The deliverable of the Skybox health check is a report showing current state, optimal state and suggested improvements to cover the areas below.
Our platform assessment service looks at how the operating system and Skybox application are installed, managed, secured and backed up.
Operating system management and platform security
We check the operating systems of Skybox servers and collectors are managed correctly and are up to date. We will also check the security access for the IT staff managing the Skybox servers.
Availability and capacity management
We check the process, technology and people controls related to the monitoring of the availability of your Skybox application. This includes Disk space, CPU usage, memory usage, network capacity and database IOPS for both Skybox servers and collectors, and integration with other key systems (such as DNS, email, Internet access). We will advise the customer of any sizing issues and optimisations.
If Skybox is configured in High-availability state (HA), we also check that its health and recovery process is related to any high-availability issues.
Licence management and monitoring
We will check the number of objects in the model, compared them to purchased licenses, and produce an analysis of optimal licenses needed for the current use cases.
Skybox software updates and upgrades
We assess your processes to keep Skybox applications up to date – both on server and client sides. This includes an assessment of how the company monitors for available Skybox application updates and initiates an update process.
The key areas we check:
Keeping Skybox server(s) and all collectors up to date to minor versions: an SLA should be agreed with respect to versions and speed of updates
Upgrading to new major versions - an SLA should be agreed with respect to versions and speed of upgrades
Upgrading the ISO version of a Skybox appliance (where applicable) - an SLA should be agreed with respect to versions and speed of upgrades
Testing updates and upgrades in a test environment
Backup and restore
We assess your ability to restore Skybox service within acceptable RTO with agreed RPO and accompanied documentation.
Application and Data assessment
This part of the assessment looks at data quality processes in Skybox, model validation, collection tasks and processes to ensure timely resolution of any application and data issues. Where a CMDB is in place, we also assess reconciliation processes between the CMDB and Skybox database.
Skybox network model maintenance
The key success criteria in any Skybox deployment where a network model is licensed (NA and/or VM modules) is a fully network validated Skybox model. We will assess the current network validation status as well as processes pertaining to keeping the model validated. Some aspects we look at:
The “Locations & Networks” structure is correctly representing the client’s current Layer 3 networks
The Skybox model is validated, and the validation progress is measurable
Processes to bring the network model from an invalidated to a validated state
Whether any regular reviews of the network architecture with your network teams have happened to assert that the Skybox network model is accurate
Maintenance of Skybox network maps
A visual representation of the Skybox model using network maps presents an advantageous feature. We will assess the map maintenance process in Skybox.
The key areas we assess are:
The maps are available for users to view
The maps are up to date with the latest network and asset model changes
CMDB imports & correlations
For Skybox to deliver the business value, it needs assets to be enriched with CMDB metadata. As part of this assessment, we review frequency, scope of imports and follow up correlation of CMDB metadata to Skybox.
This includes technology and process review, especially to ensure that the CMDB data is imported correctly and delivers business value.
On-boarding and decommissioning of network devices
The quality of the network model is directly dependent on collections of configurations from all L3 network devices. We will assess your processes to ensure that network devices, that build network model, are properly on/off-boarded. This is especially important for devices being on-boarded, i.e. new L3 devices taken from provision state to production state in CMDB.
Business asset model
Grouping of assets to business asset groups allows for multiple viewpoints on the vulnerability data, aiding stakeholder reporting. We will assess your Business Asset Grouping structure and associated processes to keep the structure up to date and relevant.
Firewall and Network Assurance policies management
Where FA and NA licenses have been purchased, we will assess policies and zones, as well as associated processes to keep these up to date.
The policies are of type:
Access policy – Zone From-To policy, typically used for zone-to-zone access rules. Access policy requires zones assigned to interfaces on firewalls
Rules policy – zone agnostic rules related to firewall rules
Configuration policy – configuration security hardening of firewalls & routers
Management of Skybox tasks
As part of this assessment, we will review processes to ensure tasks are maintained and monitored correctly, as well as current setup of tasks and tasks sequences. The process review will cover:
Adding new import and collection tasks
Changing existing tasks
Modifying tasks sequences and schedules
Removing jobs no longer needed
All tasks are running as per agreed plan without errors
Changes to tasks are made within the agreed SLA
Skybox User, Roles and Access rights management
Usually, Skybox is setup and configured as part of the project phase, and this includes the right access roles and users. Our review will ensure that organisational changes are correctly reflected in the Skybox user access control design.
Skybox usage Processes Assessment
This area of the assessment looks at how the Skybox analysis results, reports and metrics are used in your organisation to drive the company’s cyber security and other processes.
The key areas included in our assessment are:
Reports created and their distribution
User satisfaction with the reports content, usefulness, and format
Integration with other cyber security and IT tools
Any metrics related to key Skybox capabilities, such as vulnerability management and network assurance
Perceived and potential (gap) value of Skybox
People engagement and knowledge assessment
The planned value of the investment in Skybox is only going to be delivered if the people using it, and its results, are engaged and trained.
In our 360 Assessment, we will interview key stakeholders to obtain their feedback and assess their level of knowledge of the Skybox software, its reports and any reliance on the Skybox analysis.