For Immediate Release

SKYBOX SECURITY INTRODUCES FIRST SECURITY RISK MANAGEMENT (SRM) Platform TO AUTOMATE RISK ASSESSMENT, NETWORK POLICY COMPLIANCE, FIREWALL AUDIT AND CHANGE ASSURANCE PROCESSES

Delivers Third-Generation Release of Award-Winning Skybox View 3.0

SAN JOSE, CA – July 25, 2006 – Skybox® Security, Inc., the leader in Security Risk Management (SRM), today launched the third-generation release of its award-winning Skybox View® Platform. For the first time, security and IT operations teams can use a common platform to automate the previously disparate and manual processes associated with: risk exposure assessment, network policy compliance, firewall configuration audit, and change assurance. With Skybox View 3.0, IT managers can: make better security and network configuration decisions; automate labor-intensive processes; uncover policy violations; optimize network controls; and invest in the right areas.

As the first deliverable of the company’s SRM Blueprint™ (see today’s related announcement at www.skyboxsecurity.com), Skybox View 3.0 is designed to help organizations save millions annually as the result of more efficient IT risk management practices. By deploying Skybox View 3.0 security risk is reduced, IT workload is reduced and management gains unprecedented visibility into their organization’s risk and policy compliance profile. Skybox View is uniquely positioned because it does not displace any current security or networking technology. It helps organizations accurately measure the relative strengths and weaknesses of each layer of security and which policy violations need attention.
“Companies need a mature set of capabilities to improve the complex and tedious processes of firewall and network policy compliance auditing in context of their risk profile. Unfortunately, most of this information today is contained in disparate silos. Companies should look for products, such as Skybox View, that have the ability to normalize this information and provide impact analysis on these silos of security. With control and policy information added, organizations can realize true cost savings,” said Jerald Murphy, COO and director of research operations of The Robert Frances Group.

“Executives, auditors as well as information security and operations management need better decision support and analysis tools associated with IT security risk, policy compliance and control exposures. Skybox View 3.0 represents a measurable and continuous approach to help organizations understand the real risks they face as well as save significant dollars through automating and optimizing their IT best practices,” said David Batista, president and CEO of Skybox Security.

New Skybox View 3.0 Features and Benefits

Automated Firewall Audit. Existing processes to audit a firewall are manual and labor-intensive and can take from days to even weeks to complete. Skybox View 3.0 automates the process of auditing a firewall to just minutes by quickly mapping firewall configurations to industry or internal best practices. Skybox View 3.0 documents the audit results, provides compliance metrics and highlights the rules that are causing out-of-compliance violations.

Network Policy Compliance. Compliance with hundreds and thousands of network availability and security rules is challenging as most organizations are on a constant treadmill of configuration changes. Every firewall or router configuration change has to be validated due to risk to the availability of critical network services, introduction of new security holes, and regulatory requirements for change impact analysis. Skybox View 3.0 can automatically, continuously and non-intrusively audit thousands of network devices against defined policies in minutes compared to months with any other alternative.

Regulatory Compliance Reporting. Skybox View 3.0 provides a range of risk assessment report templates including FISMA FIPS 200 and NIST 800-53, ISO 17799 and others in order to automate regulatory compliance with risk management reporting requirements.

Intrusion Prevention System (IPS) Modeling. This feature improves the effectiveness and validates the value of deployed or planned IPS devices to the business. Most IPS systems are deployed without enabling the prevention mode because it is difficult to ascertain if they are located in the right area, if they are configured properly and what is the appropriate blocking mechanism to use. Skybox View 3.0 provides detailed analytics that address all three of these barriers (see today’s related Internet Security Systems’ announcement at www.skyboxsecurity.com).

Application and Database Vulnerability Scanning Support. In addition to supporting all network vulnerability scanning solutions, Skybox View 3.0 has been enhanced to support scanning results from application as well as database scanners. As a result, a single, centralized and normalized view of all vulnerabilities can be established upon which sophisticated impact and vulnerability prioritization analysis can be performed (see today’s related Application Security announcement at www.skyboxsecurity.com).

Zero-Day Worm Attack Simulation. This feature helps an organization understand the potential spread and corresponding damage of a worm attack. This can be done without disruption to the live network since the simulation is done within a virtual model. Skybox View can also simulate zero-day worms, where only partial knowledge may be available about the concrete characteristics of the worm prior to the attack or when the attack begins.

Modular and Scalable Architecture. Skybox View 3.0 is the only SRM solution with a modular and scalable architecture that can serve very large enterprises or government agencies with 100,000’s of nodes, mid-size organizations, and auditors or consultants on a project basis. Unlike other SRM solutions in the market, deployment time can take as little as minutes or a few hours. Organizations who deploy Skybox View 3.0 can start small yet still gain immediate and significant value. Automating the firewall audit process only takes a few minutes to install and set up in order to produce a complete firewall audit report. As the organization adds more data to the product’s analytics capability, additional value can be realized.

Availability

Skybox View 3.0 is available immediately.

About Skybox Security

Skybox® Security, the leader in the Security Risk Management (SRM) market, pioneered the science of security risk and network policy compliance analytics. The company’s award-winning software product Platform, Skybox View®, is the first decision support solution that automates the manual and ineffecient processes of risk assessment, policy compliance, remediation planning as well as change assurance. With Skybox View organizations can proactively and continuously predict and protect their confidential information, ensure high availability and integrity of critical IT assets, measure progress and reduce IT workload.

The Skybox View Platform consists of two major applications - Skybox Secure™ and Skybox Assure™ - based on a common foundation for virtual modeling and simulation. For the first time organizations can visualize, track over time and audit their security and policy profile. Skybox View’s unique virtual model can be safely attacked, analyzed and changed for the purpose of making better decisions and generating actionable information, in most cases within minutes.

Founded in 2002, Skybox is headquartered in San Jose, California and is privately held. Skybox View is a proven solution successfully deployed at highly respected Global 2000 companies worldwide. For more information contact (408) 441-8060 or www.skyboxsecurity.com.

Contact:
Leslie Kesselring
503-656-2847
Kesselring Communications, LLC
leslie@kesselring.net