Skybox Security Suite Reviews

Skybox Security Suite is primarily used for allowing access on firewalls and getting the access to allow some connectivity on the firewall.

The firewall management feature in Skybox Security Suite was quite good and was what we primarily used. Skybox Security Suite's network modeling and path analysis is a good feature when we need to check regarding the connectivity. The implementation also matters in an organization when it comes to generating the kind of results, as it depends on how the organization has implemented Skybox and what features they are using to get maximum input and results from the tool.

The features that I appreciated the most in Skybox Security Suite were not comparable with Tufin, as Tufin was far ahead in terms of the technology and the user interface. The effectiveness of the vulnerability management in Skybox Security Suite is an area I have not used that much.

The firewall management feature has streamlined rule configuration and compliance in Skybox Security Suite and has evolved over time, but Tufin is far better. In terms of comparison between both tools, only the licensing part of Skybox had an edge. We were not renewing the licenses of Skybox every year, but in the case of other tools, we would have to renew if we wanted to use those tools.

The disadvantages and weaknesses of Skybox Security Suite include the interface, complexity with setup, and upgrading. There are some smaller issues as well that would take more time to discuss, but there are ways around them. We use this tool to implement a new policy on the firewall by going to Skybox, creating a flow there, and then using an approval mechanism in place. There are two different levels of approvals which we have to go through, and once both approvers approve the request, we are ready to implement it.

A specific challenge is that if we have to create a new object group and place ten different objects in that and use that object group in two different rules, we have to create the object group in the first rule and add the ten new objects. Then if we have to create another rule, we do not get an option to recall or reuse that same group which we created in the previous rule. We have to create a new object group again and then add the objects into it again. If we had created an object group once, we should have gotten an option to recall that or call that object group in the new rule, and that should have made the process easier.

I have been working with Skybox Security Suite for around two years in my previous organization, and now it has been more than three years at my current organization, making it more than five and a half years in total.

Skybox Security Suite implementation was tough because I have done upgrades of Skybox as well in my previous organization. Implementation was never easy, as we were using Skybox with some limitations and some features that were not working. We were told to get a server and install Skybox there and then get the whole implementation done, which was a tedious job. Upgrading is also a daunting task, and the organization hesitates in upgrading Skybox when it comes. However, I believe in Tufin it will be easier.

Both implementing and upgrading Skybox Security Suite is difficult. There is not a kind of wizard that we have like in other tools where we click next, understand what we are doing, and get pop-ups with all the information telling us what we are doing. In the case of Skybox, pop-ups will come, but it is a difficult job to understand what the pop-up or the information that they are trying to say is, decrypt it, and then proceed.

Skybox Security Suite was offering a perpetual-based licensing model where users or the organization would have the liberty of using Skybox until they wanted to. However, our organization is switching to Tufin Orchestration Suite now.

I do not have the exact count of how many people are still using Skybox Security Suite in my organization, but all of them will be switching to Tufin. The count might be around one hundred or so. Tufin is already implemented in my company, and we have set a deadline for when we will be switching or migrating to Tufin when Skybox will stop working. Once the cutover happens, we will only be using Tufin. Tufin Orchestration Suite is already in the implementation stage, so it was not being used earlier, but now we will be using it. I would rate this review as a six overall.

Negative

I am using Skybox Security Suite for firewall audit and monitoring purposes only.

The most helpful feature is the firewall analyzer. I am using Skybox Security Suite for firewall audit and monitoring purposes only.

The dashboard's UI is not interesting; it is quite normal. It would be better if something more attractive or similar useful information found in AlgoSec was available.

I have been working with Skybox Security Suite for almost a year.

I do not directly reach out to Skybox Security Suite's support. My role is in governance, and any issues or questions are handled by our IT team.

Neutral

The initial setup was straightforward and not difficult since it is an as-based platform.

From a commercial perspective, AlgoSec is more expensive compared to Skybox Security Suite. Skybox Security Suite is cost-effective.

The competitor mentioned was AlgoSec.

I would rate this tool eight out of ten. My advice is to consider the tool's features and cost-effectiveness.

We're reselling it and also assisting with installations. It's become more popular in the last few years. Because even though Serbia is relatively small, it has suffered from hacker attacks. We thought we weren't such an important country. So companies are looking for security solutions. And after the basic ones like firewalls and endpoint protection, they're now looking for more. 

For example, robust solutions that bring additional security. And Skybox Security is one of them. It's aimed at larger customers with more assets, like one thousand desktops, servers, and a larger network infrastructure. So, it's a good tool for them to accomplish several things. 

Skybox consists of four modules. One is called Firewall Assurance. The other one is Network Assurance. Then there's Change Management, and the last one is Vulnerability Management. 

So if the company has several firewalls, and probably or potentially firewalls from different producers or manufacturers, they can check all those firewalls together. So at the same time, for several things, like if the policies/rules are made properly and if there are some shadow rules, For example, if there are some rules that have not been used for a long time, Then it can also look for the compliance of the rules or of the configuration of the firewalls in the sense of compliance to some of the standards—security standards, and so on. 

So the customers can manage and check the configuration on several firewalls, especially when there are more than 20 to 30 firewalls, to check if everything is okay with the security of those with the configuration. And the security of those firewalls.

When you import all the assets that you have, like desktops, servers, networks, devices, routers, and then firewalls, and other products, then Skybox makes like, a model of the network, but with context. 

So, it is not just a model in VIZIO. Or something like it like that. You get the model with context, and, like, it looks like a real network in a real-time. So you can check your network and the security of your network on that model. 

After that, Skybox adds vulnerability management of the assets in your network. For example, if you have 3,000 vulnerabilities in your network. You can find those vulnerabilities, but you cannot decide or you don't know which ones are the priority ones. So maybe there are vulnerabilities, but they are behind some firewalls. 

Even though they are serious, you don't have to start with them because there is no access to those assets because of the rules on the firewall. So it is vulnerability prioritization. You get the list of  10 to 20 most serious and most dangerous vulnerabilities, and you also get advice on how to patch them or how to get rid of those vulnerabilities. 

So it's important that you get the model of your network then you can see what assets are available from the outside and what are the parts for those assets. And if you will allow it or not, allow it or not. And then, on the other side, there is this vulnerability prioritization.

So the vulnerability management capability of Skybox really helps in security strategy when you know how to properly use it. 

It cuts your time in order to patch several hundreds of vulnerabilities. You can concentrate on the most important ones. 

Vulnerability management is the most valuable feature because it lets you focus on the most critical vulnerabilities. That's the important thing. 

Here in Serbia, there are not so many companies that have too many firewalls inside one company. So, they usually don't buy this model for Firewall Assurance unless there is some compliance. So you can prove that your firewalls are compliant. So, that model is not so important here in Serbia. It's for bigger companies. So, they usually buy network assurance to build the model of the network and vulnerability management to focus on the most important vulnerabilities. 

Moreover, Skybox can collect data for many vendors. From the endpoint protection vendors to the network equipment vendors to other security vendors. So, it supports more than one hundred vendors to collect data from them.

There is room for improvement in pricing. It would be better, especially if a customer bought all four modules.

I have been using it for ten years now. I work with the latest version. 

We didn't have any complaints. It's stable.

It is easy to scale because it is already meant to be an enterprise-grade solution. It is not for small companies because the price is not so small. 

Usually, small companies have simple networks and infrastructure so they can handle vulnerabilities. But for bigger companies, Skybox Security is like a cream on a cake.

Support is satisfactory. We haven't had any problems with support during the last ten years.

Positive

I have worked with Qualys and Tufin. 

Skybox Security has better vulnerability management than Tufin. Qualys is very good, but it does not prioritize vulnerabilities in the same way as Skybox Security.

For someone installing it for the first time, it's not that easy. Skybox offers installation services, but only for the first time. Partners who use these services get five days of online support from a Skybox engineer. After that, the partner is expected to manage on their own.

It's different from any typical antivirus solution. It's an enterprise-grade solution with fewer buyers, so when a partner installs it for the first time and shows it to the customer, professional services are usually needed. The next time, they won't need it, but they will need to explain it to the end user, who will manage it as an administrator.

For a complex network with many devices, firewalls, and more than 200 assets, deployment can take five days. It requires three to five people to communicate, check all the assets, and verify the model, but it's worth it.

Maintenance is easy once everything is set up. You just start the vulnerability management module, and it runs smoothly.

ROI is very good because imagine having a breach or being attacked by ransomware; it's much more expensive than having Skybox security. It pays off very fast.

Several big companies here in Serbia have benefited from Skybox Security.

It saves time and money. This automation replaces several people because it can reconfigure firewalls, send alerts, propose actions, etc. Their new slogan is Skybox Security, offering continuous exposure management.

You always negotiate a little bit when the price is in question. But, the price could be a little bit smaller. Maybe it could offer additional discounts when you buy all the modules. Because end users often choose only what they need, but could benefit from other modules like change management and firewall assurance if they got an additional discount.

Skybox offers everything regarding reporting. You can quickly see what to do with your infrastructure, and it also checks compliance, telling you if you meet certain standards or PCI datasets. It's a very good tool for compliance.

For us, it is an excellent solution, but I will rate it nine out of ten because there is always room for improvement.

The platform's most valuable feature is reporting. 

There is room for improvement in the product's user interface. It could be more user-friendly. 

I worked with Skybox Security Suite for a limited period. 

I would rate the stability a six or seven due to the challenges we faced with integration, particularly firewalls disintegrating and requiring repeated troubleshooting.

My organization has approximately 500 Skybox Security Suite users, but the usage depends on the number of devices integrated with the solution. We were integrating around 42 firewalls.

I would rate the scalability a six or seven because there were limitations, especially report generation and database issues.

The technical support from Skybox had issues with engineers' availability, leading to delays. It often took time for professional support engineers to get involved. 

Neutral

The initial setup process was easy. The deployment took several weeks. However, this was due to internal issues within the company and not because of any inherent deployment problems with the solution. In general, it should not take much time.

Based on my experience, I would probably not recommend Skybox Security Suite to others. If I had to suggest an alternative to close friends or colleagues, I would recommend FireMon or AlgoSec over Skybox.

I rate it a six out of ten. 

In my company, we use Skybox Security Suite as a system for ticketing and compliance.

My company likes Skybox Security Suite as a product. I think that compliance checks and policy compliance are the product's good features.

The tool does not offer options for customization. My company would like to see some customization features added to the solution to make different workflows since, currently, we only have a limited set of workflows in Skybox Change Manager.

I have been using Skybox Security Suite for ten years. I am not using the solution's latest version. In our company, we are planning whether to upgrade the solution or not since we do not have support for it. My company is an end user of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

I am not sure about the scalability of the product since we did not scale it in our organization. We have only one server and did not plan or attempt to scale up.

There are more than 1000 users of the solution in my company. I work for a large organization which is a bank or better described as a financial organization. All of the users have access to create tickets.

I haven't had any experience with the product's technical support team since my company hasn't purchased support. We used to receive support for Skybox Security Suite in our company, but not anymore, so we are planning to move to another solution.

I wasn't involved in the initial set process, and it has been almost ten to twelve years since the product got installed in my company. I am the only person in my company involved with the system's maintenance and support part, and everything is clear and simple with the solution.

The solution is deployed on-premises.

Though I do not know the exact prices, I know it is a very expensive solution, and my company plans to explore cheaper alternatives.

I rate the pricing two on a scale of one to ten, where one is very expensive, and ten is cost-effective.

My company is planning to move to AlgoSec or Tufin from Skybox Security Suite, but we haven't finalized our plans on which one to choose.

I can recommend the solution to those who plan to use it.

I rate the overall product a nine out of ten.

We primarily use it for vulnerability path detection and compliance with policies we define.

The revalidation and policy recertifications are most valuable. They are easy to understand in the GUI.

There is room for improvement in device policy provisioning. Typically, the configurations need to be pushed across. Currently, Skybox Security Suite has features that allow a policy push, so if we want to configure the policy and need a sub-policy, it needs to be added within the existing rule frame. However, modifications and the deletion of existing policies are currently unavailable or under enhancement.

We have used this solution for more than a year, and it is deployed on-premises.

The product is very stable. There are minor fixes that sometimes take time to process, but overall the stability is good.

It is scalable but not completely. About 20 people are using the solution in our company.

The technical support is satisfactory. They have very clear communication and quickly provide solutions.

The initial setup was easy. 

Before choosing Skybox Security Suite, we evaluated AlgoSec and Tufin. We chose Skybox Security Suite because of its flexibility. We were looking for automation and wanted in-house integration. We will be looking for a solution with a different use case in the next six months to a year.

I rate this solution a seven out of ten. I would recommend other companies be very clear in their objectives before choosing this solution. They must be very clear about their expectations if they are looking for compliance, reporting, and other modules. In addition, some of the features we need aren't included in the solution, such as cloud security, cloud firewalls, and cloud security groups.

The primary use cases are to check role compliance and OS vulnerabilities.

The most valuable features are the rule compliance and the OS vulnerability checks.

There is room for improvement in customer support and service. 

I have been using this solution for two years. 

It is a stable solution. We have been working with this product for the past one or two years and haven't encountered any major issues.

It is a scalable solution. Most of our customers are enterprise and banking companies. We recommend it even for small companies because they also need to check the compliance of network devices and endpoints. They may have fewer devices, but it is still necessary.

The main thing is that if the device is down, there's no impact on any organization. So if we require some help from tech support, we have to provide real estate, and until they receive the logs, it may take a day or two. Compared to other vendors like Cisco, where we can raise a ticket and get a user available within an hour or two, this particular vendor needs to work on this.

Positive

There is a prioritization feature for vulnerabilities that is unique to this solution. Other competitors do not offer this feature.

It is very easy to deploy. 

If the customer has around 100 firewalls, we can deploy the solution within a week, including all parameters.

Most of the time, the professional services team handles the deployment. However, we provide support and guidance to customers so that they can handle the installation process and integrate the software with their existing systems.

The number of people required during the deployment depends on the case. If the customer has fewer than 100 firewalls or devices, we can identify it within a week or maybe ten days. 

However, if the customer has a large number of devices, say a thousand, it may take up to 15-20 days. The deployment process also depends on the prerequisites of the customer. We can deploy the product within the agreed timeframe if they provide the necessary prerequisites on time.

The licensing cost is okay. 

Overall, I would rate the solution a nine out of ten. There is room for improvement in the technical support. 

Before implementation, I would advise the engineer to know why the customer is seeking this solution and what best practices should be chosen to ensure the customer can achieve their desired outcome.

Our company uses the solution to provide firewall and vulnerability management for customers. We work with our customer's IT and cybersecurity departments to determine the use case such as viral assurance, network assurance, and change management. We have implemented the solution for 60 customers. 

We provide firewall management for customers who can afford to purchase the Skybox firewall model. 

Most of our use cases are implementing Skybox Control as a firewall tool. We provide customers with more focus so they can understand attack vectors and whether they come from different parts of a network or a partner workforce. The vulnerability control determines how we operate with an attack vector. For example, we might close ports, close some vectors, or patch software. 

The solution is mature and powerful because it includes elaborate tools for getting a focused view of an infrastructure or creating attack vectors based on details from Qualys and Tenable. 

Robust modules can be used for different parts of network security to match the business needs of big organizations. 

There is a strong focus on customer retention because the customer satisfaction department works with the development department to implement customers' feedback in new releases.

The solution does not support certain devices or vendors in some regions or countries due to regulations. A universal connector would be an interesting way to ensure that support is worldwide. 

The UX interface could be simplified and more convenient. 

I have been using the solution for eight years. 

The solution has a mature environment and is quite stable. We properly implement any hardware and cover the infrastructure so we have no issues with operating and analyzing data. 

The solution includes tools for backup. If for some reason a customer experiences a slow down, then it takes only ten or twenty minutes to use the backup and recover. 

The solution is scalable so it works well for retail. For example, you can use a number of consoles or servers that operate with specific data in a specific segment. You can have a management server with a proxy in a different part of the network that operates specific devices on a segment or provides data for analyzing a management service. 

You can add RAM or cores for virtual machines if you need more or deeper infrastructure segments. 

Training and technical support are provided at no extra charge. 

Most of our customers were using custom tools or scripts. They may have been trying to get insights from Cisco or Juniper. 

Once businesses grow and mature, they understand the need for viral or vulnerability management tools. The solution can operate with custom tools so it provides the needed coverage.

For example, customers might have specific scanners but they do not cover or provide reports for all of the infrastructure's vulnerabilities. It is important for IT to manage the configuration of all network devices while competently managing vulnerabilities.  

I have years of experience so setup is quite simple. 

It is important to understand networking and how various modules work. In general, a bit of training from the solution's partners is beneficial. 

We implement the solution for customers. Easy use cases can be completed by one technician and more complex security networks might be completed by three technicians. 

We train our internal team and provide training to customers that includes general administration or common issues. 

One or two administrators can handle hardware maintenance and report interpretation. 

We work with customers to understand their ROI. The buy-in cost varies by customer because it is based on the modules selected. 

The cost of implementation might end up being equal to a yearly salary but the importance of cybersecurity cannot be outweighed. 

The solution is based on a subscription model with annual licenses. Modules of interest are purchased separately. Training and updates are included at no extra charge. 

A perpetual license used to be popular but is rarely used these days. 

The solution is the most interesting for customers because its complexity and power is a match to different parts of networks. 

AlgoSec is the toughest tool for viral management so is an option for customers who only want to focus on that. 

It is important to understand your company's needs. Jumping in and implementing all functionality or modules is not advised because they might not be needed.

Additionally, module implementation is complex because you must meet corporate compliance requirements for library management, network maps, and network security.

Take a step-by-step approach and try modules before purchasing them. Understand your needs and see if modules match them. 

I rate the solution an eight out of ten. 

Our company installs and manages the solution for our clients and we have two primary use cases. 

The most common use case is monitoring the security compliance of firewalls. Every company has a firewall policy that includes rules, what traffic is allowed, which ports are open and more. The solution analyzes each firewall and reports if compliance is not achieved. 

Another use case is importing network devices. The solution builds a map to analyze an entire network including compliance of routers and switches that sit behind the firewall. For example, a banking customer might have network zones such as office, core systems, and ATM cashpoints. Between those, the bank has various policies about what traffic can be open. The solution monitors compliance of the network's configuration against policies. Most UK banks are using the solution for this purpose because it is a unique feature. 

A third use case is change management in relation to firewalls. Companies that monitor their firewalls and network zones's compliance often have change orders. If a user requests a change today but it isn't implemented for a week, some solutions will only pick up a non-compliance issue at the actual time of implementation. This solution includes a change manager module that reviews changes before they are implemented, catches non-compliance issues, and stops implementation until they are corrected. It handles all network assurance including in the cloud. 

The final use case is vulnerability management. The solution is unlike Qualys which scans while it detects vulnerabilities, but it instead imports vulnerabilities and patch statuses from various vendors. This is a very useful tool for companies who may have different vulnerability scanners and patch management solutions because the solution imports everything into one consistent system where it runs vulnerabilities. The solution looks at which systems are most risky to fix those vulnerabilities first. Because of its unique network model, the solution understands possible flows of data in the network and analyzes attack vulnerabilities. 

The solution's most valuable and unique assets are the vulnerability management and change management solutions because they identify mistakes in the network before implementation which reduces risks. There aren't many competitors offering these tools. 

The solution needs to move and improve its interface to a full web browser version that is more accessible and doesn't require installation for use. 

Speed of analysis could be improved because it takes quite a lot of computing power to import data from various networks, servers, firewalls, routers, and vulnerability scanners. Sometimes it can take 12 hours to run an analysis. If you understand scaling, upscaling vertically doesn't work really well because there's always a ceiling in computing resources. But upscaling horizontally by making the solution capable of paralyzing computational resources works well in computing science and theory. 

I have been using the solution every day for eight years. 

The stability has improved greatly because there has been a drive for improvement. Currently, stability is as good as any other enterprise software. 

The current solution is only scalable vertically. When you scale vertically, you are adding bigger resources to the same computer. 

If you have a computer server that needs more speed, you might change CPUs. You may add an additional CPU or add more memory or disk space. But there is a ceiling because of server size. It is not feasible to buy a server with 300 petabytes of memory. There are also storage and CPU ceilings. If you have a bigger network and you need to analyze it faster or you have a lot of information, then you need a bigger server. 

Skybox is rearchitecting the solution to scale horizontally and ask before running analysis on the server. Instead, the analysis will be offloaded to different virtual machines that can be paralyzed effectively. Essentially, you go left or right to connect with resources. Instead of one server for the task, you can have 50 servers that might only be in use for ten minutes. The server speaks to the infrastructure, tells it to access 50 servers to run a certain application like a script or Java codes, assigns the task, and tells the infrastructure to report back with the results. Scaling horizontally is the only way in computer science to effectively tap into unlimited scaling. 

We only use support when we have problems that we can't solve ourselves. For us, support is topnotch and I rate it a ten out of ten. 

The support experience depends on who is asking. If an IT engineer has been given the solution to run, they might have to ask a lot of questions and the support for that won't be very good. To be honest, I've seen support queries from customers that clearly shouldn't be touching a server. Support doesn't know what to do with requests from these customers. For these cases, I would rate support an eight out of ten. 

Positive

Setup can be tricky if you don't have experience. It can be a complicated product to install and operate. Most of the issues we've experienced don't relate to the tool itself but relate to the availability of data points. 

The solution needs to import conflicts from firewalls, network routers, vulnerability scanners, and maybe patch management solutions. Stakeholders are not only security teams but network teams that could be from Linux, Windows, a third-party provider, managed security, managed party, or managed IT providers. 

The complexity is not related to how well the solution works but the process for embedding it in a company. The biggest challenge is organizational complexity and selling the usefulness of the solution to all parties. The typical owner of the solution is the security team. If they don't have a good relationship with the networking team, then that team may not want to provide information about the configuration of firewalls or routers. Without this information, the security team is stuck, won't be able to find conflicts, and Skybox isn't doing anything. This complexity is typically on the organizational structure side and includes internal politics and complex service partners. 

Our setup team is very experienced and handles installations. We are the only certified service plus partner in India for design, implementation, and management. Our experience is a ten out of ten.

We are often called on to review implementations and find inefficiencies. It is easy to make a mistake and it's important to correct them quickly for customers who've already invested a big budget in licenses and implementation. 

An IT engineer who doesn't have experience might struggle. Based on this, I would rate the setup a six out of ten. 

The solution is not inexpensive but customers value cyber security assurance, network assurance, and vulnerability management. A mid-size organization may not be able to afford the solution which is geared toward companies with 2,000 users. 

Value and ROI are two different things. Overall, ROI in cyber security only exists in well-defined cases, but there is clear value for customers who use the solution. 

It is important to talk with experts to determine if this is the right solution for your company. If you go to a car dealership, you might have a certain budget and can only afford a small Volkswagen Golf. But you might be persuaded to go with a top brand and bigger package. 

An expert will first analyze needs or use cases and then engage with other teams required for configuration like network teams or third-party IT providers. If all teams are not on board but the solution is purchased, you might spend several months negotiating with those teams to get what you need. During this time, the company is wasting money because the solution is not able to do anything. 

Experts will first create a design for the organization and solution. How will it be used? Who are the stakeholders? How will we obtain the necessary configuration files? Where will it be hosted? Who will operate it? The information creates a business case and informs a purchasing decision. It is important that companies follow this structure rather than advice like, "This is a really good tool so you should buy it now and figure it out later."

The tool is very useful but not marketed widely because it is a niche product. Other tools like FortiGate market widely and many companies are certified to design, implement, and manage it.

I rate the solution an eight out of ten only because it is not for small or medium-sized businesses but rather for large enterprises with specific compliance needs.