I mainly use Skybox to harden firewall rules and for rule usage analysis and compliances. We also use it for configuration compliance for firewalls, most of the Cisco switches and routers, and enterprise firewall vendors.
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Impressive optimization and clean-up but UX needs improvement
Pros and Cons
- "The most impressive feature is optimization and clean-up."
- "Skybox should improve their UX features by making them easier to use."
What is our primary use case?
What is most valuable?
The most impressive feature is optimization and clean-up.
What needs improvement?
Skybox should improve their UX features by making them easier to use. They're also trying to transfer from Java GUI to web-based systems, but it's not consistent right now, so they need to develop and improve the features on that side. I mean, the native Java based GUI results and the new Web GUI results are not always the same. I have experienced some inconsistency results among them. So, I need to trust newer GUI for results.
For how long have I used the solution?
I've been using Skybox Security Suite for more than five years.
Buyer's Guide
Skybox Security Suite
November 2024
Learn what your peers think about Skybox Security Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
What do I think about the scalability of the solution?
Skybox is scalable.
How are customer service and support?
Skybox's technical support is fine, but getting help takes some time because they request rules and models and pack logs instead of offering a remote session.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was extremely straightforward - the installation took about twenty minutes, but the integration took some more time because there were lots of different vendors and integrations. We also had some problems with login and port rules, which delayed integration.
What's my experience with pricing, setup cost, and licensing?
Skybox comes with extra licenses and has a change management license. The licenses are expensive, but they come with extra value.
What other advice do I have?
Skybox is a full-feature product that comes with different modules like firewall and network assurance, network mapping, and a vulnerability control module. It's a very, very good solution for medium and large companies. I would advise anyone thinking of implementing Skybox to use a professional team to do the integration. I would rate Skybox seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Enterprise Architect - Information Security at a transportation company with 5,001-10,000 employees
Simple to use and scalable but needs more detailed reporting
Pros and Cons
- "The solution's simplicity of use is its most valuable feature."
- "The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."
What is our primary use case?
We primarily use the solution for our management and optimization.
What is most valuable?
The solution's simplicity of use is its most valuable feature.
What needs improvement?
The solution needs more detailed reporting. In Skybox the reporting is good, but it could be improved.
The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.
For how long have I used the solution?
I've been using the solution for about four years now.
What do I think about the stability of the solution?
We've found the product to be quite stable. We haven't come across any bugs or glitches. We also haven't experienced any crashes that would lead us to believe there was instability.
What do I think about the scalability of the solution?
The scalability of the solution is very good. There's nothing stopping a company from expanding if they need to.
How are customer service and technical support?
Reaching out to the solution's technical support wasn't in my remit. I'm the enterprise architect, so I don't get involved in tech support issues.
Which other solutions did I evaluate?
We did evaluate other solutions before choosing this one. In fact, I'd recommend other companies to also take a look at Tufin and AlgoSec. Evaluating each of these will help organizations pick the best solution for their needs.
What other advice do I have?
We're just a customer. We're not a partner or reseller of the solution.
I'd rate the solution seven out of ten.
I'd recommend those considering the solution to also look at Tufin and AlgoSec. I'd advise anyone considering any of these three options to compare them together and request a detailed proof of concept.
In general, I'd recommend the product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Skybox Security Suite
November 2024
Learn what your peers think about Skybox Security Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Director, Security Architecture at a tech services company with 51-200 employees
Prioritizes vulnerabilities and grants visibility into both traffic and rule sets
Pros and Cons
- "Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network."
- "instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that.""
- "The ability to appropriately prioritize vulnerabilities inside the environment, and then to have visibility into the traffic and rule sets of an organization, are two of the top capabilities that I recommend. Skybox is the only one that does both of those in a single platform."
- "The way that it's built with three-tier architecture, it makes it very horizontally scalable, so I can have multiple fallbacks. If one machine does fall offline, there are four other machines that are doing the exact same job to pick it up"
- "The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out."
What is our primary use case?
We have been reselling Skybox for probably about five years now, so I'm pretty familiar with it. I've done numerous POCs and I've had hands-on with it quite a bit.
Because I get to work with a bunch of different customers, I get to see just about every use case for Skybox. The first one, which is pretty simple, is auditing firewall rule sets; taking a look at all the configurations that are on the firewalls and ensuring that they're locked down. What we run into a lot of times are firewalls that are set up with excessive permissions, meaning they allow a lot more traffic than they should. Skybox is essential to tearing that down.
Network visibility is another big use case, learning where all the assets are located on the network and how they can talk to each other.
The last one that I deal with quite a bit is the vulnerability/exposure-monitoring piece. Looking at those vulnerabilities that are on the network, providing the context of network-based mitigation, and then reprioritizing or recasting those vulnerabilities.
How has it helped my organization?
Specifically, in the Vulnerability Management piece, vulnerability management products are very noisy and they provide this arbitrary score called the CVSS that rates the criticality of the vulnerability. How bad would it be if somebody were to exploit this vulnerability? That doesn't matter if I have something on the network that prevents that vulnerability from being exploited. What Skybox does is to allow organizations, including three of my largest customers, to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network.
Also, for the vulnerability, it's the operational efficiency of the patching team. Patch management programs are very expensive to run from a headcount cost, and also from a potential downtime cost, and there is a never-ending stream of vulnerabilities. The ability to contextualize those and recast them in a meaningful way to my organization, and to all my customers, has been very valuable in increasing the efficiency of the patching process.
With the Firewall Assurance, that changes the way applications are introduced into the environment. So instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that."
What is most valuable?
The Vulnerability Management module is among the ones we talk about the most and the one that customers are biting off on quite a bit.
Skybox, in general, has quite a few features that are particularly useful to large clients, but their scalability is unparalleled in the space. They have massive scalability, thousands of devices that they can pull from, hundreds of thousands of IP addresses for the vulnerability results and casting; that in itself is very unique. The way they do vulnerabilities, providing the additional context of the network mitigations is fairly unique and valuable.
What needs improvement?
The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out. It looks really good right now. I've seen the previews. I've seen what's going GA. Really, it's just building in that feature parody, to take all the features that are currently in the thick client and move them into to the thin client of Web-based GUI.
What do I think about the stability of the solution?
Skybox is in three of my largest clients and they have hundreds of thousands of IPs and thousands of devices reporting into it. It has never been unstable for them. It's always available.
What do I think about the scalability of the solution?
It scales just fine. The way that it's built with three-tier architecture, it makes it very horizontally scalable, so I can have multiple fallbacks. If one machine does fall offline, there are four other machines that are doing the exact same job to pick it up. But I've never had a problem where fault tolerance was necessary. It's just an available option that makes everything a bit more robust.
How are customer service and technical support?
I've only had to call in twice, and the first-line support was able to resolve the issue within around 10 minutes. It was a pretty quick phone call, and it was immediate. Their tech support has been phenomenal.
Which solution did I use previously and why did I switch?
I'm a reseller of this product but I represent a hundred security products to my customers. The other ones that I've looked at or used, or I have seen used in the past, are Kenna Security, FireMon, AlgoSec, Tufin. There are a couple others too, but these are off the top of my head.
How was the initial setup?
Setup is not complex, but it is a little bit more time consuming because of the three-tier architecture. It scales really well, but that means there are more pieces to install during the setup, although it's not hard. Everything is just "click, click, click, next." You get through it really quickly. It's just a lot to do.
It also depends on how you deploy it. If you stand it up bare metal, it's a lot to do, but it's not exceedingly difficult. If you stand it up as an OVA, it's a five-minute installation.
So it depends on which route you go on the installation.
What's my experience with pricing, setup cost, and licensing?
In terms of licensing, it's about defining use cases. If somebody were to say, "Hey, how should I go about the licensing?" I would say, "Define what use cases you're looking for. Look at Skybox's entire portfolio and decide what is important, or what would improve your organization and then just license accordingly."
I have some customers who only purchased Firewall Assurance. That was all they're interested in, and they eventually grew into the Vulnerability Management. Then I had the exact opposite where they started off with Vulnerability Management, looking to improve their operations efficiency, and then they eventually branched into the Firewall Assurance module.
What other advice do I have?
The only piece of advice I would have is, feed it all of the data sources. Skybox can take in a lot of information; structured, unstructured. It has a ton of integration partners. Even if you don't know if you'll need to use them all, just integrate everything you can into Skybox as a centralized platform, because it does quite a bit more, the more data you feed it. You increase its capabilities when you give it more data sources to look at.
I'd rate Skybox at 10 out of 10. I'm the Director of Security Architecture, so I'm very customer-facing and senior when it comes to product management and security architecture development. I tend to develop a baseline of programs whose capabilities I feel every organization should have. The ability to appropriately prioritize vulnerabilities inside the environment, and then to have visibility into the traffic and rule sets of an organization, are two of the top capabilities that I recommend. Skybox is the only one that does both of those in a single platform.
When I go into an organization, especially larger ones that are 5,000 or 10,000-plus employees, the first things I'm looking for are: How are you doing your vulnerability scanning and what visibility do you have in your firewall traffic? Typically, the answer to both of those is, "We don't have a lot there," and Skybox is one of the first things I'll recommend because it's almost imperative to get operational efficiencies. Firewalls are very basic. Firewalls are the front line against inbound traffic. If you don't have something like Skybox inline, able to see what's going on with your traffic flows, you can't appropriately implement those firewalls. So Skybox is typically one of my first three recommended products for just about every client I step in front of.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Principal Consultant at Wipro
Implementation is straightforward but needs custom dashboards
Pros and Cons
- "We are currently working on rule review and compliance. The logging features are good."
- "There are multiple dashboards but no custom dashboard. It would be good to include a custom dashboard so that we can actually choose which field and what kinds of things we want to look at."
What is our primary use case?
It's for integrating with firewall logs, and we are looking for automation where we can actually select all of the network architecture. Then, we can understand the rules that are available. We can look at the complexity as to whether the rules are compliant as per the standards or not. It's depends on the compliant order.
What is most valuable?
We are currently working on rule review and compliance. The logging features are good.
What needs improvement?
As for room for improvement, there are issues in logging. The logs are not coming into the log.
There are multiple dashboards but no custom dashboard. It would be good to include a custom dashboard so that we can actually choose which field and what kinds of things we want to look at.
For how long have I used the solution?
We've been using it for probably more than six months.
What do I think about the scalability of the solution?
In terms of scalability, I would give it a six out of ten. The logging features are good, but zones and zone mapping to get interactive topology are not straightforward.
How are customer service and support?
I would give technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used AlgoSec at another company. Skybox Security Suite is nicer than AlgoSec.
How was the initial setup?
The initial setup is pretty straightforward. It gets more complex only when you try to integrate with the logs.
What other advice do I have?
The implementation of Skybox is straightforward and you can integrate and get the logs and compliance reporting.
The integration might be a little tricky and may need tweaking.
Overall, I give Skybox Security Suite a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager at a tech services company with 1,001-5,000 employees
Complex environment, difficult to install, and expensive, but it's reliable
Pros and Cons
- "The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills."
- "They are not satisfied with the complexity of the solution and the price."
What is most valuable?
The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills.
What needs improvement?
They are not satisfied with the complexity of the solution and the price.
To be used, we must have proper skills that require additional support, and the entire potential of the tool is not utilized and addressed. As a result of a lack of skills, it is complex.
Network auditing, which AlgoSec does, could be included, or perhaps Sky Box does but we don't know how to use it.
For how long have I used the solution?
The company has been using Skybox Security Suite for quite a while, and they are thinking about changing the solution.
They have been working with it for at least three years.
What do I think about the scalability of the solution?
We are in a complex environment, and we have three teams, with approximately 30 people using it on various entities.
How are customer service and support?
We did not contact technical support. We attempted to have the necessary skills in-house, but it was insufficient. That is why we are seeking alternatives.
Which solution did I use previously and why did I switch?
We also, work with Tufin. We have not been working with it for that long, we are in the POC phase. We are testing the tool.
We are also considering AlgoSec. I believe that is our current favorite, but we don't have a final decision at this time, but it appears to be AlgoSec.
How was the initial setup?
The environment is very complex.
The deployment took a long time. We are considering changing it because it simply did not finish. It's as if we didn't do it properly.
We have a team of two to maintain this solution.
What's my experience with pricing, setup cost, and licensing?
The licensing fee is paid yearly and is approximately $100,000.
Which other solutions did I evaluate?
I am researching firewall security management tools like Tufin, and AlgoSec.
As a product manager, I don't work with any products. I am just assisting team members in finding alternatives. I am a consultant.
What other advice do I have?
I believe it is a management contract. I believe that such solutions should not be handled on-premise, and we must obtain a proper support contract with SLAs from the service provider. When we do install it on-premises, we have no support, no feedback, and no commitment, except to extend the contract.
We are both customers and a partner with Skybox Security Suite.
I would rate Skybox Security Suite a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at Sony Corporation of America
Stable, with good port division management but requires more automation features
Pros and Cons
- "The port division management was the solution's most valuable aspect for our organization."
- "The solution was quite technical. It would be easier to manage if the solution was more specific about aspects of the solution and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything."
What is our primary use case?
We primarily used the solution for model sites, on the configuration side of things. We also used it to review certain port services, etc.
What is most valuable?
The port division management was the solution's most valuable aspect for our organization.
What needs improvement?
The solution was quite technical. It would be easier to manage if the solution was more specific about certain aspects and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything.
The solution requires more integration in terms of automation features.
It would be great to have proxies, IDs, IPs, firewalls, certain network centers, etc. on the solution. If more of that can be looked at or reviewed from a Skybox standpoint it would be helpful. The solution needs to expand its scope.
For how long have I used the solution?
We had been using the solution for about a year. It hadn't been too long.
What do I think about the stability of the solution?
For us, the stability of the solution was okay. Our organization managed to use it just fine.
What do I think about the scalability of the solution?
The solution isn't great at scalability. I'm not saying it is not scalable, but then, of course, companies have to test and see. For us, when it came to scalability, there were always question marks as to if it could be done effectively. We were never 100% confident in its capabilities. For us, and the environment we worked in, we were somewhat sensitive to scaling with this solution.
There were two types of users for this solution in our organization. One type of user had full access to the tool and they were the leadership team, IT and security. The other type of user had access to automated reports. There were about 200 people who had access to this.
How are customer service and technical support?
We were never in touch with technical support. I can't speak to how helpful they were. We had a team that dealt with technical support, but I don't recall ever hearing from them about how good or bad the service was.
Which solution did I use previously and why did I switch?
We've since moved from Skybox to another solution, therefore, we aren't using it anymore. About four to six months ago, we migrated from Skybox to another tool called AlgoSec.
What other advice do I have?
I'd advise other companies to scan the solution from time to time and be mindful of it. It's also important to make sure the services of the tool are enabled for the actions a company will need to handle or monitor.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Asst. Manager Finance at a insurance company with 5,001-10,000 employees
User-friendly, extracts data easily, scales well, and it's easy to install
Pros and Cons
- "It's very supportive and very user-friendly."
- "The price could be cheaper."
What is our primary use case?
We use this solution for data encryption.
We provide and deploy this solution for our customers and show them how to extract the reports. Our customers are really happy.
If they run into any issues, we resolve their queries.
What is most valuable?
It's a good product. We can extract the data from it very easily.
It's very supportive and very user-friendly.
What needs improvement?
We are not using the solution and rely on customer feedback. If the customer does not provide any, then we can't recommend what could be better.
If they have had any kind of issues, then we are able to know and have it perform better.
For how long have I used the solution?
I have been using this solution for four months.
We are using the latest version.
What do I think about the stability of the solution?
It's a stable solution. We haven't had any issues with stability in the four months that we have been using it.
What do I think about the scalability of the solution?
It's a scalable product. We scaled our internal projects.
We only have single customers who are using this solution.
How are customer service and technical support?
We have not contacted technical support because we have not any issues.
Our clients have not had any queries. If they do, then we would contact technical support.
How was the initial setup?
It's easy to install and deploy.
It took one month to deploy to all of the branches.
What about the implementation team?
The integration was done by the vendor. We didn't do any kind of integration.
What's my experience with pricing, setup cost, and licensing?
We purchase the license for the product.
Customers do not purchase the license, we take care of that.
When compared with other companies, the license is more costly.
The price could be cheaper.
What other advice do I have?
We have deployed this solution for our clients and have not received any complaints.
I would definitely recommend this solution to others.
I would rate Skybox Security Suite a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Suitable for complex networks, reliable, and good support
Pros and Cons
- "It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base."
- "Change Manager can be improved. If they can improve Change Manager so that whatever we want to do on a firewall, we are able to do it through Change Manager, it will be helpful for us. Whenever we are doing a change, it only does them at an L3 and L4 level, but all the firewalls are at the application layer. So, whatever needs to be done on the firewall, we aren't able to get it done through Change Manager. Currently, this functionality is not there because of which we are sometimes losing customers. I can create a role on Layer 3, Layer 4, but when it comes to the application layer, such as configuring and defining URLs or other things at the application level, it can't be done through Change Manager. Customers demand that they should be able to do everything through Change Manager. They don't want to do it through some other mechanism to accomplish their complete change management policy. They don't want to use a firewall manager because sometimes, they don't have any manager. They ask if they can use our solution so that a manager is not required. If Change Manager can do all the management automatically without involving any other manager, it will be great. They can also provide better integration with other managers so that everything can be done through a central point."
What is our primary use case?
Our clients are using it from the firewall assurance perspective. They want to do an audit of their firewalls. So, the use cases are related to policy audit, such as which shadow rules they have and which rules are not getting utilized.
We are recommending the latest version to our clients because sometimes, a lot of integrations are required with respect to different firewalls and virtual devices. If we are using an old version, some of the things are not getting integrated. That's why we are going with the latest or the latest minus one version.
To my knowledge, most of the deployments that we have done are on-prem.
What is most valuable?
It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base.
It is reliable, and their support is good.
What needs improvement?
Change Manager can be improved. If they can improve Change Manager so that whatever we want to do on a firewall, we are able to do it through Change Manager, it will be helpful for us. Whenever we are doing a change, it only does them at an L3 and L4 level, but all the firewalls are at the application layer. So, whatever needs to be done on the firewall, we aren't able to get it done through Change Manager. Currently, this functionality is not there because of which we are sometimes losing customers. I can create a role on Layer 3, Layer 4, but when it comes to the application layer, such as configuring and defining URLs or other things at the application level, it can't be done through Change Manager. Customers demand that they should be able to do everything through Change Manager. They don't want to do it through some other mechanism to accomplish their complete change management policy. They don't want to use a firewall manager because sometimes, they don't have any manager. They ask if they can use our solution so that a manager is not required. If Change Manager can do all the management automatically without involving any other manager, it will be great. They can also provide better integration with other managers so that everything can be done through a central point.
On the OT side, if they can provide more visibility, it would help. We are working on some of the features related to OT, so more visibility would be helpful.
For how long have I used the solution?
We have been working with this solution for two to three years.
What do I think about the stability of the solution?
It is reliable. Whatever features are there, they are reliable.
What do I think about the scalability of the solution?
As of now, we don't have any challenges with scalability. If we are fulfilling all prerequisites, it is okay.
Earlier, in some of the cases, it was a bit slow, but if we are fulfilling all the requirements, it gives a good performance. For a PoC, when we were using an old platform, the performance was not up to the mark, but when we use the latest platform and hardware, the performance is good.
How are customer service and support?
Their support is good. Support is not a challenge.
How was the initial setup?
It is not complex.
What about the implementation team?
We are acting as a vendor and distributor for Skybox in India. So, our team is taking care of whatever implementations are coming on behalf of Skybox.
What's my experience with pricing, setup cost, and licensing?
Licensing is normally on a yearly basis. There may also be a perpetual license. Normally, the customers ask for a lower price. If you want to sell more, you have to think about it.
What other advice do I have?
I would definitely recommend this solution. If you have a complex network with more than 20 firewalls, it is better to go with this solution. It might not be suitable if you have only four or five firewalls, but when the network is complex, or you are managing a data center with a lot of security challenges, I would recommend this solution.
I would rate this solution a nine out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Buyer's Guide
Download our free Skybox Security Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Qualys VMDR
Tenable Nessus
Tenable Security Center
Orca Security
Check Point CloudGuard CNAPP
Rapid7 Metasploit
Balbix BreachControl
Titania Nipper
Buyer's Guide
Download our free Skybox Security Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?
- What are your recommended automated penetration testing tools?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- Can you recommend API for Tenable Connector into ServiceNow
- What penetration testing tool (or tools) do you recommend for SMB/SME?