Research Lab

SKYBOX SECURITY RESEARCH LAB

Technology Brief

From targeted, highly sophisticated attacks to distributed cybercrime– as–a–service, the tools used to carry out cyberattacks change constantly. In malware alone, tens of thousands of variants emerge each year, making it difficult for traditional anti-virus solutions to recognize each strain. But rather than chasing each variant, Skybox takes a fundamental approach to proactively combat cyberthreats, cutting off attacks at the source — prioritizing exploitable vulnerabilities for immediate remediation. Using this threat–centric approach to vulnerability management, even if an attacker is able to infiltrate an organization’s network, the vulnerabilities they looked to exploit would already be neutralized.

The Skybox® Research Lab is the force behind this threat–centric vulnerability intelligence. The team of security analysts scours data from dozens of security data sources and investigates sites in the dark web. The result is the most accurate vulnerability assessments based on Skybox–certified intelligence of the current threat landscape — delivered to you daily.

The work of the Skybox Research Lab tracks tens of thousands of vulnerabilities on more than 8,000 products including:

• Server and desktop operating systems

• Business and desktop applications

• Networking and security technologies

• Developer tools

• Internet and mobile applications

• IoT devices

• Industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices

Total visibility. Focused Protection.™ Research Lab | Technology Brief

KEY FEATURES While many tasks of the Research Lab are automated, the human element is key. Security analysts validate and enhance data through manual • Aggregated intelligence analysis, bringing their knowledge of attack trends, cyber events and from dozens of security tactics, techniques and procedures of today’s cyberattackers. Their data feeds and sources, ongoing investigations determine what vulnerabilities are being exploited both public and private in the wild and packaged in distributed crimeware such as ransom- ware, malware, exploit kits and other attacks exploiting server–side • Research of exploits vulnerabilities. available on the dark web The threat–centric vulnerability intelligence provided by the Research Lab • Certified threat plays a crucial role in several Skybox products, features and intelligence from the team services including: of Skybox analysts • Skybox® Vulnerability Control

• Skybox® Horizon

• Skybox® Vulnerability Detector

• Skybox® Intelligence Feed

• Skybox® Vulnerability Center

• Configuration checks inSkybox ® Firewall Assurance and Skybox® Network Assurance

Skybox Security Research Lab Intelligence Sources

Adobe, Apple, Cisco PSIRT, Microsoft, Oracle, Red ADVISORIES Hat, Siemens

BeyondTrust Retina*, McAfee Foundstone, Qualys SCANNERS Cloud Platform, Rapid7 Nexpose, Tenable Nessus

THREAT AlienVault OTX**, Exploit–DB, IBM X–Force INTELLIGENCE Exchange**, Symantec A–Z**

Cisco Sourcefire, Fortinet FortiGuard, HP IPS TippingPoint, McAfee IPS, Palo Alto Networks

CERT, ICS–CERT**, Flexera Secunia**, MITRE CVE, NIST’s NVD, Rapid7 Metasploit**, Symantec OTHER SOURCES SecurityFocus, Zero–day vulnerabilities for published incidents**, Symantec SecurityFocus, zero–day vulnerabilities for published incidents**

*Scanners supported as cross–references with CVE ID **Supplementary information only, no cross–reference support

2 Research Lab | Technology Brief

The Skybox® Security Suite correlates Research Lab intelligence with information gathered from your environment, such as asset exposure and criticality. With insight to how the current threat landscape impacts your organization, Skybox can quickly prioritize your most imminent threats in need of immediate remediation and monitor gradual risk reduction to ensure potential threats don’t escalate. Threat–centric intelligence from the Skybox Research Lab gives you an invaluable resource to take a sys- tematic, targeted approach to fight threats, improve vulnerability management and continuously reduce your attack surface.

About Skybox Security

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations. www.skyboxsecurity.com | [email protected] | +1 408 441 8060 Copyright © 2018 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 01252019