One of the very interesting use cases of Skybox Security modules - specifically Firewall Assurance and Network Assurance - is an ability to detect vulnerability simply by analysing collected configuration files.
In the recent article on Skybox Security blog page, Marina Kidron, a director of threat intelligence and leader of the Skybox Research Lab, explained how customers get benefit of early detection of critical Cisco vulnerabilities.
“The difficulty with the vulnerabilities on network devices is that such devices are made to resist reconnaissance activity as a safeguard against attackers attempting to probe the device. Unfortunately, active vulnerability scans are viewed as reconnaissance, and the device doesn’t give up any information as to the vulnerabilities it may host” — Marina Kidron
In our experience, the roll-out of Skybox Security Firewall and Network Assurance modules greatly improves not only visibility of the network design, compliance with security policies, but also risks associated with unpatched network devices. As it is not uncommon for organisations to run unpatched network devices and firewalls, the focus of operations security managers should be offloading vulnerability management of network devices to their owners - managers of network teams.
The best way, in our opinion, is to provide access for network teams to Skybox so they see discovered vulnerabilities and can schedule security fixes appropriately.
Contact us to find our more on how Skybox and Foresight Cyber can help your organization improve network security.