For Immediate Release

SKYBOX SECURITY INTRODUCES INDUSTRY'S FIRST SECURITY RISK MANAGEMENT (SRM) BLUEPRINT TO DRIVE THE ADVANCEMENT OF THE IT SRM MARKET

Best Practices Guide for the Planning and Implementation
of a Proactive IT SRM Program

SAN JOSE, CA – July 25, 2006 – Skybox® Security, Inc., the leader in Security Risk Management (SRM), today launched the availability of the SRM Blueprint™, a best practices guide for the planning and implementation of a proactive IT SRM program. The SRM Blueprint aims to help organizations transform their point-level security programs into a cohesive decision support and analysis program – and reclaim the millions of dollars annually as the result of inefficient IT risk management practices. Organizations can now identify where they are in the maturity continuum; where they want to go; and the practical steps necessary to get there.

The SRM Blueprint is written for the Chief Information Security Officer (CISO) and head of IT Operations who are responsible for the resources, processes and goals of their respective organizations. These organizations are focused on IT security risk assessment and management, vulnerabilities mitigation, enforcement of network availability and security policy, and change management. The guidance contained within the SRM Blueprint is vendor-neutral and organized in five (5) sections:

1. Reviews the current state of IT Security Risk Management.
2. Describes the barriers that must be addressed in order to transition from a reactive to proactive SRM practice.
3. Defines an SRM program, its key processes, and how analytics and automation tools can play a pivotal role.
4. Provides guidance as to how organizations can move up the security maturity hierarchy, and
5. Highlights the applications of a proactive program.

            “Security Risk Management is often misunderstood. It’s not just about technology – it’s about achieving the right level of security spending, knowing that your security is better today than yesterday, and understanding the real risks facing your business. The SRM Blueprint gives security and network teams a  framework for weighing their options and making decisions, rather than simply chasing vulnerabilities around the hamster wheel day after day,” said Andrew Jaquith, senior analyst of Yankee Group.

SRM Blueprint Market Drivers and Benefits

IT security remains the great unknown. Point-level security tools generate an overwhelming amount of data, numerous false positives and lack actionable intelligence.

As a result, the industry often hears the common phrase: “You can’t manage what you can’t measure.” The desire to measure IT security effectiveness is driving many organizations to elevate their reactive approach to one that is more proactive. This includes the ability to predict future problems as well as identify root causes driven by a continuous and measurable process. By doing so, organizations can prepare for and respond to threats and policy violations in a calm and rational manner while determining the most effective action items for the elimination of the exposure.

What’s been missing is a Security Risk Management blueprint that defines IT SRM as a best practice. By reading adopting the SRM Blueprint, organizations will understand the steps necessary to transition existing security programs from a reactive to a more proactive practice, enabling them to achieve the following benefits:

1. A proactive, disciplined, visible and measurable IT SRM best practice.
2. A central repository of all your risk, control and policy-related data.
3. Better visibility into the state of your IT security profile by presenting objective risk and policy exposure metrics and their trends.
4. Reduced IT workload through efficient resource utilization and control optimization.
5. A common language that puts the executive, security, operation and audit teams on the same page.
6. Improve resource utilization by aligning resources with the appropriate level of risk.
7. Demonstrate compliance to audit and regulatory requirements.
8. Verifiable effectiveness of your IT SRM program and proof that your organization is making continuous improvement.

“Business owners, CISO and IT operations management need better decision support and analysis tools. The SRM Blueprint represents a measurable and continuous best practice to help their organizations understand the contribution and effectiveness of each layer of security. With the SRM Blueprint organizations can transform security from the great unknown to a business enabler that can be measured and improved over time,” said David Batista, president and CEO of Skybox Security.

Availability

Skybox launched today a new consulting service that will assist organizations and government agencies to perform gap analysis of their current SRM program. By doing so, the organization can develop a roadmap for the implementation of SRM best practices based on their priorities.

A free ‘Managers Guide” to the SRM Blueprint is available at www.skyboxsecurity.com

About Skybox Security

Skybox® Security, the leader in the Security Risk Management (SRM) market, pioneered the science of security risk and network policy compliance analytics. The company’s award-winning software product Platform, Skybox View®, is the first decision support solution that automates the manual and ineffecient processes of risk assessment, policy compliance, remediation planning as well as change assurance. With Skybox View organizations can proactively and continuously predict and protect their confidential information, ensure high availability and integrity of critical IT assets, measure progress and reduce IT workload.

The Skybox View Platform consists of two major applications - Skybox Secure™ and Skybox Assure™ - based on a common foundation for virtual modeling and simulation. For the first time organizations can visualize, track over time and audit their security and policy profile. Skybox View’s unique virtual model can be safely attacked, analyzed and changed for the purpose of making better decisions and generating actionable information, in most cases within minutes.

Founded in 2002, Skybox is headquartered in San Jose, California and is privately held. Skybox View is a proven solution successfully deployed at highly respected Global 2000 companies worldwide. For more information contact (408) 441-8060 or www.skyboxsecurity.com.

Contact:
Leslie Kesselring
503-656-2847
Kesselring Communications, LLC
leslie@kesselring.net