Skybox Vulnerability Database, one of the most advanced vulnerability databases in the industry. Users can search the Skybox Vulnerability Database by vendor, category, severity, date, CVE number and more, and drill down for special details on specified vulnerabilities.
A cornerstone element of the Skybox Vulnerability Center is the Skybox Vulnerability Index, a measurement that indicates the scale and severity of the vulnerability attack surface, or the sum of all cyber attack vectors against a typical enterprise organization. The Skybox Vulnerability Index is calculated daily from a summation of factors assigned to every vulnerability in the Skybox Vulnerability Database, which consolidates vulnerability data for more than 1,000 products used extensively in enterprise network environments.
Fluctuation in the Skybox Vulnerability Index provides a signal of the dynamic scope of the IT risk exposure that vulnerabilities pose to an enterprise organization. Many organizations take months to completely scan their infrastructure for vulnerabilities and perform remediation tasks, leaving many vulnerabilities exposed for months at a time. The Skybox Vulnerability Index is calculated over a rolling 90-day view of reported vulnerabilities, corresponding to the risk level of an organization with a vulnerability remediation cycle of 90 days.
“The Skybox Vulnerability Index enables organizations to understand how the constant stream of reported vulnerabilities affects their attack surface,” said Gidi Cohen, CEO of Skybox Security. “Using our web application, IT security professionals can customize the Skybox Vulnerability Index, such as by vendor or by category, and remediation window, to gain insight into the type and severity of vulnerabilities that have been reported since their last vulnerability assessment cycle. With this knowledge, security teams can orchestrate effective and efficient vulnerability remediation efforts that dramatically reduce the attack surface and quickly decrease overall risk.”
According to a Skybox Security survey, the vulnerability management cycle from vulnerability assessment to remediation can range from as little as a week or two in critical areas of the network, to months or longer. Additionally, most organizations deploy a ‘round robin’ scanning approach that assesses only a small portion of their infrastructure on an infrequent basis, leaving a large window of risk exposure that is wide open to data breaches and attacks.
Gartner recommends reducing the attack surface to limit hackers, according to the February 12, 2014, report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks. “We believe the foundation of any information security protection architecture should start by reducing the surface area of attack by using a combination of techniques. These techniques limit a hacker's ability to reach systems, find vulnerabilities to target and get malware to execute.”
The Skybox Vulnerability Index shows that the vulnerability risk to enterprises with 90-day or longer remediation cycles rose significantly throughout 2012, then was at a fairly steady level in 2013. For the first two months of 2014, the Skybox Vulnerability Index shows a marked drop of about 40 percent year-over-year, indicating that organizations may be able to make headway, at least temporarily, in reducing risk levels through a vulnerability management system, until the exposure will start rising again.
The Vulnerability Center and the Skybox Vulnerability Database web application are now available online at www.vulnerabilitycenter.com.