefit out of it.

From Firewall Assurance, the only other real benefit you get is eliminating shadowed rules and redundant rules. You can optimize a little bit based on real usage to move the rules that are used more towards the top of the access lists so that the firewall processes them a little faster. It's a small benefit but it's definitely something that, depending on your business, may be important to you.

The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines.

Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything.

In our business, our company buys a lot of other companies and a lot of them manage themselves. Unfortunately, for Firewall Assurance in particular, if you need a group of people to be able to manage their firewalls and only theirs, it's almost impossible because to add a new firewall you have to be an admin, and you can't limit what an admin sees. If I want a particular company to be able to add their firewalls, they're going to see everybody else's firewalls as well, which is much more access than they need. That is one thing I would love to see fixed.

Stability is good. They do come out with a lot of patches and the updating process, while not a pain, is pretty frequent.

We had to separate our initial appliance into the server and a separate collector just because we have, at last count, about 120 firewalls in there. Collecting all the firewall information in all the logs daily during off hours, it started to get a little choked up. When we separated the server and the collector onto two different machines that fixed the problem.

On a scale of one to 10, I would rate Skybox technical support at about eight. It's not perfect, but good. They are not always able to answer questions on first contact but the questions always get answered. The answer is not always what I want to hear, but they do get answered.

I used the AlgoSec. AlgoSec wasn't broken up into modules, it was one solution. It was good; again, not perfect, but then their prices just got ridiculous. The fact that Skybox is broken up into modules and you only have to pay for what you're actually going to use, that was the main reason for switching. The pricing was secondary. AlsoSec doesn't do everything that Skybox does, but they were charging a lot more.

Setup is relatively straightforward. There were a couple of things that I found a little difficult. They have an Add Firewall Wizard, but if you want to create a task list or a task group that runs on a certain schedule, it's almost easier to import the firewall as a task rather than using the wizard. You almost have to do the work twice if you do use the wizard. 

The other difficulty was, it really wasn't made clear that separating the server and the collector, for a certain number of firewalls or over, was a best practice. Having to go back and redo that was a little bit of a surprise.

But overall, it's relatively easy to use. There is a little bit of learning curve to figure out how to get the right information out of the reporting. But once you do it, it works.

As with anything else, I would love it to be less expensive, but do I think pricing is a good value? Sure.

I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been. When you get the licenses you just put in the license numbers so it's working. That part is easy. It's getting the correct licenses that can be a little cumbersome.

We looked at AlgoSec, but their pricing was too high. And previously I had looked at Tufin but they just didn't have the wealth of features that either Skybox or AlgoSec have. Overall, we evaluated other stuff. It's just that Skybox made the most sense for us.

• Determine what your needs are.
• Buy only the products you need, when you need them.
• Make sure that your sales engineer goes over best practices with you so that you do it right the first time.

We use it for change management control and firewall policy management.This helps is keeping the compliance is Check

When we are adding new users to the network it has an impact on the security posture of the organization. So we use this product to do analysis, what kind of impact it will have on the security. What are the particular applications which may be required in terms of access controls, what are the changes, what are the policies we should put on the firewall? And in case we need to have a temporary policy, we can then revert back to the original one. All of these things have really helped us improve the security and network systems.

Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool. It's the most important one to use.

We really need to see how it can help us with cloud connectivity. It's there but I think it could give us a far better visualization.

It's a stable product.

We've had no issues with scalability.

Technical support is not something which I would rate very high. Support is available but they need to ensure that they bring in their local team to give us support. I wouldn't say that it is bad, but it's not top-notch.

We were not using any solution before this one.

The initial setup was complex, a little complex, but I think that is what the product entails. There was good documentation available on site from Skybox.

Pricing is on the higher side.

In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at.

We did evaluate other products, including Tufin, but we chose this one.

Anyone implementing this product should bring together the teams which have security and network understanding, as a part of the project and, of course, they should look into the product properly before they implement it.

I rate this product at about seven out of ten. The product is good but pricing and technical support are the ones which take marks off.

The use case is firewall rule lifecycle management.

This is something we are on the way to doing.

Network path analysis is the most valuable feature. There is a lot of work in my team to support internal and external customers, to answer their questions and difficulties with connectivity that doesn’t work. Mostly, the problem is missing orders. So if the customer can do the network path analysis for himself, the customer is able to write the request for the missing connectivity, without any support from my team.

Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset. 

At the moment we have a lot of work in implementing the tool in our workflow, so we are not looking for new features. But this could change in the next six to 12 months.

We have had some issues implementing the tool, but we are in contact with Professional Services to fix them.

No issues with scalability at the moment.

We are still in project mode, and we have direct contact.

No previous solution.

It was not so straightforward, but we bought onsite support from Skybox Professional Services.

The pricing is high, and the licensing model needs more flexibility.

In my case it was important to know the workflow, and then to look for a tool that could support this workflow to make it easier.

The primary use of this solution is as a firewall and for cybersecurity.

We are a solution provider and this is one of the security solutions that we implement for our customers.

Our customers have not had any complaints about the Skybox Security Suite.

The most valuable features are Firewall Assurance and Vulnerability Control.

This solution is easy to use.

This device has support for 130 vendors.

The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving.

I have been using Skybox Security Suite for about six months.

Our customers have not faced any issues with stability.

We have not had to contact technical support.

The initial setup is easy.

We have an in-house team to deploy this solution. We have four or five engineers who can deploy and perform maintenance.

The price is not expensive.

This solution is pretty good. Our customers have found that Skybox has a lot of good features and I don't expect that any of them will be changing to another product.

I would rate this solution a nine out of ten.

Aside from Firewall Assurance, we use Vulnerability Control and Change Manager to prioritize and focus on key risks.

Focuses resources on business-critical remediation, as opposed to remediation that is quantity-based.

The platform provides insight and context from many threat logs and prioritizes them. 

There is not anything on the market that 

• correlates logs and threats and prioritizes 
• provides network maps
• provides change result context and resulting vulnerability 

for the network/enterprise.

As a reseller, I feel the marketing of this product could be better. It seems awareness is a bit low. We are trying to get the message out. I equate it to the early Palo Alto Networks days, where we had to market the concept of what a next-gen firewall was before we could get customers to buy in.

No issues with stability.

No issues with scalability.

Technical support is excellent.

We use several different solutions: Qualys, ServiceNow, Rapid7. We did not switch but have Skybox ingest all logs to provide an action plan.

The setup is straightforward; clear instructions.

FireMon, RedSeal.

Educate other IT teams about its value.

In my personal experience, I use a Skybox to do some proof of concept for clients. We show characteristics about how the client can connect their firewalls and network.

Within our company, three employees use this solution to run tests.

Skybox is a very busy environment because it shows me a client's or an organization's entire network. I can see everything. When I see an issue, Skybox allows me to create a new ticket to redirect to the pertinent area.

Honestly, I love this solution. As of now, although I have a minimum amount of experience with this solution, Skybox has been great.

I have been using this solution for six months.

This solution is very stable.

As we are new to this solution, we haven't attempted to scale it yet.

We haven't had to contact technical support yet. 

The initial setup was very easy. It took us one week to deploy it.

A developer helped install this solution — he was great.

Skybox is a great solution; I would absolutely recommend it to others. Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use it for Vulnerability Management.

Standard scanning solutions are not able to give any priority in terms of associated risk from identified vulnerabilities. Understanding the real exposure from vulnerabilities and associated assets can reduce the time and investment needed to mitigate risks.

Also, by reducing the number of vulnerabilities that have to be analyzed and managed we have the chance to create a process of management.

Identifies direct exposed vulnerabilities.

Firewall Change Management has to be improved with rules provisioning on firewalls because that is where the competition is going and is what customers need.

No issues with stability.

No issues with scalability.

Technical support is good.

Initial setup was simple because we approached the project in small steps.

The pricing is okay.

We evaluated Tufin, Algosec for Firewall Assurance. We did not evaluate other products for VC.

Involve network, security, and operations at the same table for smooth project startup.

• Potential attack vector discovery
• Network troubleshooting
• Security check
• Compliance

Aside from Firewall Assurance, we use Network Assurance for network visualisation and troubleshooting. Currently, we are not using the Change Manager Module.

User interface. A web interface would be better.

• Change Tracking (audit logs)
• Access Analyser (access checks)
• Compliance

No issues.

No changes to check.

It is sufficient.

No.

The initial setup was easy.

No.

Check product compatibility. In our case, during implementation, we realised approximately 30 devices were not supported by the Skybox platform.