Vulnerability Management News & Trends Blog

June 15, 2017
The clock is ticking—don't get caught out
June 14, 2017
Another Microsoft Patch Tuesday party yesterday, fixing lots of vulnerabilities that have been exploited in the wild — with some really stellar exploit names
May 24, 2017
It’s been two weeks since the WannaCry ransomware attack — ages in cyber time — and new threats seem to be brewing. But there’s still lessons to be learned and action to be taken against this type of threat.
May 15, 2017
In 2017, the Skybox Security Research Lab predicted a new business model, distributed cybercrime, would result in a global malware outbreak. WannaCry was an example of such an outbreak.
May 9, 2017
A zero–day RCE vulnerability affecting many Windows OS products has been referred to as “the worst Windows remote code exec in recent memory”
April 12, 2017
Why malware targeting DVRs should be a concern for enterprises
March 14, 2017
New exploit kit, same old vulnerabilities
March 6, 2017
How did we get to a point where ransomware could force a major hospital to operate entirely on paper or a major city to provide public transit rides for free? The answer: lots and lots of easy money. 
February 23, 2017
Microsoft cancelled February’s Patch Tuesday, leaving two zero-days without a fix
February 22, 2017
It may only be a POC, but LogicLocker is teaching a valuable lesson on the risks distributed cybercrime pose to critical infrastructure
February 2, 2017
Shamoon is back in the Middle East, but what lessons were learned from it's last attack? Here's 5 steps to recover from a data breach learned the hard way after the 2012 attack on Aramco.
January 26, 2017
Petrochemical Company Sadara has reportedly already been affected by the advanced, multi-step attack. Learn how Skybox can help.
January 23, 2017
Cybersecurity can’t sit still. As we look ahead to what this year has in store for the security management landscape, organizations globally should be paying attention to five key trends.
December 16, 2016
A four-part framework for critical infrastructure organizations looking to overcome the skills gap and create a strong cybersecurity workforce
December 5, 2016
As Indian banks cope with the increased volumes of electronic transactions, cybercriminals may use the chaos to their benefit, potentially putting banks at increased risk of cyberattacks
November 21, 2016
New visual dashboards in Skybox Horizon show attack surface history and trend data to understand impact of risk-fighting efforts
November 14, 2016
Modeling, access simulation and vulnerability analysis capabilities bring enhanced visibility to SCADA and ICS networks to maintain uptime and avoid disruption while unifying IT and OT security processes
October 31, 2016
National Cybersecurity Awareness Month is pushing for employees from the break room to the board room help keep their organization secure. See how and why the C-suite is committing like never before.
October 19, 2016
Angler, Nuclear and Neutrino are dead – long live RIG! 
October 14, 2016
Read the article by Skybox VP of Products to learn how model-driven visibility can help network security teams unify policies, verify access and discover vulnerabilities across hybrid IT environments.
October 12, 2016
Three tips for the cybersecurity industry looking to attract more women to the profession and close the million-man-wide skills gap
September 28, 2016
Skybox VP of Worldwide Marketing sits down with Dark Reading to discuss new developments in the Skybox Security Suite, including visibility and analysis of virtualized networks.
September 20, 2016
Skybox VP of Worldwide Marketing sits down with Dark Reading to discuss new developments in the Skybox Security Suite, including visibility and analysis of virtualized networks.
September 15, 2016
Skybox customer and partner British Telecom approaches cybersecurity from the perspective of a security ecosystem. But what is it? And why is it so crucial to today’s cybersecurity management?
September 13, 2016
Microsoft and Adobe release their Patch Tuesday security updates for September 2016. See what's behind the worst vulnerabilities (hint: it's memory corruption).
September 1, 2016
Cyber events of recent weeks have made governments, network security vendors and just about everyone else feel the heat of advanced persistent threats.
August 22, 2016
Organizations everywhere are in a race to find how the newly disclosed Cisco and Fortinet zero-day vulnerabilities impact their network. See how total visibility, scanless vulnerability detection and consolidated vulnerability intelligence from Skybox can help.
August 16, 2016
Michelle Johnson Cobb sits down with Security Guy Radio at Black Hat 2016 to discuss how modeling, simulation and analytics are helping security teams prioritize IT risk, communicate more effectively and improve security operation processes
August 4, 2016
With new interoperability with VMware NSX, Skybox is bringing its network modeling, access analysis and vulnerability detection to virtual networks.
July 14, 2016
Going back in The Skybox View vault, we came upon a post that's as true today as it was more than a year ago – an eternity in cybersecurity years. Learn the difference between network mapping and network modeling what kind of contextual intelligence a modeling platform brings.
June 27, 2016
The Ponemon 2016 Cost of Data Breach study contains some interesting (read: scary!) insight on how much the average data breach costs. You have 4 million reasons to read on.
June 22, 2016
SC Magazine interviews Skybox CEO and Founder Gidi Cohen on the new approach Skybox has defined to visualize, understand and reduce the attack surface.
June 20, 2016
The era of silver bullet point solutions has created major problems for cybersecurity management, from operations to intelligence and response. Skybox Security EMEA VP Justin Coker looks at how integrated security analytics are taking up the challenge.
June 15, 2016
Skybox announces SDN modeling capabilities and support for VMware vSphere, Huawei routers and Trend Micro's Deep Security in our latest version
June 14, 2016
Microsoft fixes 40 CVEs in their June security update, but an Adobe Flash Player vulnerability with no patch available is what you should worry about.
June 2, 2016
By gaining visibility to Indicators of Exposure, enterprises can shrink the attack surface and more effectively contain incidents
May 11, 2016
Microsoft and Adobe release Patch Tuesday fixes for a host of products and beware of ImageTragick
May 5, 2016
Seeing your attack surface in its entirety will help prevent data breaches, respond faster to threats and attacks and improve security management to reduce risk.
April 26, 2016
See the challenges to creating a picture of your entire attack surface and the consequences if you don’t.
April 14, 2016
Nothing goes better with the latest spring fashions like a brand new version of Skybox. New look and features that are sure to please this season.
April 12, 2016
April’s security update sees six critical bulletins, including fixes for vulnerabilities exploited in the wild.
March 31, 2016
Take your security program from reactionary to strategic with visual intelligence of your IT infrastructure and how it’s vulnerable to attack.
March 23, 2016
See how Skybox SOAR-style technologies help create agile and holistic security programs through analytics, automation, reporting and workflow management.
March 21, 2016
Skybox demonstrated how newly released Skybox Horizon can be used for on-demand network and risk visualization at AFS Congress 2016.
March 9, 2016
In the face of increasing network complexity, advanced threat and a shortage in skills and resources, analytic intelligence and visualization are the key to successful security management.
March 4, 2016
Our thoughts on the 2016 RSA Conference from an attendee and exhibitor perspective
February 29, 2016
See all Skybox has going at RSA 2016, including the release of an industry-first attack surface visualization solution – Skybox Horizon.
February 18, 2016
Hollywood Presbyterian pays $17K to cybercriminals after crypto-ransomware locks employees out of network. Joins a string of businesses who find themselves cyber hostages and have paid the price.
February 12, 2016
Skybox partner BT Security challenges cybersecurity leaders to prove how they’re helping create an industry where cooperation between security controls, intelligence and people is the new standard.
February 2, 2016
Listen to Skybox founder and CEO Gidi Cohen on the company’s recent growth equity investment and what it means for Skybox, its customers and the security analytics market.
January 13, 2016
Microsoft releases their first Patch Tuesday security updates in 2016 and discontinues support of IE8 - 10, Windows 8.0.
December 8, 2015
Microsoft says bon voyage to 2015 with December's Patch Tuesday, setting a new record for most annual security bulletins.
December 7, 2015
Your attack surface is a constantly evolving beast. Here are five tips to help your IT security team manage it and keep it from becoming a violent, 800lb. gorilla.
November 19, 2015
Major banking institutions in the US and UK are engaging in a war game to test the resilience of their critical network infrastructure against cyber attacks.
November 5, 2015
Four arrested in connection with the TalkTalk data breach all 20 and under. What the attackers’ ages says about TalkTalk’s security and how the Library of Congress is getting hip to the times.
October 22, 2015
Security updates from Apple and Oracle include fixes for 260 vulnerabilities, and Apple goes head to head with the DOJ over privacy issues.
October 20, 2015
October marks the twelfth anniversary of Microsoft monthly security updates and gives the gift of six security bulletins.
October 14, 2015
October marks the twelfth anniversary of Microsoft monthly security updates and gives the gift of six security bulletins.
October 6, 2015
New features increase visibility for end-to-end access routes on specific firewalls, expand support for Cisco firewalls, improve change management integration, and more
October 1, 2015
Skybox’s latest version simulates network security changes and streamlines firewall rule lifecycle management, so security teams can meet business demand needs quickly and securely.
September 10, 2015
Whether you view Kristian Hermansen, Luca Todesco, or the Miller/Valasek duo as rebels or heroes, their message is clear: respect the researcher.
September 8, 2015
Microsoft’s September 2015 Patch Tuesday includes five critical fixes, patching some vulnerabilities being actively exploited in the wild.
September 2, 2015
CISOs have longed for the illusive silver bullet of one-click cyber security. It’s time to put that notion to rest and start combining controls already in place for strategic security management.
August 27, 2015
The ruling in FTC v. Wyndham gives the Federal Trade Commission power to regulate how companies protect customer data and punish offenders. We look at what Wyndham could have done differently.
August 24, 2015
Check out the latest version’s new features like rule recertification policy for firewall management, enhanced change management firewall identification, vulnerability detection for Red Hat Satellite, and increased support for Amazon Web Services
August 21, 2015
What do the DOJ, Apple, and Oracle have in common? Confusion over what to do with independent security researchers.
August 18, 2015
A critical Internet Explorer vulnerability has caused Microsoft to release an emergency patch just one week after August’s Patch Tuesday
August 18, 2015
Christina Kubecka’s Black Hat briefing on recovering from the Aramco cyber attack lays out a playbook for post-attack recovery and adaptive security teams.
August 12, 2015
Microsoft isn’t through with Patch Tuesday yet, releasing fixes for Internet Explorer, Edge, and Office as well as the new Windows 10 OS in their standard monthly update.
August 11, 2015
Visual models combining data science and machine learning are the future for rapid-response cyber security.
August 6, 2015
The latest version of the Common Vulnerability Scoring System changes some metric value and vector names, but the real problem lies in vendors' limited adoption of the system
July 28, 2015
Adobe leads the pack of top 10 most vulnerable vendors with 142 critical vulnerabilities already reported in 2015.
July 27, 2015
The wireless hack of a Jeep Cherokee shows the gaping holes in automotive digital security and how our love for the Internet of Things really could hurt us.
July 22, 2015
Oracle and Apache release security updates, addressing … Oh who are we kidding, let’s dish about Ashley Madison.
July 15, 2015
Adobe patches Hacking Team-leaked zero-day vulnerabilities amid calls to kill off Flash Player.
July 15, 2015
Fixes to vulnerabilities leaked in the Hacking Team data breach and a slew of RCE flaws all rolled into the bon voyage of July’s Patch Tuesday.
July 13, 2015
Learn how Skybox Access Analyzer improves network security and vulnerability management processes, from virtual pen testing to secure firewall change management.
July 8, 2015
Think like a hacker. Simulating attacks helps you determine risk in the context of your network and improve ways to neutralize it.
June 30, 2015
Data breaches abound. The healthcare industry has been the go-to choice for hackers due to poor security practices, vulnerable medical devices, and the lucrative credentials in patient records.
June 30, 2015
Network modeling pulls even the most segmented environments into one view and provides an interactive space to test proposed changes, simulate attacks, and more
June 19, 2015
Accusations fly at China, but basic weaknesses in OPM security practices and shortcomings of DHS’s Einstein hold most of the blame for recent breach
June 10, 2015
As Windows 10 July release spells the end for Microsoft’s monthly security update, June's Patch Tuesday takes it easy on security teams
June 9, 2015
Skybox joins the IT security community in Rome for the 2015 Security Summit
June 2, 2015
SecureData discusses the steps to achieve complete security processes including early threat detection, real-time assessment, automation, and rapid response
June 1, 2015
Skybox is proud to have our customer Capita present their user experience with our firewall and change management solutions at Infosecurity Europe 2015
June 1, 2015
See all Skybox has planned for Infosecurity Europe 2015, from tech talks to customer stories, partner activities to awesome giveaways. Find out what’s in store.
May 21, 2015
Google pays out to bug bounty program, fixes flaws including sandbox escapes, and releases new CSP to auto-upgrade to HTTPS with Chrome 43
May 19, 2015
Skybox’s Enterprise Vulnerability Management Trends Report reveals dissatisfaction among IT professionals working with informal or no vulnerability management policy
May 18, 2015
See what’s new from Skybox in our latest release of Skybox 7.5.200, including improvements from vulnerability and threat management to firewall and change management.
May 13, 2015
Microsoft, Adobe, and Mozilla drop substantial security advisories, but with the imminent release of Windows 10, this may be the final chapter of the monthly Microsoft update saga
May 5, 2015
Skybox has released the findings of a global survey of IT security practitioners revealing dissatisfaction with vulnerability management programs among executives and organizations without formal policies
April 28, 2015
Check out Skybox at Check Point Software Technologies’ 2015 European Conference in Amsterdam for the latest in firewall management security and automated change management workflows
April 27, 2015
Oracle drops their quarterly security advisory with updates to just about everything and fixes for more than 100 vulnerabilities, including those enabling FREAK attacks
April 17, 2015
Check out Skybox at RSA to understand how you can shrink your attack surface. We’ll have live demos and tech talks, giveaways, and more at booth 1021.
April 15, 2015
Microsoft releases 11 bulletins with some critical fixes. Patches for zero-day vulnerabilities and in-the-wild exploits also included.
April 15, 2015
Connecting the dots from information security’s gender gap to its lack of collaborative, communicative, and collective intelligence skills
March 31, 2015
2015’S RSA Conference sets a precedent in IT security tradeshows as new attire guidelines ban the “booth babe.”
March 30, 2015
Cisco releases patches to fix 16 vulnerabilities affecting IOS software
March 20, 2015
Learn how Skybox’s vulnerability and threat management solutions not only help keep the network safe, but teams working better.
March 17, 2015
Learn how Skybox automates and simplifies the firewall change management process in these videos.
March 13, 2015
What spring line would be complete without the latest in vulnerability assessment, firewall management, and security policy compliance?
March 10, 2015
What spring line would be complete without the latest in vulnerability assessment, firewall management, and security policy compliance?
March 9, 2015
We take a look at the added enhancements introduced in Skybox 7.0 just one year ago
March 4, 2015
SC Magazine has awarded the Skybox Enterprise Suite 5/5 stars for its vulnerability assessment capabilities
March 2, 2015
Check out this short video of how the Skybox Suite provides panoramic network security to keep even the largest networks ahead of attacks and in compliance
February 27, 2015
Check out this short video of how the Skybox Suite provides panoramic network security to keep even the largest networks ahead of attacks and in compliance
February 25, 2015
Check out this short video of how the Skybox Suite provides panoramic network security to keep even the largest networks ahead of attacks and in compliance
February 20, 2015
Network mapping is often compared to network modeling, but really there’s no comparison
February 17, 2015
The Anthem data breach has got us in healthcare state of mind. Here’s 5 tips to help keep your network healthy.
February 12, 2015
If last month’s Patch Tuesday made you miss the familiar site of IE fixes, don’t worry—February’s chuck full of them
February 10, 2015
We round up last year’s most vulnerable vendors in our top 10 list. See who made the cut. (Hint: you may need to update Adobe Reader to view this article)
January 29, 2015
$18bn in Q1 profits, $142bn in cash, and by the way, the patch is out to fix that gaping hole in your Mac security called Thurderstrike
January 28, 2015
Apparently Henry Ford already figured out streamlining complex processes. Go figure.
January 26, 2015
Oracle starts 2015 off with a bang remediating nearly 200 vulnerabilities
January 20, 2015
Our take on the latest hacker film and what it says about the cyberworld we live in today
January 14, 2015
First Patch Tuesday of the new year may contain more drama than fixes
December 22, 2014
In our second podcast on Skybox Change Manager, we answer the product FAQs tech professionals need to know
December 18, 2014
Sure, you’ve quashed the release of a $42 million Hollywood film, but what about that target on your back?
December 16, 2014
Change management is not fun. Senior Product Marketing Manager Mike Bruchanski explains how Skybox makes it less not-fun through automation, analytics, and tracking in the inaugural Skybox podcast.
December 10, 2014
December’s cadre of seven bulletins from Microsoft include five that involve remote execution of some sort. 
December 3, 2014
Simulate attacks on your network, so you can find your weaknesses before the bad guys do. Watch the video.
December 1, 2014
Is firewall change management a tedious, time-consuming process riddled with spreadsheets and re-work? Check out Skybox Security’s automated access path analysis software.
November 20, 2014
Find out how biloulehibou, cloudfuzzer, and Cheng Zhang are saving the Chrome universe from cyber threats
November 19, 2014
An out-of-band Microsoft patch has our Sr. Product Manager talking about three-headed dogs and Oompa Loompas. Read all about it on the Skybox Blog.
November 19, 2014
Stay up to date on the latest vulnerability news, just the way you like it. Skybox Vulnerability Center now offers custom watch lists for your favorite vendors or products and new alerts.
November 18, 2014
Here at Skybox’s headquarters in San Jose, the trees are shedding their leaves, days are getting shorter, and the weather is turning cooler. What a perfect time to enjoy a piping-hot new version of Skybox. The following features can be found in version 7.0.600, available now!

New how-to video on scanless vulnerability assessment now available

November 17, 2014
See Skybox Vulnerability Control in action in this new how-to demo on scanless vulnerability assessment, including how to find vulnerabilities that scanners and patch management systems may miss.
November 12, 2014
Microsoft serves up a Thanksgiving-sized Patch Tuesday this November. Check out what’s on the menu this month! 
October 16, 2014
Every few months, when the planets align just right, three of the most vulnerable vendors in the industry simultaneously release patches. And this is one of those magical weeks. 
October 7, 2014
Just in time for fall, Skybox is excited to announce the latest version of our award-winning security software is now available in pumpkin spice! Not really.  The following actual features can be found in version 7.0.500, available now.
September 30, 2014
If your risk analysis solution relies only on the NVD for vulnerability data, you won’t have a complete picture.
September 25, 2014Cisco September semi-annual security advisory addresses denial-of-service vulnerabilities – use to learn more about these Cisco vulnerabilities, including affected products, solutions, external resources and access to KB.
September Brings a Subdued Patch Tuesday
September 10, 2014
Subdued September ... Patch Tuesday is light compared to previous months. And a look at Google Chrome 37 vulnerabilities. Get the latest on the CVEs and solutions in the Skybox Vulnerability Center.
Beating a Dead Horse Named Heartbleed
August 13, 2014
It’s been about four months since the collective uproar over Heartbleed. Now that the dust has settled, somewhat, is Heartbleed actually that big of a deal? Well, that depends….
August’s Patch Tuesday Yields Two Critical Bulletins
August 12, 2014
August’s batch of bulletins from Redmond contains nine updates, two of them critical.
Oracle July 2014 Critical Patch Update and Follow-up on the Most Vulnerable Vendors
July 22, 2014
Oracle released their quarterly patch updates last week, fixing a whopping 113 vulnerabilities.

10 Most Vulnerable Vendors: Microsoft and Mozilla in the Crosshairs
July 15, 2014
Find out who were the most vulnerable vendors in the first half of 2014.

July’s Patch Tuesday brings yet another Internet Explorer fix
July 9, 2014
This Patch Tuesday contains a fix for all versions of Internet Explorer.
June 26, 2014
The Skybox Risk Analytics Platform just keeps getting better. We are happy to announce version 7.0.300 with the latest updates detailed below. Update your version today to take full advantage of these new features!
Is there a most secure web browser?
June 24, 2014
The Skybox Research Lab investigates web browser vulnerabilities and metrics to measure browser security.

Under the Hood with Vulnerability Detector
June 19, 2014
Under the hood of Skybox Vulnerability Detector … take a peek at how Skybox enables daily vulnerability assessment.

“Detect Vulnerabilities 50x Faster”… Say What?! Skybox is spilling secrets … learn more.
June 12, 2014
June Patch Tuesday brings a festival of browser updates and includes and covers an inordinate amount of Internet Explorer versions.
Will Microsoft Announce Pwn2Own 2014 Fixes Next Week?
June 4, 2014
Google, Mozilla, Apple and Adobe have all addressed vulnerabilities exploited during the Pwn2Own 2014 hacking contest, but still nothing from Microsite. Will a fix be announced in the June Patch Tuesday?
June 3, 2014
Feeling outmatched against aggressive attackers? Security managers can take a cue from the pangolin.
May 13, 2014
What’s missing from the 2014 May Patch Tuesday bulletin? Skybox analyzes the bulletins.
What's New in Skybox Version 7.0.200
May 5, 2014
Our developers at Skybox have been feverishly adding new features to the Skybox product portfolio and expanding our industry leading device support.
Finding Risk-Causing Vulnerabiilties and Remediating Them As Fast As Possible
Friday, May 2, 2014
Vulnerability management regulations were established to ensure that risk-causing vulnerabilities live an organization's environment for the shortest amount of time possible. Is that how it works in your organizations?
Assessing, Prioritizing and Remediating Java Exploits
Tuesday, April 22, 2014
How do you know if you have an embedded Java code in your business application, device, server, or elsewhere on your network? Best practices for quickly finding, prioritizing and remediating Java exploits.
Second Quarter 2014 Patch from Oracle Covers a Multitude of Products
Tuesday, April 22, 2014
Oracle published a total of 104 vulnerabilities affecting many products including Oracle database, MySQL, Solaris OS and many other important business applications.
Follow Heartbleed Bug on Skybox Vulnerability Center
Tuesday, April 15, 2014
The Skybox Vulnerability Center makes it easy to keep up with enterprise vendors who are vulnerable to the Heartbleed Bug.
Using Skybox to Help Find the ‘Heartbleed’ OpenSSL Vulnerability
Wednesday, April 9, 2014
OpenSSL is a common toolkit that may exists on many different assets, but Skybox Security customers can easily identify assets that could be compromised by this vulnerability. Learn how.
The End's Not Near, It's Here: Goodbye XP
Tuesday, April 8, 2014
This Patch Tuesday we say goodbye to our old friend Windows XP with a look back at its vulnerability history, and ponder what's to come in 2014
Microsoft Discloses Zero-Day Vulnerability: But your organization doesn't use Word or Outlook so you are probably fine
Tuesday, March 25, 2014
Microsoft discloses Zero-day vulnerability … but it's only a problem for those using Word or Outlook
Vulnerability Madness: What your college basketball bracket can teach you about vulnerability management
Monday, March 24, 2014
Everyone has a strategy on how to pick a winning NCAA tourney bracket, but as Stanford showed us on Sunday, using the conference seeds is not a slam dunk. Likewise, creating a vulnerability remediation strategy around CVSS severity ranking can also lead you astray.
In the Eye of the Cyber Storm Introducing the Skybox Vulnerability Index
Thursday, March 13, 2014
IT professionals can use the intelligence from Skybox Vulnerability Index to adapt security management processes to make headway in the fight against data breaches, cyber crime and cyber attacks
The Incredible, Expanding, Attack Surface!
Wednesday, March 12, 2014
When you remediate vulnerabilities or consolidate parts of the network, your attack surface diminishes, and so does your risk.
March Patch Tuesday Digest Includes First 2014 Vulnerability for Silverlight
Tuesday, March 11, 2014
It’s Patch Tuesday again, with Microsoft announcing two critical, and three important bulletins affecting Internet Explorer, multiple Windows platforms, and Microsoft Silverlight.
Skybox Security Earns Top 5-Star Rating in SC Magazine Vulnerability Assessment Review
Wednesday, February 26, 2014
Early this month, SC Magazine released a review of penetration and vulnerability assessment products, giving Skybox Risk Control its top 5-star rating. This was Skybox’s first submission to SC Magazine’s vulnerability assessment product test group, and earning the top 5-star rating validates our next-generation approach to vulnerability management. We are honored to be so highly recognized by this industry-leading publication.
The Skybox Science Behind Splitting CVE Vulnerabilities
Tuesday, February 18, 2014
The Skybox Vulnerability Database is the most comprehensive database because it contains more specific information on vulnerabilities than any other single source.
Patch Tuesday: Critical Windows Fixes; No XP Updates with EOS Quickly Approaching
Tuesday, February 11, 2014
Microsoft released its second Patch Tuesday of the year today featuring five bulletins – four of which Microsoft ranked as critical, its highest severity ranking. The critical patches address flaws that could give a hacker remote code execution capabilities in Windows 7, 8 and RT desktops, Windows Server 2008 and 2012 as well as Microsoft Forefront Protection 2010 for Exchange Server.
Content and Methodology Behind Skybox Vulnerability Research
Thursday, February 6, 2014
It seems that this week’s blog post on the 10 Most Vulnerable Vendors led to some questions about the Skybox Vulnerability Database. Here is some additional information about our database, with details about our content and methodology provided by the manager of our Skybox Research Labs team.
2013’s Top 10 Most Vulnerable Vendors
Sunday, February 2, 2014
As a follow up to last week’s blog on 2013’s vulnerability trends, we took a look at the Skybox vulnerability database to choose 2013’s top ten most vulnerable vendors. The figures are based on the number of distinct Skybox Security vulnerability catalog IDs, which map to individual CVE records.
Vulnerability Trends – 2013 Key Findings
Tuesday, January 21, 2014
Here is a look back at some vulnerability trends culled from our 2013 data.  Consider how these trends might impact your vulnerability management strategy and processes for 2014.
Super Patch Tuesday with Releases from Oracle and Adobe alongside Microsoft
Monday, January 13, 2014
With today’s patch updates, Skybox Security customers experience additional advantages with the ability to check and confirm which vulnerabilities are critical in their network to help quickly prioritize their patch management efforts.
Not All Vulnerability Research is Alike
Friday, January 10, 2014
Not all research is alike, and when it comes to enterprise vulnerabilities, big data analytics that examine large amounts of disparate data is critical to uncover hidden patterns and correlations and to ensure an accurate global view. As a result, the Skybox Research Lab provides one of the most advanced vulnerability databases in the industry.
Vulnerability Management for Risk Mitigation
Friday, November 15, 2013
Skybox challenges the assumption that scanning is the best way to discover vulnerabilities. Skybox’s next-generation solution for vulnerability management utilizes non-disruptive, scanless technology that analyzes information repositories available in every enterprise—typically patch management and asset management systems—to automatically and accurately deduce vulnerability data on all network nodes.
How Efficient Is Your Vulnerability Management System? Five Questions Every IT Manager Must Ask
Wednesday, November 6, 2013
It's important to take a step back and make sure you are getting the most out of your current solution. How do you know if your VM process is providing optimal coverage, speed and accuracy? If not, your network could be at risk and you could be wasting time and money, and jeopardizing compliance.
Skybox Vulnerability Detector
Wednesday, August 8, 2012
Skybox Security recently announced a ‘next-generation’ solution for vulnerability management that detects network vulnerabilities in an automated and non-disruptive manner, without an active scan. Since then, industry analysts and media have asked many questions about this feature, its advantages, and how it works.
Vulnerability Management – why is a next-generation solution needed?
Wednesday, July 25, 2012
In every industry, there comes a time when the existing technology cannot be stretched further to answer the market needs. As a clear, widening gap is identified, next-generation solutions emerge.
Survey reveals pitfalls of traditional vulnerability scanners
Monday, July 9, 2012
The survey of medium to large enterprises revealed that nearly all (90%+) of companies have a vulnerability management program in place, and the main objectives of scanning activities is to reduce security risk level and proactively prevent threats before they happen. Yet nearly half consider their networks to range from “somewhat” to “extremely” vulnerable to security threats – and 49% of companies surveyed reported experiencing a data breach or cyber attack in the past six months.
Combating APTs – Are there gremlins in your network?
Friday, September 9, 2011
Are you being kept awake at night worried about the possibility of network gremlins, aka Advanced Persistent Threats (APTs), running loose in your network? If so, you are not alone.
February 2, 2017
Shamoon is back in the Middle East, but what lessons were learned from it's last attack? Here's 5 steps to recover from a data breach learned the hard way after the 2012 attack on Aramco.