Skybox

Release Notes

8.0.200
Revision: 12

 Copyright 2002-2016 Skybox Security, Inc. All rights reserved.

This documentation contains proprietary information belonging to Skybox
Security and is provided under a license agreement containing restrictions on use
and disclosure. It is also protected by international copyright law.
Due to continued product development, the information contained in this
document may change without notice. The information and intellectual property
contained herein are confidential and remain the exclusive intellectual property of
Skybox Security. If you find any problems in the documentation, please report
them to us in writing. Skybox Security does not warrant that this document is
error-free.
No part of this publication may be reproduced, stored in a retrieval system, or
transmitted in any form or by any meanselectronic, mechanical, photocopying,
recording, or otherwisewithout the prior written permission of Skybox Security.
Skybox, Skybox Security, Skybox Firewall Assurance, Skybox Network
Assurance, Skybox Vulnerability Control, Skybox Threat Manager, Skybox
Change Manager, Skybox 5000W/5500/6000 Appliance, are trademarks and
registered trademarks of Skybox Security, Inc.
All other trademark and registered trademark products mentioned in this
document are the property of their respective owners.
Skybox Security, Inc.
https://lp.skyboxsecurity.com/ContactMe1.html
North America: +1 866 6SKYBOX
Austria, Germany, Lichtenstein & Switzerland:+49 6251 586 9975
France & Belgium: +33 6 1957 7167
UK & Europe: +44 0 20 7997 6066
Global: +1 408 441 8060
Email: [email protected]

Contents
Introduction ......................................................................................... 4
Whats new in this version ................................................................... 5
Skybox
Skybox
Skybox
Skybox

platform ....................................................................................... 5
Horizon ........................................................................................ 6
Firewall Assurance ......................................................................... 6
Change Manager ........................................................................... 7

Whats new in previous versions .......................................................... 8

Skybox platform ....................................................................................... 8
CVSS v2 to CVSS v3 .......................................................................... 12
Skybox Firewall Assurance ....................................................................... 12
Skybox Network Assurance ...................................................................... 13
Skybox Change Manager ......................................................................... 13
Skybox Vulnerability Control .................................................................... 14

Skybox version 8.0.200

Chapter 1

Introduction
This document includes information about new features and updates in Skybox
version 8.0.200. This release notes includes a feature list for this version as well
as a list for previous versions (7.5.500 and up).

About Skybox products

Skybox Securitys powerful risk analytics platform provides security teams with
continuous intelligence about vulnerabilities and network security risks, with no
network disruption.
Skybox solutions prioritize the most critical risks in minutes, and provide
detailed remediation options.
Skybox solutions automate the complex security management processes
required to maintain security controls and eliminate attack vectors, filtering
out irrelevant data and delivering accurate results in a fraction of the security
management time.
For more details see the Skybox Security website and the product
documentation, which is available at:
http://downloads.skyboxsecurity.com/files/Installers/Skybox_View/8.0/8.0.100/
Docs

Skybox version 8.0.200

Chapter 2

Whats new in this version

This section includes information about new features and updates in Skybox
version 8.0.200.

In this chapter
Skybox platform ................................................................... 5
Skybox Horizon .................................................................... 6
Skybox Firewall Assurance ..................................................... 6
Skybox Change Manager ....................................................... 7

Skybox platform
New connectors
The following new connectors were added:
HP Network Automation
Asset Management - HPNA tasks retrieve configuration data from HP
Network Automation management systems and add the data to the current
model.

Enhanced collectors
Juniper SSL VPN
Collection for these devices is now available via the Import - Juniper Ssl
Vpn Parser Collection task.

End of life information

The following table explains the current EOL policies for Skybox.
Function

Description

End of Life
Announcement

End of Life

Skybox version
7.5

End of life for Skybox

version 7.5. After this
date, no fixes will be
provided for this version.

February 2016

February 2017

Skybox
dictionary
updates for
version 7.5

End of publishing of
Skybox dictionary for
version 7.5.

February 2016

February 2017

Skybox version 8.0.200

Skybox Release Notes

Function

Description

End of Life
Announcement

End of Life

32 bit support
for Skybox
Collector

Skybox Collector will be

supported only on 64bit
OS architectures

February 2016

August 2016

Axis1

Skybox has released SOAP February 2016

API using AXIS2 in version
7.5. With the EOL of
version 7.5, AXIS1 will not
be supported anymore.

February 2017

Skybox Horizon
Skybox Horizon is a new Skybox application that gives unprecedented visibility of
the attack surface, including all Indicators of Exposure (IOEs). Its a powerful
security visualization and mapping tool that uses intelligence and insight gained
from Skyboxs analysis of all the layers that make up the attack surface
including assets, network topology, weaknesses and threats. Horizon supports
executive reporting and makes it easier for operational teams to understand and
discuss security risks and cyberthreats, and to strategize remediation options.
With Skybox Horizon, you can:
Create a visual representation of your organizations attack surface
Show which Indicators of Exposure that put your organization at risk
Show how attack vectors can potentially impact the business with a map of
network topology that incorporates the structure of the organization, including
geographic sites, business units, gateways, network connections and more
Use interactive tools to expand and collapse information, zoom in, and drill
down to specific sites for quick summaries
View multiple layers of information with sliders that change the display
according to severity and detail level
Skybox Horizon is available at the following address, where <server> is the full
path name or IP address of the Skybox Server machine:
https://<server>:8443/skybox/#Horizon

Skybox Firewall Assurance

New Configuration Policy
Configuration Policy v7 replaces previous Configuration Policies in Skybox
Firewall Assurance. Several of the Configuration Checks were improved.

Skybox version 8.0.200

Chapter 2

Whats new in this version

Skybox Change Manager

New look and feel
Skybox Security is upgrading the look and feel of Change Manager with a new
logo and a new, fresh color palette.
Although this may seem like a major change, from a technical point of view, it
is a minor code change, and does not change existing functionality.
The following is a screen shot of Change Manager, to demonstrate the change.

If you customized the logo of Change Manager, you need to redo it (in Tools
> Options > Server Options > Change Manager Settings > Display
Settings).

Object search by IP/Port

The object search was extended and now enables you to search by the content of
objects, that is, by IP addresses or ports (in addition to searching by object
names). You can search by objects which contain the searched value, intersect
with it, or exactly match it.

Skybox version 8.0.200

Chapter 3

Whats new in previous versions

This section includes information about new features and updates in previous
Skybox versions 7.5.500 and higher.

In this chapter
Skybox platform ................................................................... 8
Skybox Firewall Assurance ................................................... 12
Skybox Network Assurance .................................................. 13
Skybox Change Manager ..................................................... 13
Skybox Vulnerability Control................................................. 14

Skybox platform
Asset attributes
Skybox now provides the ability to include business attributes for assets. There
are predefined business attributes such as owner, site, business function, etc. In
addition, custom attributes can be defined to suit organizational needs.
The attributes can be retrieved by iXML or be defined manually. You can define
asset analyses based on predefined and custom attributes. For example, you can
define an analysis to show all assets for a specific owner.
This feature enables organizations to use Skybox as a centralized management
platform for the network, including the different assets in it.

Regular expression support in analyses

All analysis types were enhanced and now support full regular expressions for
string fields. Users may continue to use string values (including wild cards) in
these fields or use the full regular expression.
The
icon in a string field indicates that the value of the field is interpreted
as a text string.
The
icon indicates that the value of the field is interpreted as a regular
expression.

New Admin user roles

The following 2 new user roles are now available:
Admin Assurance: A new, dedicated administrative role for Firewall
Assurance, Network Assurance and Change Manager. These users cannot log
in to Vulnerability Control or Threat Manager and therefore cannot perform
any actions on these modules.
Skybox version 8.0.200

Chapter 3

Whats new in previous versions

Admin Vulnerability Control: A new, dedicated administrative role for

Vulnerability Control and Threat Manager. This role cannot log in to Firewall
Assurance, Network Assurance, or Change Manager and therefore cannot
perform any actions on these modules.

CSV Analysis Export tasks

The CSV Analysis Export task was enhanced and now enables you to select
the relevant CSV columns.

New connectors
The following new connectors were added:
Alteon load balancer
Load Balancers Alteon Collection tasks retrieve configuration data from
Alteon load balancers and add the data to the current model.
BMC BladeLogic Network Automation
Asset Management BNA Collection tasks retrieve network device
configuration data from BNA data centers and add the data to the current
model.
Import CMDB CSV
Import Generic CMDB CSV Parser tasks import configuration data of
Business Asset Groups from CSV files.
Alcatel-Lucent VPN Firewall Brick
The connector supports a parser script located at:

<Skybox_Home>\intermediate\bin\parsers\firewalls\brick\BrickPar
ser.pl

Enhanced connectors
Asset Management Amazon Web Services Collection
This task has been updated and can now create reflection firewalls.

New connectors
The following new connectors were added:
WSUS
Asset Management WSUS Collection tasks retrieve configuration from
Microsoft WSUS management systems and add the data to the current model.
Cisco WLC (Cisco wireless connector)
Wireless Controller Cisco WLC Collection tasks retrieve configuration
data from Cisco wireless LAN controllers and add the data to the current
model.
IBM z/OS
Skybox supports a parser script located at:

<Skybox_Home>\intermediate\bin\parsers\System_Management\zOS\zO
SParser.pl

Enhanced connectors
Import Generic CMDB CSV Parser
Skybox version 8.0.200

Skybox Release Notes

This task has been updated and now supports custom fields.

Online manuals
All manuals are now available online from Help > Online Manuals. They are no
longer included as part of the installation package. No changes were made
regarding how to access the help (Help > Skybox Help).

New Java version

The Java library used in Skybox was upgraded to a recent release of Java 8.

New look and feel

Skybox Security is upgrading its look and feel with a new logo and a new,
fresh color palette.
Although this may seem like a major change, from a technical point of view, it
is a minor code change, and does not change existing functionality.
The following is a screen shot of the GUI, to demonstrate the change.

OS support
Support was added for Windows 10, CentOS v7, and Red Hat Linux v7

Support for CVSS v3 in Skybox v8.0

All vulnerabilities published until Dec 31st, 2015 are based on CVSS v2, and
will continue to be based on CVSS v2 even when updates are added.
New vulnerabilities published after January 1st, 2016 are based on CVSS v3.
Note: When using Skybox v7.5 or before, all vulnerabilities are based on
CVSS v2.
This change applies to all aspects of Skybox including Change Manager, web
API, and CSV exports.
The table in the following topic summarizes differences between CVSS v2 and
CVSS v3.

Web API
Starting from 7.5.400, Skybox platform's Web API works with JAX-WS,
although the Web API with Axis-1 is still supported.
Skybox version 8.0.200

10

Chapter 3

Whats new in previous versions

The Web API for 8.0.100 supports vulnerabilities in CVSS v2 or v3 the same
way that the GUI does (see above).
The Web API for 8.0.100 includes a header which supports doing work (such
as submitting and updating change requests) on behalf of a different user.
When this header is used, the actions performed are logged under the
selected user.

New connectors
Router Avaya ERS
Router Enterasys
Generic Import Linux Packages Parser
Import Raw Config

Enhanced collectors
Tripwire IP360 scanners (previously nCircle)
Collection for these scanners is now available via the Scanners Tripwire
IP360 Collection task.

Task sequences
Task sequences are now created using a wizard. Most task sequences are created
by selecting the Basic type in the wizard; sequences for change tracking and
firewall auditing should be created using the Firewalls Triggered Collection
and Analysis type.

Upgrade from v7.0.xxx

If you are upgrading to this version directly from v7.0.xxx and you have changed
the Server certificates, refer to the topic When upgrading to Skybox version
7.5.xxx in the following document for instructions:
http://downloads.skyboxsecurity.com/files/Installers/Skybox_View/7.5/7.5.60
0/Docs/Skybox_InstallationAndAdministrationGuide_V7_5_600.pdf

Skybox version 8.0.200

11

Skybox Release Notes

CVSS V2 TO CVSS V3
The following table summarizes the differences between CVSS v2 and CVSS v3.
Blue text indicates name changes; green text indicates values that were added or
removed.

Skybox Firewall Assurance

Rule usage analysis for Cisco firewalls
Rule usage analysis for Cisco firewalls is now supported using the data retrieved
directly by the Cisco device command (that is, show access-list) in addition to
data retrieved from syslog.
The collection task was extended and now enables you to select whether to
retrieve the hit counts of the access rules in addition to the configuration of the
device.
Rule usage analysis is then immediately available with the collection of the
firewalls.

Exception CSV task

A new task, CSV Exception Export, exports all types of exceptions from
Skybox to CSV. This task enables you to save CSV reports of the exceptions in
the model on a regular basis.
Skybox version 8.0.200

12

Chapter 3

Whats new in previous versions

Triggered collection
The main collection and firewall analysis tasks and task sequences were
enhanced and can now be activated on changed firewalls only, rather than on all
firewalls regardless of whether their configuration has been changed or not.
This enables near real time change tracking with full change tracking only on
firewalls that were updated, and near real time compliance levels. Since firewalls
with no changes are not collected or analyzed, firewall auditing is much more
efficient and quicker.

Skybox Network Assurance

Exception CSV task
A new task, CSV Exception Export, exports all types of exceptions from
Skybox to CSV. This task enables you to save CSV reports of the exceptions in
the model on a regular basis.

Network Map dynamic scope

The scope of network maps was enhanced and now uses a dynamic list of
criteria; the same scope criteria as can be used in creating Business Asset
Groups. For example, organizations can now create maps of all assets that have
a specific business function, or all assets that run a specific service on a certain
location. The map is continuously updated with all the assets that match the
criteria.

Triggered collection
The main collection and firewall analysis tasks and task sequences were
enhanced and can now be activated on changed firewalls only rather than on all
firewalls regardless of whether their configuration has been changed or not.
This enables near real time change tracking with full change tracking only on
firewalls that were updated, near real time compliance level, and shorter nightly
task cycles. Since firewalls with no changes are not collected or analyzed, firewall
auditing is much more efficient and quicker.

Skybox Change Manager

Change Manager APIs
A new set of API methods is now available to support Change Manager use
cases. These API methods enable users to add, modify, delete, or retrieve
change requests of all types (other than Recertify Rule) as well as add, delete or
retrieve the derived requests of Access Update requests.
In addition the API methods enable users to retrieve the generated commands of
the derived requests and retrieve the verification details of the Add Rule and
Modify Rule change requests (that is, the matching access rules that were added
or modified as a result of these requests).

Skybox version 8.0.200

13

Skybox Release Notes

Network mode routes for specific firewalls

The Routes action (when Change Manager is used in network mode) was
extended. It is now also supported for selected firewalls in Access Update derived
requests. That is, if a user selects 1 of the derived requests of an Access Update
request and clicks Routes, Skybox shows the list of routes in which the firewall
from that derived request participates.

Skybox Vulnerability Control

Network Map dynamic scope
The scope of network maps was enhanced and now uses a dynamic list of
criteria; the same scope criteria as can be used in creating Business Asset
Groups. For example, organizations can now create maps of all assets that have
a specific business function, or all assets that run a specific service on a certain
location. The map is continuously updated with all the assets that match the
criteria.

Skybox version 8.0.200

14