, a free online resource for IT security practitioners that includes access to the

Skybox Security's picture
Printer-friendly versionPrinter-friendly versionPDF versionPDF version

Skybox Vulnerability Database, one of the most advanced vulnerability databases in the industry. Users can search the Skybox Vulnerability Database by vendor, category, severity, date, CVE number and more, and drill down for special details on specified vulnerabilities.

A cornerstone element of the Skybox Vulnerability Center is the Skybox Vulnerability Index, a measurement that indicates the scale and severity of the vulnerability attack surface, or the sum of all cyber attack vectors against a typical enterprise organization. The Skybox Vulnerability Index is calculated daily from a summation of factors assigned to every vulnerability in the Skybox Vulnerability Database, which consolidates vulnerability data for more than 1,000 products used extensively in enterprise network environments. 

Fluctuation in the Skybox Vulnerability Index provides a signal of the dynamic scope of the IT risk exposure that vulnerabilities pose to an enterprise organization. Many organizations take months to completely scan their infrastructure for vulnerabilities and perform remediation tasks, leaving many vulnerabilities exposed for months at a time. The Skybox Vulnerability Index is calculated over a rolling 90-day view of reported vulnerabilities, corresponding to the risk level of an organization with a vulnerability remediation cycle of 90 days. 

“The Skybox Vulnerability Index enables organizations to understand how the constant stream of reported vulnerabilities affects their attack surface,” said Gidi Cohen, CEO of Skybox Security. “Using our web application, IT security professionals can customize the Skybox Vulnerability Index, such as by vendor or by category, and remediation window, to gain insight into the type and severity of vulnerabilities that have been reported since their last vulnerability assessment cycle. With this knowledge, security teams can orchestrate effective and efficient vulnerability remediation efforts that dramatically reduce the attack surface and quickly decrease overall risk.”

According to a Skybox Security survey, the vulnerability management cycle from vulnerability assessment to remediation can range from as little as a week or two in critical areas of the network, to months or longer.  Additionally, most organizations deploy a ‘round robin’ scanning approach that assesses only a small portion of their infrastructure on an infrequent basis, leaving a large window of risk exposure that is wide open to data breaches and attacks.

Gartner recommends reducing the attack surface to limit hackers, according to the February 12, 2014, report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks.  “We believe the foundation of any information security protection architecture should start by reducing the surface area of attack by using a combination of techniques. These techniques limit a hacker's ability to reach systems, find vulnerabilities to target and get malware to execute.”

The Skybox Vulnerability Index shows that the vulnerability risk to enterprises with 90-day or longer remediation cycles rose significantly throughout 2012, then was at a fairly steady level in 2013.  For the first two months of 2014, the Skybox Vulnerability Index shows a marked drop of about 40 percent year-over-year, indicating that organizations may be able to make headway, at least temporarily, in reducing risk levels through a vulnerability management system, until the exposure will start rising again.

The Vulnerability Center and the Skybox Vulnerability Database web application are now available online at www.vulnerabilitycenter.com.

 

 

About Skybox Security, Inc.

Skybox Security, Inc., provides the most powerful risk analytics for cyber security, giving security management and operations the tools they need to eliminate attack vectors and safeguard business data and services.  Skybox solutions provide a context-aware view of the network and risks that drives effective vulnerability and threat management, firewall management, and continuous compliance monitoring.  Organizations in Financial ServicesGovernment, Energy, DefenseRetail, and Telecommunications rely on Skybox Security every day for automated, integrated security management solutions that lower risk exposure and optimize security management processes. For more information visit: www.skyboxsecurity.com.

 

NOTE: Skybox® Security is a registered trademark of Skybox Security Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. Product specifications subject to change at any time without prior notice. © 2014 Skybox Security, Inc. All rights reserved. 

News Source : , a free online resource for IT security practitioners that includes access to the

Copy this html code to your website/blog to embed this press release.