References

• Customer Quotes
• Analyst Quotes

Customer Quotes

Chris Hoff, Chief Information Security Officer
Western Corporate Federal Credit Union May 2005

" Business-technology managers can benefit from looking at their infrastructure the same way hackers analyze computer systems and networks. The software attack simulation pays for itself, pinpointing exactly which vulnerability poses the greatest risk and which systems need the most attention. That translates into more secure systems in less time. There is no way you can do this in your brain."

"When it is patch Tuesday and you have large server farms and thousands of systems, you need to know if you're truly at risk. Skybox View provides WesCorp with what we describe as actionable intelligence to understand risk at a business level." Click here for Article

"Actionable intelligence is really critical in situations like this. You want to be able to make the most critical decisions in the least amount of time with the least amount of business impact. That's what Skybox does. Instead of looking at 400 servers, I can concentrate on three."

 "We're focused on making Skybox the risk management center of our universe. We're building dashboards that show risk across the enterprise to gain a deep insight into our overall risk," says Hoff. "It's all made possible because Skybox correlates our relevant business information with our real-world risks. It's phenomenal technology. . . There is no way you can do this in your brain." Download Case Study .

Preston Wood
CISO and Director of Enterprise Security Services
Zions Bancorporation, April 2005

"The time between when a vulnerability is discovered and a worm appears in shrinking. Skybox View lets us mitigate risk more smartly, and we can better dedicate resources and deal with the more important issues." Click here for Article

John MeakinGroup
Head of Information Security
Standard Chartered Bank, Sept 2005

"Skybox provides us with the ability to model, in a repeatable way, how easy it is for a vulnerability on a particular box on a particular place in the network to be exploited. It will allow us to go from 100% patching down to 35% if we target just the most valuable boxes, and down to about 20% if we target just the most valuable resources that are also most at risk." Download Case Study .

Leading Financial Services Firm, Sept 2005

"One of the deficiencies of firewall management, in a complicated environment, is that there's no way to know your risk before change is implemented. Skybox Assure fills that need."

"The idea is to reduce human error by conducting offline connectivity tests through the [Skybox] model rather than wait to be tested in the real world. This gives you the ability to see defects and mistakes in the model ahead of time.", Vice President of Network Management Engineering. Download Case Study .

Analyst Quotes

Gartner
Mark Nicolett
IT Security Risk Management Solutions for Vulnerability Management, March 2005

"IT security risk management vendors have tied many vulnerability management steps together. They focus on integrating vulnerability assessment, configuration and process information to quantify IT security risk and to prioritize and support mitigation activity.

The primary focus of IT security risk management point-solution vendors is to provide products and related services that quantify IT security risk and prioritize/support remediation activities.

These products:

• Combine asset classification data, imbedded security policy functions, current external threat data, and the results of third-party vulnerability assessment scans to support aggregated risk analysis and vulnerability mitigation.
• Provide varying degrees of imbedded support for asset classification and security configuration policy management. The reports and analysis attempt to quantify the IT security business risk for IT resources that are grouped by business function or by other criteria, and also provide advice on mitigation priority.
• Provide workflow for mitigation, and validation that vulnerability has been eliminated."

Gartner
Analysis by Amrit Williams and Jay Heiser
Cool Vendors in Security and Privacy, March 2005

Skybox Security Named "Cool Vendor" by Leading Analyst Firm
Vendors Selection Based on how Innovative, Impactful and Intriguing They Are

Palo Alto, CA, April 6, 2005 - Skybox® Security, Inc., the leader in Security Risk Management (SRM), has been included in the list of "Cool Vendors" in the "Cool Vendors in Security and Privacy, 2005" report published on March 28, 2005 by Amrit T. Williams and Jay Heiser, et al of Gartner, Inc. The 15 cool vendors chosen by Gartner's security and privacy analysts have earned this distinction for their ability to develop technologies that add value in a real-world environment.            

"We are honored to be selected as a cool vendor by Gartner. This recognition reflects a major enterprise shift we are hearing from our customers - transforming IT risk management into a measurable, predictable and effective process," said David Batista, president and CEO for Skybox Security.

In their report, Amrit Williams and Jay Heiser write "Each year, thousands of new vulnerabilities appear. It's counterproductive to try to fix each one, and security managers need mechanisms to help them understand the business, network and security impact of vulnerabilities so they can effectively plan mitigation efforts."

Skybox Security is driving the category of IT Security Risk Management (IT SRM) solutions. IT SRM is the complete process of understanding threats, prioritizing vulnerabilities, limiting damage from potential attacks, and understanding the impact of proposed changes or patches on the target systems. IT SRM solutions integrate multiple information sources and technologies required to implement an effective risk management process - and add the analytics required to understand an organization's security posture and make intelligent decisions for proactive risk management and regulatory compliance.

Click here for Gartner "Cool Vendor" Press Release

Steve Hunt , Vice President (now President)
A4 International Forrester / Giga, Dec 2004

"Fix exposures before they become a problem - exposure management calculates the total impact of any future attack and prioritizes steps to mitigate the risk. To be successful in today's security world, you have to get in front of the risk problem." 

"Exposure management calculates the total impact of any future attack and prioritizes steps to mitigate the risk. Skybox is the most innovative company in this space. Skybox could completely change the vulnerability assessment landscape and become the dominant vendor in the world."

Pete Lindstrom, President
Spire Security

"The power with this software [Skybox] is that security professional can create what-if scenarios that help them to more quickly spot likely vulnerabilities hackers would attack. Such applications can help to move security programs from being reactive.to more strategically managed security programs." Click here for Article

The Yankee Group

The Yankee Group defines, IT infrastructure risk management solutions as: Systems that supports the ongoing process of collecting and analyzing assets and associated risk, control and vulnerability data solely for the purpose of security decision-making. Most organizations have informal risk management processes that are heavily supported with professional services and homegrown spreadsheet or database tools - and are now looking for measurable, repeatable and predictable technology solutions.

Zeus Kerrvala, Infrastructure Global Practice Leader
Yankee Group, June 2005

"Skybox is a technology innovator and has referenced customers using its risk calculations to make high-value decisions on network connectivity and associated firewall and router configurations. This type of product is a huge step forward in aligning the technical decisions with business needs and creating a continuous examination of risks, not just a snapshot." 

Phebe Waterfield, Vice President
Yankee Group, November 2004

"Security Risk Management transforms security into a business process.. SRM changes the dynamic of security within an organization from misunderstood to measurable return on investment (ROI) and reduction of risk (ROR). Security Risk management is security's missing link." SRM Turns Security into a Business Process White Paper. 

Matthew Kovar, Vice President
Yankee Group, 2004

"The fundamental shift is away from point solutions and threat detection and toward integrated solutions and comprehensive threat prevention - leading to the birth of security risk management (SRM). The Achilles' heel remains the potentially exploitable vulnerabilities that are not addresses by traditional measures - only continuous root cause assessment"