Skyhigh Security Reviews

Box API access with DLP capabilities

Shadow IT

Our organization is moving much of its non-sensitive data to Box and we needed the ability to have full visibility into what was occurring within the Box infrastructure. With the Skyhigh to Box API integration, we can not only see everything that occurs but we can setup many DLP policies to block or monitor what is occurring in Box. You can also run a custom DLP query against your Box infrastructure to look for specific DLP issues that may have been created since the older data was loaded.

Reports. The reports are useful but they do not always give the information in the format that I'm looking for and can take a while to run.

Probably my two biggest issues are as follows:

1. Even if you narrow down the scope of the report so that there is not too much data, when a report is generating, sometimes it will get hung; thus you have to delete it and run it again. This does not happen too often but when it does, it can be rather inconvenient. Especially since when I need to manually run a report, there is often a time sensitive reason that cannot wait for a report to generate twice.
2. SkyHigh has the ability to place users or groups on a ‘Watchlist’; which allows you to see certain views with these Watchlists users/groups in them. This is great when you are looking at live data but if I wanted to generate a report on ONLY the watchlists (or specific sub-watchlists), it is not possible. One of our main Watchlists is everyone on the IT Team. Since IT users tend to have more access and control over the environment (myself included) we like being able to single out these users when looking at data. My CIO especially, would love to have a report over specific services, bandwidth, etc… that the IT team is doing every week or month; so that he knows that we are not doing anything malicious. This feature should be provided soon but it is still not in Production.

2.5 years

No. We currently use Blue Coat Cloud Proxy and are able to download the Blue Coat logs to the Skyhigh Log Aggregator, and they are immediately sent to Skyhigh. Even if there is an issue where Skyhigh is not receiving the logs, you will receive an email or phone call from their support letting you know they have not received any logs in X amount of time.

Originally, the interface would take longer than expected to load some of the more graphically intense metrics. However, Skyhigh has been improving their product and releasing upgrades on a consistent basis. Now the stability and speed are greatly improved. Looking forward to their next major release.

No. Since I am able to use my Blue Coat Logs (which encompasses every system on and off my network) I just have one location that I download my Blue Coat logs and then upload them to Skyhigh.

On a scale of 1-10, I would give them a 9. I have not had any issues and their support has been extremely helpful. There was one time where there seemed to be a decent amount of time between correspondences but it may have been the complexity of the issue. Otherwise, there have been no issues.

On a scale of 1-10, I would give them a 9. They have been able to fix just about any of my issues but there have been times where they would need to bring in higher level support or other support to assist.

No.

Straightforward. During the Proof of Concept, their guides and directions were very easy to follow and I was able to setup everything without much assistance.

Our implementation was in-house. Since the deployment of this CASB was rather simple, there was no need to bring in a third-party vendor. If you are trying to have a 'real-time' blocking scheme where SkyHigh pushes blocking scripts to Bluecoat Proxy SG or Palo Alto, then a third-party implementation team may be necessary. However, even setting up these integrations are not too difficult and a third-party integrations team may not be necessary.

With Pricing, the biggest thing to watch for is the difference in price per monitored user for the different API integrations. We currently only use the Box API but we thought about using the Salesforce one but it was drastically more expensive per user. We are starting to look at the 365 monitoring since we may migrate their soon but I have not looked at the pricing for it yet.

Yes, Netskope.

No.

It has a very user-friendly UI and is easier to pick up for people with less technical experience.

It’s a small improvement; however, it has augmented the pre-existing network monitoring services already in place to something more meaningful for higher levels of management.

Its capabilities are still rather limited compared to other solutions. It’s a reasonable monitoring service, but it would still need to be coupled with other solutions to be practical.

I found that when it comes to monitoring services on the network, Skyhigh gives a more comprehensive and practical break down of what risks the user is looking at. This is very useful when reporting metrics to upper management. However, it felt slightly lacking in the technical breakdown area as compared to other services we used at the time. Some of the explanations it gave for risks were too vague to address, so we would revert to another product we use regularly to get a more specific picture of a threat.

I have used Skyhigh for three months.

I can’t recall any stability issues.

We used this as an internal solution, so I can’t reasonably address scalability.

I rate technical support 7/10. I felt they were very accommodating when we worked with them, but as we were ramping up the product, we needed a lot of support to understand Skyhigh functionality. We had a dedicated resource communicating with us for some time, but there was a sudden switch and the knowledge transfer between them wasn’t comprehensive, leading to some lag in support.

We previously used a different solution but we did not drop it. We attempted to use the two solutions together.

I was not a part of initial setup, so I can’t speak to this point.

I was not part of pricing, so I can’t speak to this point

To my knowledge, Skyhigh was meant to help fill some of the performance gap shown by our other solutions, so we weren’t actively looking for products to do this so much as experimenting with a single new product we’d heard about.

Use this product in conjunction with others. It has good coverage in terms of monitoring, but other commercial products were used to mitigate threats to the network.

Skyhigh's shadow IT capability and cloud risk registry are the two most helpful tools for our organization.

We are able to see what cloud services are being used with much more clarity than with our proxies and more importantly identify that we are using many cloud services we were not aware were even cloud services. Especially collaboration services. The cloud risk registry has been great for getting a quick and clearer understanding of the risk of proposed services that we are looking at allowing. Previously we were paying for expensive industry reports.

The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities.

We deployed the FedRAMP GovCloud version, which was not quite up to date with the mainstream version and still had some bugs to work out. Some other features are still in the works. We also found that it is important to ensure your inputs to the system are all uniform as it would have made for a more rapid deployment.

Excellent.

Excellent.

Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.

The vendor team was excellent.

The most valuable feature of Skyhigh networks is the capability of giving an overview of all active cloud services on our network. Skyhigh analyzes syslog data from our firewall, and returns a report of the cloud service usage on our network. In other words, this takes the 'shadow' out of Shadow IT. It sheds some light on the current situation.

The report returned by Skyhigh not only shows which cloud services are in use, but also gives each individual cloud service a risk assessment in terms of risks associated with the service. The categories are Data Risk, User Risk, Legal Risk and Business Risk. With this overview of the associated risk for cloud services on our network, we can make some very conscious decisions about how we want to shape which services are used on the network. We can make sure that we offer safe alternatives to the services already in use. We want all our users to use cloud services, so that we can stay agile and flexible, but we also want to make sure we don't take any unnecessary risk.

Skyhigh furthers the protection of our sanctioned cloud services. Once we make a decision on which services we feel are a good match for our company, we can add extra protection to those services in the form of monitoring and threat prevention. Skyhigh can make sure that all data we put in our sanctioned cloud service is compliant with our company policy as well, as industry regulations. In other words, if one of our users accidentally puts data in the cloud that isn't compliant, we can remove this data before it causes problems. This is a win for our users and the company as a whole.

Skyhigh also monitors the usage of our sanctioned cloud services. They can spot any abnormal activity, such as users logging in from several different countries in a short period of time, or other suspicious activity.

We now have a good conscious about using Cloud services. Without an overview, you can only imagine what is going on. With monitoring, analysis and threat prevention, we know exactly what is going on and can prevent activity that we deem unacceptable or creates unnecessary risk. We have a much better overview of where our data is, both in terms of which service, but also in terms of geographical location.

The Web UI is still not quite as responsive as we would like. However, in praise of Skyhigh, they have taken this feedback into account. This is their biggest focus area for next major release.

I have been using it for one year.

In version 2.7, we had a few issues. However, none of these were major, and they were usually fixable within a very short period of time.

We have been able to provide Skyhigh solutions for customers of single office companies, as well as larger global companies, without any issues.

Technical support was very good. Our partnership with Skyhigh is extremely close, and their incident response is sublime.

The initial setup is quite easy. You must provide a log sample to Skyhigh, who then make sure their log parser is specifically suited to the customer. Once you have received a tenant, and the parser has been created by Skyhigh, the setup takes approximately one hour.

The Skyhigh licensing model is based on the number of subscriptions of administrative users on the network. There are two separate licenses: Discovery and Secure.

Discovery gives the overview of which Cloud services and on your network. Secure protects your sanctioned Cloud services. We have chosen both, but there is nothing limiting you from running either of the two licenses separately.

If you are currently using a sanctioned Cloud service, then we recommend getting both licenses (Secure and Discover). However, if your company doesn't have an official Cloud service in use, then we recommend only purchasing the Discover license. You can always purchase the Secure license at a later time, if your situation happens to change.

We are a consultancy company that wants to get into the CASB area. We did very thorough research on the products that were on the market. We have done this on an ongoing basis to check on the competition. We researched Netskope, Aperture and Elastica thoroughly, before concluding that Skyhigh is the most mature and feature-rich product.

One of the biggest factors in choosing Skyhigh was that Skyhigh integrates with your current infrastructure, rather than adding another agent or needing to send all traffic through a proxy. This simplifies setup, as well as ensuring that the product does not cause bottlenecks. It just adds value to your already existing security infrastructure.

Be prepared to involve management and your HR department. The data presented by Skyhigh, will most likely warrant change, both in terms of company culture, as well as adding restrictions to company policy. Once you have discussed policies and compliance, create some automation flows or workflows to ensure that all unwanted services or risk attributes are added to the block list on a regular basis.

The ability to identify shadow IT within our environment through proxy log analysis based on risk assessments provided by Skyhigh Registry have been invaluable in helping us reduce our overall data risk

Once implemented we were able to identify 100+ high risk cloud services used by our users.  Once identified we worked with our users to migrate their data to IT sanctioned services, then blocked all high risk services.

Sometimes the console performance is slow and updating custom attributes can be cumbersome as you have to do each attribute for a cloud service individually, the click the popup box to continue. 

The console performance is sometime slow, meaning that switch screens or generating reports can sometime feel sluggish.  Data and graphics takes time to load in the browser, and also performance can depend on which browser you are using. 

There is a customizable part of the SkyHigh global registry called custom attributes.  We use these attributes to identity and record details of our own interactions with the cloud service to show which we are reviewed, which services are approved, blocked, sanctioned, etc..  Entering information into these custom fields requires you to confirm changes for each field individually, a UI improvement could be to add a save or update button to the site instead of doing each field individually.

We use it to block malicious IP addresses and check for security leaks. 

It is easy to configure rules.

It is an expensive solution.

I have three years of experience with this solution.

Technical support was very good.

The initial setup was easy and took about two weeks.

It's an expensive solution.

It's the perfect tool for investigation of malicious IPs, and I rate it at ten on a scale from one to ten.

I like the encrypted disk feature and the endpoint protection.

The encrypted disk implementation could be improved. I currently use it from a dongle or USB key with two-factor authentication to access my computer.

I've been using MVISION Cloud for seven months.

It is a very stable solution.

We've had problems with scalability. We have 2000 users.

Technical support has been fast.

The initial setup was very complex from a rules point of view. There were problems with integration to the cloud and connecting to EIM solutions.

There are three other good products: Carbon Black, CrowdStrike, and SentinelOne. I think Carbon Black is the best, and I would rate MVISION Cloud at nine on a scale from one to ten.

I have been implementing this solution for protection as an ERP solution. I've been using it to protect and implement private apps.

The broader solution is quite useful. They provide service management for a variety of environments, including Office 365, Google, AWS, and Azure. 

It offers very good protection overall.

The management is very good.

We're able to provide the customer with best practices for coding.

It is a stable product.

Technical support is helpful.

The pricing is reasonable. 

The secure gateway could be improved. If they worked on that they would be more competitive.

They should offer more learning opportunities. If they could provide tools to help users interested in learning more about the technology, that would be ideal.

I'd rate the solution for around one year or maybe a bit less.

We have been facing some stability issues. However, via the support team, we're doing okay. It provides accurate warnings if there are some maintenance windows or service upgrades. It helps prevent unexpected disruption. 

I haven't really attempted to scale the solution. 

Technical support is excellent. They are very helpful and responsive. I have no complaints about their level of service. 

The initial setup is very straightforward and simple. I'd rate the ease of implementation nine out of ten. It's not overly complex. 

The pricing is good and the licensing is straightforward. I'd rate the affordability nine out of ten. 

I'd rate the solution eight out of ten.