IT Central Station is now PeerSpot: Here's why

Skybox Security Suite OverviewUNIXBusinessApplication

Skybox Security Suite is #6 ranked solution in top Firewall Security Management tools and #10 ranked solution in top Vulnerability Management tools. PeerSpot users give Skybox Security Suite an average rating of 8 out of 10. Skybox Security Suite is most commonly compared to AlgoSec: Skybox Security Suite vs AlgoSec. Skybox Security Suite is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
Skybox Security Suite Buyer's Guide

Download the Skybox Security Suite Buyer's Guide including reviews and more. Updated: June 2022

What is Skybox Security Suite?

The Skybox Security Suite platform combines firewall and network device data with vulnerability and threat intelligence, prioritizing security issues in the context of your unique environment. Powerful attack vector analytics reduce response times and risks, bringing firewall, vulnerability and threat management processes for complex networks under control.

Firewall Assurance brings all firewalls into one normalized view, continuously monitoring policy compliance, optimizing firewall rulesets and finding attack vectors that others miss. Skybox covers the most comprehensive list of firewall vendors, complex rulesets, even virtual and cloud-based firewalls. With proven scalability in 1,500+ firewall deployments, Firewall Assurance keeps rules optimized and ensures changes don’t introduce new risk. 

Gain total visibility of the vulnerabilities in your attack surface without waiting for a scan. Leverage Skybox Research Lab's vulnerability and threat intelligence, and automatically correlate it to your unique environment. With network modeling and advanced simulations, pinpoint exposed vulnerabilities and other attack vectors. And use context to prioritize vulnerabilities in terms of actual risk and respond to threats with accuracy and efficiency.

For more information or to view a demo, visit www.skyboxsecurity.com.

Skybox Security Suite Customers

ADP, Blue Cross Blue Shield, BT, USAID, Delta Dental, EDF Energy, EMC, HSBC, Johnson & Johnson

Skybox Security Suite Video

Archived Skybox Security Suite Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Pawan-Kumar - PeerSpot reviewer
Product specialist at Rah Infotech Pvt Ltd
Reseller
A stable and feature-rich solution that is easy to use and supports a large number of vendors
Pros and Cons
  • "The most valuable features are Firewall Assurance and Vulnerability Control."
  • "The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving."

What is our primary use case?

The primary use of this solution is as a firewall and for cybersecurity. We are a solution provider and this is one of the security solutions that we implement for our customers.

How has it helped my organization?

Our customers have not had any complaints about the Skybox Security Suite.

What is most valuable?

The most valuable features are Firewall Assurance and Vulnerability Control. This solution is easy to use. This device has support for 130 vendors.

What needs improvement?

The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving.
Buyer's Guide
Skybox Security Suite
June 2022
Learn what your peers think about Skybox Security Suite. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
607,127 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Skybox Security Suite for about six months.

What do I think about the stability of the solution?

Our customers have not faced any issues with stability.

How are customer service and support?

We have not had to contact technical support.

How was the initial setup?

The initial setup is easy.

What about the implementation team?

We have an in-house team to deploy this solution. We have four or five engineers who can deploy and perform maintenance.

What's my experience with pricing, setup cost, and licensing?

The price is not expensive.

What other advice do I have?

This solution is pretty good. Our customers have found that Skybox has a lot of good features and I don't expect that any of them will be changing to another product. I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Information Security Officer at Sony Corporation of America
Real User
Stable, with good port division management but requires more automation features
Pros and Cons
  • "The port division management was the solution's most valuable aspect for our organization."
  • "The solution was quite technical. It would be easier to manage if the solution was more specific about aspects of the solution and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything."

What is our primary use case?

We primarily used the solution for model sites, on the configuration side of things. We also used it to review certain port services, etc.

What is most valuable?

The port division management was the solution's most valuable aspect for our organization.

What needs improvement?

The solution was quite technical. It would be easier to manage if the solution was more specific about certain aspects and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything.

The solution requires more integration in terms of automation features.

It would be great to have proxies, IDs, IPs, firewalls, certain network centers, etc. on the solution. If more of that can be looked at or reviewed from a Skybox standpoint it would be helpful. The solution needs to expand its scope.

For how long have I used the solution?

We had been using the solution for about a year. It hadn't been too long.

What do I think about the stability of the solution?

For us, the stability of the solution was okay. Our organization managed to use it just fine.

What do I think about the scalability of the solution?

The solution isn't great at scalability. I'm not saying it is not scalable, but then, of course, companies have to test and see. For us, when it came to scalability, there were always question marks as to if it could be done effectively. We were never 100% confident in its capabilities. For us, and the environment we worked in, we were somewhat sensitive to scaling with this solution.

There were two types of users for this solution in our organization. One type of user had full access to the tool and they were the leadership team, IT and security. The other type of user had access to automated reports. There were about 200 people who had access to this.

How are customer service and technical support?

We were never in touch with technical support. I can't speak to how helpful they were. We had a team that dealt with technical support, but I don't recall ever hearing from them about how good or bad the service was.

Which solution did I use previously and why did I switch?

We've since moved from Skybox to another solution, therefore, we aren't using it anymore. About four to six months ago, we migrated from Skybox to another tool called AlgoSec.

What other advice do I have?

I'd advise other companies to scan the solution from time to time and be mindful of it. It's also important to make sure the services of the tool are enabled for the actions a company will need to handle or monitor.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Skybox Security Suite
June 2022
Learn what your peers think about Skybox Security Suite. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
607,127 professionals have used our research since 2012.
Enterprise Architect - Information Security at a transportation company with 5,001-10,000 employees
Real User
Simple to use and scalable but needs more detailed reporting
Pros and Cons
  • "The solution's simplicity of use is its most valuable feature."
  • "The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."

What is our primary use case?

We primarily use the solution for our management and optimization.

What is most valuable?

The solution's simplicity of use is its most valuable feature.

What needs improvement?

The solution needs more detailed reporting. In Skybox the reporting is good, but it could be improved.

The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.

For how long have I used the solution?

I've been using the solution for about four years now.

What do I think about the stability of the solution?

We've found the product to be quite stable. We haven't come across any bugs or glitches. We also haven't experienced any crashes that would lead us to believe there was instability.

What do I think about the scalability of the solution?

The scalability of the solution is very good. There's nothing stopping a company from expanding if they need to.

How are customer service and technical support?

Reaching out to the solution's technical support wasn't in my remit. I'm the enterprise architect, so I don't get involved in tech support issues.

Which other solutions did I evaluate?

We did evaluate other solutions before choosing this one. In fact, I'd recommend other companies to also take a look at Tufin and AlgoSec. Evaluating each of these will help organizations pick the best solution for their needs.

What other advice do I have?

We're just a customer. We're not a partner or reseller of the solution.

I'd rate the solution seven out of ten.

I'd recommend those considering the solution to also look at Tufin and AlgoSec. I'd advise anyone considering any of these three options to compare them together and request a detailed proof of concept.

In general, I'd recommend the product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vishal Bindra - PeerSpot reviewer
CEO at a tech services company with 51-200 employees
Real User
Helps us analyze impact of network changes and firewall changes, but support needs work
Pros and Cons
  • "Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool."

    What is our primary use case?

    We use it for change management control and firewall policy management.This helps is keeping the compliance is Check

    How has it helped my organization?

    When we are adding new users to the network it has an impact on the security posture of the organization. So we use this product to do analysis, what kind of impact it will have on the security. What are the particular applications which may be required in terms of access controls, what are the changes, what are the policies we should put on the firewall? And in case we need to have a temporary policy, we can then revert back to the original one. All of these things have really helped us improve the security and network systems.

    What is most valuable?

    Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool. It's the most important one to use.

    What needs improvement?

    We really need to see how it can help us with cloud connectivity. It's there but I think it could give us a far better visualization.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It's a stable product.

    What do I think about the scalability of the solution?

    We've had no issues with scalability.

    How are customer service and technical support?

    Technical support is not something which I would rate very high. Support is available but they need to ensure that they bring in their local team to give us support. I wouldn't say that it is bad, but it's not top-notch.

    Which solution did I use previously and why did I switch?

    We were not using any solution before this one.

    How was the initial setup?

    The initial setup was complex, a little complex, but I think that is what the product entails. There was good documentation available on site from Skybox.

    What about the implementation team?

    We have a great in-house team with deep experience

    What's my experience with pricing, setup cost, and licensing?

    Pricing is on the higher side.

    In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at.

    Which other solutions did I evaluate?

    We did evaluate other products, including Tufin, but we chose this one.

    What other advice do I have?

    Anyone implementing this product should bring together the teams which have security and network understanding, as a part of the project and, of course, they should look into the product properly before they implement it.

    I rate this product at about seven out of ten. The product is good but pricing and technical support are the ones which take marks off.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    Director of Solutions Integration at a tech services company with 51-200 employees
    Reseller
    Provides insight and context from multiple threat logs and prioritizes remediation
    Pros and Cons
    • "Correlates logs and threats and prioritizes; provides network maps;p provides change result context and resulting vulnerability."

      What is our primary use case?

      Aside from Firewall Assurance, we use Vulnerability Control and Change Manager to prioritize and focus on key risks.

      How has it helped my organization?

      Focuses resources on business-critical remediation, as opposed to remediation that is quantity-based.

      What is most valuable?

      The platform provides insight and context from many threat logs and prioritizes them. 

      There is not anything on the market that 

      • correlates logs and threats and prioritizes 
      • provides network maps
      • provides change result context and resulting vulnerability 

      for the network/enterprise.

      What needs improvement?

      As a reseller, I feel the marketing of this product could be better. It seems awareness is a bit low. We are trying to get the message out. I equate it to the early Palo Alto Networks days, where we had to market the concept of what a next-gen firewall was before we could get customers to buy in.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      No issues with stability.

      What do I think about the scalability of the solution?

      No issues with scalability.

      How are customer service and technical support?

      Technical support is excellent.

      Which solution did I use previously and why did I switch?

      We use several different solutions: Qualys, ServiceNow, Rapid7. We did not switch but have Skybox ingest all logs to provide an action plan.

      How was the initial setup?

      The setup is straightforward; clear instructions.

      Which other solutions did I evaluate?

      FireMon, RedSeal.

      What other advice do I have?

      Educate other IT teams about its value.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
      Senior Information Security Analyst at a energy/utilities company with 501-1,000 employees
      Real User
      Does a great job of reaching into firewalls and network devices to produce risk and compliance recommendations along with a single plane of glass for queries
      Pros and Cons
      • "Security review is the most important feature, because it offers a single pane of glass to analyze multiple firewalls."
      • "This type of tool does a great job of reaching into those other devices producing risk recommendations, compliance recommendations, and a single plane of glass to do your queries, so you can find where these rules might exist."
      • "The vendor's support is terrible."

      What is our primary use case?

      The primary use case is security and network for security.

      How has it helped my organization?

      It has grown organically and become a full featured suite. If you have the funding, you can make it do all types of great things.

      What is most valuable?

      Security review is the most important feature, because it offers a single pane of glass to analyze multiple firewalls.

      What needs improvement?

      The vendor's support is terrible. The rest of the product is fine.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      With certain versions, we have encountered stability.

      What do I think about the scalability of the solution?

      The stability is fine for my organization.

      How are customer service and technical support?

      The technical support is not good. I would rate them as a three out of 10.

      Which solution did I use previously and why did I switch?

      We did not previously use a different solution.

      How was the initial setup?

      The initial setup is easy.

      What's my experience with pricing, setup cost, and licensing?

      The pricing has increased exorbitantly in the last few years, so now it is questionable. Now, it makes me want to review other products.

      With licensing, the number of network nodes becomes very expensive to the point where you have to rationalize if the tools are warranted anymore.

      Fully understand the total cost of ownership. They have gone to a new model where you have to replace the hardware every X amount of years at a very substantial cost and fully understand your intended number of nodes. To operate a firewall, you have to pay two licenses, a firewall node and a network node. If you are a reasonable-sized organization, this gets expensive very quickly.

      We go through an evaluated reseller to purchase the product.

      Which other solutions did I evaluate?

      We did evaluate other options many years ago when Skybox was the leader in this space, but today, there are others that can compete.

      I am looking at using other competitive products from other vendors. The reason would be because other people are using them and we need to or consolidate our tools.

      What other advice do I have?

      I really like the product. I do not have the experience with its competitors, either in function or pricing. It is a very useful tool, especially for those who do not have access to the devices they are monitoring. Because of separation of duties, you often do not have access to the firewalls or network devices. This type of tool does a great job of reaching into those other devices producing risk recommendations, compliance recommendations, and a single plane of glass to do your queries, so you can find where these rules might exist.

      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      Information Security Consultant at a insurance company with 1,001-5,000 employees
      Consultant
      Helps us make sure that all of our devices are configured as they should be
      Pros and Cons
      • "The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines."
      • "Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything."
      • "I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been."

      What is our primary use case?

      We use it to verify firewall compliance with NIST best practices for access and that our firewalls are configured correctly. We're also getting ready to roll out their Vulnerability Management package.

      We mostly use Firewall Assurance and we're getting ready to start using Vulnerability Control.

      How has it helped my organization?

      What we have done is found a lot of misconfigured stuff on firewalls. Our company, Verisk, is a company that buys other companies. We have 70 or so companies at last count and most of them are founder-based companies we bought. They had little to no idea of how to actually secure a firewall correctly. Using Skybox, when we bring them on we take a look at how their firewalls are configured and then make recommendations as far as what they need to do to tighten it up. That is the main function we've been using it for and that is where we have gotten the most benefit out of it.

      From Firewall Assurance, the only other real benefit you get is eliminating shadowed rules and redundant rules. You can optimize a little bit based on real usage to move the rules that are used more towards the top of the access lists so that the firewall processes them a little faster. It's a small benefit but it's definitely something that, depending on your business, may be important to you.

      What is most valuable?

      The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines.

      What needs improvement?

      Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything.

      In our business, our company buys a lot of other companies and a lot of them manage themselves. Unfortunately, for Firewall Assurance in particular, if you need a group of people to be able to manage their firewalls and only theirs, it's almost impossible because to add a new firewall you have to be an admin, and you can't limit what an admin sees. If I want a particular company to be able to add their firewalls, they're going to see everybody else's firewalls as well, which is much more access than they need. That is one thing I would love to see fixed.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      Stability is good. They do come out with a lot of patches and the updating process, while not a pain, is pretty frequent.

      What do I think about the scalability of the solution?

      We had to separate our initial appliance into the server and a separate collector just because we have, at last count, about 120 firewalls in there. Collecting all the firewall information in all the logs daily during off hours, it started to get a little choked up. When we separated the server and the collector onto two different machines that fixed the problem.

      How are customer service and technical support?

      On a scale of one to 10, I would rate Skybox technical support at about eight. It's not perfect, but good. They are not always able to answer questions on first contact but the questions always get answered. The answer is not always what I want to hear, but they do get answered.

      Which solution did I use previously and why did I switch?

      I used the AlgoSec. AlgoSec wasn't broken up into modules, it was one solution. It was good; again, not perfect, but then their prices just got ridiculous. The fact that Skybox is broken up into modules and you only have to pay for what you're actually going to use, that was the main reason for switching. The pricing was secondary. AlsoSec doesn't do everything that Skybox does, but they were charging a lot more.

      How was the initial setup?

      Setup is relatively straightforward. There were a couple of things that I found a little difficult. They have an Add Firewall Wizard, but if you want to create a task list or a task group that runs on a certain schedule, it's almost easier to import the firewall as a task rather than using the wizard. You almost have to do the work twice if you do use the wizard. 

      The other difficulty was, it really wasn't made clear that separating the server and the collector, for a certain number of firewalls or over, was a best practice. Having to go back and redo that was a little bit of a surprise.

      But overall, it's relatively easy to use. There is a little bit of learning curve to figure out how to get the right information out of the reporting. But once you do it, it works.

      What's my experience with pricing, setup cost, and licensing?

      As with anything else, I would love it to be less expensive, but do I think pricing is a good value? Sure.

      I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been. When you get the licenses you just put in the license numbers so it's working. That part is easy. It's getting the correct licenses that can be a little cumbersome.

      Which other solutions did I evaluate?

      We looked at AlgoSec, but their pricing was too high. And previously I had looked at Tufin but they just didn't have the wealth of features that either Skybox or AlgoSec have. Overall, we evaluated other stuff. It's just that Skybox made the most sense for us.

      What other advice do I have?

      • Determine what your needs are.
      • Buy only the products you need, when you need them.
      • Make sure that your sales engineer goes over best practices with you so that you do it right the first time.
      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      it_user870714 - PeerSpot reviewer
      Director, Security Architecture at a tech services company with 51-200 employees
      Consultant
      Prioritizes vulnerabilities and grants visibility into both traffic and rule sets
      Pros and Cons
      • "Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network."
      • "instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that.""
      • "The ability to appropriately prioritize vulnerabilities inside the environment, and then to have visibility into the traffic and rule sets of an organization, are two of the top capabilities that I recommend. Skybox is the only one that does both of those in a single platform."
      • "The way that it's built with three-tier architecture, it makes it very horizontally scalable, so I can have multiple fallbacks. If one machine does fall offline, there are four other machines that are doing the exact same job to pick it up"
      • "The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out."

      What is our primary use case?

      We have been reselling Skybox for probably about five years now, so I'm pretty familiar with it. I've done numerous POCs and I've had hands-on with it quite a bit.

      Because I get to work with a bunch of different customers, I get to see just about every use case for Skybox. The first one, which is pretty simple, is auditing firewall rule sets; taking a look at all the configurations that are on the firewalls and ensuring that they're locked down. What we run into a lot of times are firewalls that are set up with excessive permissions, meaning they allow a lot more traffic than they should. Skybox is essential to tearing that down.

      Network visibility is another big use case, learning where all the assets are located on the network and how they can talk to each other. 

      The last one that I deal with quite a bit is the vulnerability/exposure-monitoring piece. Looking at those vulnerabilities that are on the network, providing the context of network-based mitigation, and then reprioritizing or recasting those vulnerabilities.

      How has it helped my organization?

      Specifically, in the Vulnerability Management piece, vulnerability management products are very noisy and they provide this arbitrary score called the CVSS that rates the criticality of the vulnerability. How bad would it be if somebody were to exploit this vulnerability? That doesn't matter if I have something on the network that prevents that vulnerability from being exploited. What Skybox does is to allow organizations, including three of my largest customers, to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network.

      Also, for the vulnerability, it's the operational efficiency of the patching team. Patch management programs are very expensive to run from a headcount cost, and also from a potential downtime cost, and there is a never-ending stream of vulnerabilities. The ability to contextualize those and recast them in a meaningful way to my organization, and to all my customers, has been very valuable in increasing the efficiency of the patching process.

      With the Firewall Assurance, that changes the way applications are introduced into the environment. So instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that."

      What is most valuable?

      The Vulnerability Management module is among the ones we talk about the most and the one that customers are biting off on quite a bit.

      Skybox, in general, has quite a few features that are particularly useful to large clients, but their scalability is unparalleled in the space. They have massive scalability, thousands of devices that they can pull from, hundreds of thousands of IP addresses for the vulnerability results and casting; that in itself is very unique. The way they do vulnerabilities, providing the additional context of the network mitigations is fairly unique and valuable.

      What needs improvement?

      The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out. It looks really good right now. I've seen the previews. I've seen what's going GA. Really, it's just building in that feature parody, to take all the features that are currently in the thick client and move them into to the thin client of Web-based GUI.

      What do I think about the stability of the solution?

      Skybox is in three of my largest clients and they have hundreds of thousands of IPs and thousands of devices reporting into it. It has never been unstable for them. It's always available.

      What do I think about the scalability of the solution?

      It scales just fine. The way that it's built with three-tier architecture, it makes it very horizontally scalable, so I can have multiple fallbacks. If one machine does fall offline, there are four other machines that are doing the exact same job to pick it up. But I've never had a problem where fault tolerance was necessary. It's just an available option that makes everything a bit more robust.

      How are customer service and technical support?

      I've only had to call in twice, and the first-line support was able to resolve the issue within around 10 minutes. It was a pretty quick phone call, and it was immediate. Their tech support has been phenomenal.

      Which solution did I use previously and why did I switch?

      I'm a reseller of this product but I represent a hundred security products to my customers. The other ones that I've looked at or used, or I have seen used in the past, are Kenna Security, FireMon, AlgoSec, Tufin. There are a couple others too, but these are off the top of my head.

      How was the initial setup?

      Setup is not complex, but it is a little bit more time consuming because of the three-tier architecture. It scales really well, but that means there are more pieces to install during the setup, although it's not hard. Everything is just "click, click, click, next." You get through it really quickly. It's just a lot to do.

      It also depends on how you deploy it. If you stand it up bare metal, it's a lot to do, but it's not exceedingly difficult. If you stand it up as an OVA, it's a five-minute installation. 

      So it depends on which route you go on the installation.

      What's my experience with pricing, setup cost, and licensing?

      In terms of licensing, it's about defining use cases. If somebody were to say, "Hey, how should I go about the licensing?" I would say, "Define what use cases you're looking for. Look at Skybox's entire portfolio and decide what is important, or what would improve your organization and then just license accordingly."

      I have some customers who only purchased Firewall Assurance. That was all they're interested in, and they eventually grew into the Vulnerability Management. Then I had the exact opposite where they started off with Vulnerability Management, looking to improve their operations efficiency, and then they eventually branched into the Firewall Assurance module.

      What other advice do I have?

      The only piece of advice I would have is, feed it all of the data sources. Skybox can take in a lot of information; structured, unstructured. It has a ton of integration partners. Even if you don't know if you'll need to use them all, just integrate everything you can into Skybox as a centralized platform, because it does quite a bit more, the more data you feed it. You increase its capabilities when you give it more data sources to look at.

      I'd rate Skybox at 10 out of 10. I'm the Director of Security Architecture, so I'm very customer-facing and senior when it comes to product management and security architecture development. I tend to develop a baseline of programs whose capabilities I feel every organization should have. The ability to appropriately prioritize vulnerabilities inside the environment, and then to have visibility into the traffic and rule sets of an organization, are two of the top capabilities that I recommend. Skybox is the only one that does both of those in a single platform.

      When I go into an organization, especially larger ones that are 5,000 or 10,000-plus employees, the first things I'm looking for are: How are you doing your vulnerability scanning and what visibility do you have in your firewall traffic? Typically, the answer to both of those is, "We don't have a lot there," and Skybox is one of the first things I'll recommend because it's almost imperative to get operational efficiencies. Firewalls are very basic. Firewalls are the front line against inbound traffic. If you don't have something like Skybox inline, able to see what's going on with your traffic flows, you can't appropriately implement those firewalls. So Skybox is typically one of my first three recommended products for just about every client I step in front of.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
      it_user873423 - PeerSpot reviewer
      CEO at a tech services company with 51-200 employees
      Real User
      Prioritizes associated risk from identified vulnerabilities, making them easier to manage

      What is our primary use case?

      We use it for Vulnerability Management.

      How has it helped my organization?

      Standard scanning solutions are not able to give any priority in terms of associated risk from identified vulnerabilities. Understanding the real exposure from vulnerabilities and associated assets can reduce the time and investment needed to mitigate risks.

      Also, by reducing the number of vulnerabilities that have to be analyzed and managed we have the chance to create a process of management.

      What is most valuable?

      Identifies direct exposed vulnerabilities.

      What needs improvement?

      Firewall Change Management has to be improved with rules provisioning on firewalls because that is where the competition is going and is what customers need.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      No issues with stability.

      What do I think about the scalability of the solution?

      No issues with scalability.

      How is customer service and technical support?

      Technical support is good.

      How was the initial setup?

      Initial setup was simple because we approached the project in small steps.

      What's my experience with pricing, setup cost, and licensing?

      The pricing is okay.

      Which other solutions did I evaluate?

      We evaluated Tufin, Algosec for Firewall Assurance. We did not evaluate other products for VC.

      What other advice do I have?

      Involve network, security, and operations at the same table for smooth project startup.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
      Information Security Architect at a non-profit with 201-500 employees
      Real User
      Streamlines reporting on ACL usage and on shadowed and redundant rules on the firewall
      Pros and Cons
      • "Key features for us include the firewall change audit every week. Also, being able to track firewall ACL usage, so that we can produce semiannual reports on ACL usage and shadowed and redundant rules on the firewall."
      • "If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge."

      What is our primary use case?

      Auditing firewall changes on a weekly basis. We use the Network and the Firewall modules. Firewall as I said, and we use the Network and Firewall for PCI compliance reporting.

      How has it helped my organization?

      It has automated things. What was a manual process is now just running a report and delivering it to the people who have to mitigate the issues. A better workflow.

      What is most valuable?

      It's the firewall change audit every week. Also, being able to track firewall ACL usage, so that we can produce semiannual reports on ACL usage and on shadowed and redundant rules on the firewall.

      What needs improvement?

      It's tough to say, because the areas of improvement, I understand the difficulty. For example, they pull configs from thousands of types of devices, and it's difficult for them to stay on top of when vendors change the way their commands work. If anything, it would be staying on top of the collector scripts, but I understand that's a very tough challenge.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      We had an issue one time, but it was related to a major release upgrade. But that happens every now and then with vendors. 

      What do I think about the scalability of the solution?

      We've had no need to scale it.

      How is customer service and technical support?

       Excellent. They're right on top of it. Very reactive.

      How was the initial setup?

      Straightforward.

      What's my experience with pricing, setup cost, and licensing?

      The product's pricing is excellent value.

      In terms of licensing, make sure you understand your network components, all your hops through your network, thoroughly, before you decide on the total cost. If you want to do point-to-point flow analysis and such, you need to have the configuration of all the devices in between point A and point B. A lot of people don't realize all their network components until they start using this product.

      Which other solutions did I evaluate?

      We evaluated FireMon versus Skybox when we selected Skybox - they were really the two that were best at doing automated reporting for PCI. It was a compliance issue. We thought Skybox really fit our needs best.

      What other advice do I have?

      Other than what I said - ensuring that you have a really good understanding of all the network components that you have to ingest configurations from - definitely take it out for a proof of concept for 30 days. There are a lot of features in here that we don't use, Change Management and stuff like that, that you want to take a look at and see if they fit your needs.

      I would say the reason I can't go higher than eight out of 10 is that their major release announcements aren't always straightforward. You usually discover that there is a new major release when going to their website and you discover it on your own. So they're not really good at major release announcements. 

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user844593 - PeerSpot reviewer
      Networks Vice President at a tech services company with 1,001-5,000 employees
      Real User
      Network path analysis done by our customers will help them submit better service requests
      Pros and Cons
      • "Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset."

        What is our primary use case?

        The use case is firewall rule lifecycle management.

        How has it helped my organization?

        This is something we are on the way to doing.

        What is most valuable?

        Network path analysis is the most valuable feature. There is a lot of work in my team to support internal and external customers, to answer their questions and difficulties with connectivity that doesn’t work. Mostly, the problem is missing orders. So if the customer can do the network path analysis for himself, the customer is able to write the request for the missing connectivity, without any support from my team.

        Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset. 

        What needs improvement?

        At the moment we have a lot of work in implementing the tool in our workflow, so we are not looking for new features. But this could change in the next six to 12 months.

        What do I think about the stability of the solution?

        We have had some issues implementing the tool, but we are in contact with Professional Services to fix them.

        What do I think about the scalability of the solution?

        No issues with scalability at the moment.

        How are customer service and technical support?

        We are still in project mode, and we have direct contact.

        Which solution did I use previously and why did I switch?

        No previous solution.

        How was the initial setup?

        It was not so straightforward, but we bought onsite support from Skybox Professional Services.

        What's my experience with pricing, setup cost, and licensing?

        The pricing is high, and the licensing model needs more flexibility.

        What other advice do I have?

        In my case it was important to know the workflow, and then to look for a tool that could support this workflow to make it easier.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Sharath K - PeerSpot reviewer
        Principal Specialist - IT Services at a tech services company with 10,001+ employees
        Real User
        Helps us clean up firewall rules and backup device config, but it needs a web interface
        Pros and Cons
        • "It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given us a more secure way of backing up the configuration on these devices."
        • "The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client application to be installed on a workstation to be able to access that server and then run these reports. So I cannot extend that access to anybody. It has to be one administrator all the time. So unlike a web interface, where you can give multiple users simultaneous access and generate the various reports, that isn't a possibility at the moment."
        • "The stability is something that is questionable. I don't know whether it is because of the kind of infrastructure we have or because of the product in itself. We're running it on a virtual machine right now. Maybe once a month, or once in every 45 days, it requires a restart because the application fails to connect. So I have to restart the whole Skybox Manager itself, the Skybox server itself, and then connect to it from our Skybox Manager."
        • "The setup documentation needs a lot of improvement."

        What is our primary use case?

        Primary use case for us is configuration management and configuration compliance.

        How has it helped my organization?

        It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given a more secure way of backing up the configuration on these devices.

        What is most valuable?

        For us, it's more important for our firewalls, to maintain the configuration compliance, to look at duplication of rules; clean up functionalities on the firewall and compliance of the firewall. That's where it's most important. We're still looking at making use of this tool for other purposes, but it's still a work in progress at this moment.

        We are using Network Assurance, primarily for our devices like routers and switches.

        Change Manager is still a work in progress for us. While we have that module, we're still working on customizing it. It's understandable and it works well, right now. We are looking at automating that whole change management procedure using a third-party API integration along with Skybox. So that's still a work in progress at the moment.

        What needs improvement?

        The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client application to be installed on a workstation to be able to access that server and then run these reports. So I cannot extend that access to anybody. It has to be one administrator all the time. So unlike a web interface, where you can give multiple users simultaneous access and generate the various reports, that isn't a possibility at the moment.

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        The stability is something that is questionable. I don't know whether it is because of the kind of infrastructure we have or because of the product in itself. We're running it on a virtual machine right now. Maybe once a month, or once in every 45 days, it requires a restart because the application fails to connect. So I have to restart the whole Skybox Manager itself, the Skybox server itself, and then connect to it from our Skybox Manager. As I said, I don't know whether it's because of our environment or if this is primarily how the application behaves on a VM environment. That's still a question mark at the moment.

        What do I think about the scalability of the solution?

        I don't think scalability is a problem area, to be quite frank. As to how much you can run, it primarily depends on the type of licenses you have. And they also have a hardware appliance which can take on any workload. So I don't think this is a problem area.

        How are customer service and technical support?

        The technical support is only telephoning. While I do have a local contact with whom speak, more often it's via the telephone. They do have a fairly decent turnaround time. I wouldn't rate them as the best people around in terms of turnaround time, but it's fairly decent. I haven't had too many negative experiences with them so I would rate them fairly satisfactory at the moment.

        Which solution did I use previously and why did I switch?

        We were not using any other solution, not something similar to Skybox at least. Our principle company was using a competitor product from Tufin. Their use case was fairly limited to firewalls. We wanted something beyond firewalls and also wanted an ability to manage and automate the change on the firewalls, etc. That is why we went for Skybox.

        How was the initial setup?

        It was definitely complex. It wasn't straightforward by any means. It's not something that a person who doesn't know the product can deploy. It's not a simple double-click on an MSI or an EXE and it starts running. The documentation needs a lot of improvement, the setup documentation. But we had brought in our Professional Services at the time of installation, so someone was here to do that installation. But if you were to ask me to do it from scratch, I would hesitate to do so because it was rather complicated even just looking at it.

        What's my experience with pricing, setup cost, and licensing?

        I think for the cost, what we got definitely is worth it. We're looking to expand it come next financial year, that will start from April of 2018. We'll need to look at how we will get better pricing this time around. So we're looking to expand the scope four-fold or five-fold, beyond what we have actually done initially.

        The only caution I would give is that whenever you license for Firewall Assurance at the same time, for some weird reason, you have to get one Network Assurance license, just to manage one firewall. That's a little bit of overkill. But otherwise, in general, the pricing is fairly okay. But I would prefer that they change that licensing model for a firewall not having to consume a Network Assurance license.

        Which other solutions did I evaluate?

        We did a proof of concept with Skybox and Tufin, both. In terms of setup times, in terms of the interface in itself, Tufin was much better. But Skybox had better features and we felt it fit in more for our use cases, which is why we went with Skybox.

        What other advice do I have?

        If you choose Skybox, then I would say spend a lot of time making sure that your network and your IT segment and all your devices and scope are properly documented. Make sure everybody fully understands how each of your networks are interconnected and exactly how your deployment happens. Because without that documentation, you will have a real hard time even explaining to a Professional Services guy how this needs to be set up. Because, like I said, this is not something which is straightforward.

        It does need some time, especially in an enterprise environment where you're primarily using an RFC 1918, which is a private address space. Most of the time you will see that address space being used across different LAN communication technologies, so you will see a lot of conflict. You might see a lot of duplication. That is where the real problems start. So I would rather spend more time analyzing the whole setup, sitting and making sure it's well documented, before even getting into documentation. That's what I would tell the prospective buyers of Skybox.

        Right now, based on my experience of having gone through, of having used it for the last one-and-a-half to two years, I would rate it about a seven out of 10. The reason for that is because of the lack of a web interface which is a big no-no for most companies. In today's world, nobody wants to use a fixed client to manage a security appliance. And the second one is because of the complexity of the whole setup itself. Otherwise, the product in itself is fairly good.

        Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        it_user796227 - PeerSpot reviewer
        IT Security Specialist with 10,001+ employees
        Real User
        We use Network Assurance for network visualisation and troubleshooting

        What is our primary use case?

        • Potential attack vector discovery
        • Network troubleshooting
        • Security check
        • Compliance

        Aside from Firewall Assurance, we use Network Assurance for network visualisation and troubleshooting. Currently, we are not using the Change Manager Module.

        How has it helped my organization?

        User interface. A web interface would be better.

        What is most valuable?

        • Change Tracking (audit logs)
        • Access Analyser (access checks)
        • Compliance

        For how long have I used the solution?

        One to three years.

        What do I think about the stability of the solution?

        No issues.

        What do I think about the scalability of the solution?

        No changes to check.

        How are customer service and technical support?

        It is sufficient.

        Which solution did I use previously and why did I switch?

        No.

        How was the initial setup?

        The initial setup was easy.

        Which other solutions did I evaluate?

        No.

        What other advice do I have?

        Check product compatibility. In our case, during implementation, we realised approximately 30 devices were not supported by the Skybox platform.

        Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        Buyer's Guide
        Download our free Skybox Security Suite Report and get advice and tips from experienced pros sharing their opinions.
        Updated: June 2022
        Buyer's Guide
        Download our free Skybox Security Suite Report and get advice and tips from experienced pros sharing their opinions.