The deliverable of the Skybox health check is a report showing current state, optimal state and suggested improvements to cover the areas below.


Platform Assessment

Our platform assessment service looks at how the operating system and Skybox application are installed, managed, secured and backed up.

Operating system management and platform security

We check the operating systems of Skybox servers and collectors are managed correctly and are up to date. We will also check the security access for the IT staff managing the Skybox servers.

Availability and capacity management

We check the process, technology and people controls related to the monitoring of the availability of your Skybox application. This includes Disk space, CPU usage, memory usage, network capacity and database IOPS for both Skybox servers and collectors, and integration with other key systems (such as DNS, email, Internet access). We will advise the customer of any sizing issues and optimisations.

If Skybox is configured in High-availability state (HA), we also check that its health and recovery process is related to any high-availability issues.

Licence management and monitoring

We will check the number of objects in the model, compared them to purchased licenses, and produce an analysis of optimal licenses needed for the current use cases.

Skybox software updates and upgrades

We assess your processes to keep Skybox applications up to date – both on server and client sides. This includes an assessment of how the company monitors for available Skybox application updates and initiates an update process.

The key areas we check:

  • Keeping Skybox server(s) and all collectors up to date to minor versions: an SLA should be agreed with respect to versions and speed of updates

  • Upgrading to new major versions - an SLA should be agreed with respect to versions and speed of upgrades

  • Upgrading the ISO version of a Skybox appliance (where applicable) - an SLA should be agreed with respect to versions and speed of upgrades

  • Testing updates and upgrades in a test environment

Backup and restore

We assess your ability to restore Skybox service within acceptable RTO with agreed RPO and accompanied documentation.


Application and Data assessment

This part of the assessment looks at data quality processes in Skybox, model validation, collection tasks and processes to ensure timely resolution of any application and data issues. Where a CMDB is in place, we also assess reconciliation processes between the CMDB and Skybox database.

Skybox network model maintenance

The key success criteria in any Skybox deployment where a network model is licensed (NA and/or VM modules) is a fully network validated Skybox model. We will assess the current network validation status as well as processes pertaining to keeping the model validated. Some aspects we look at:

  1. The “Locations & Networks” structure is correctly representing the client’s current Layer 3 networks

  2. The Skybox model is validated, and the validation progress is measurable

  3. Processes to bring the network model from an invalidated to a validated state

  4. Whether any regular reviews of the network architecture with your network teams have happened to assert that the Skybox network model is accurate

Maintenance of Skybox network maps

A visual representation of the Skybox model using network maps presents an advantageous feature. We will assess the map maintenance process in Skybox.  

The key areas we assess are:

  1. The maps are available for users to view

  2. The maps are up to date with the latest network and asset model changes

CMDB imports & correlations

For Skybox to deliver the business value, it needs assets to be enriched with CMDB metadata. As part of this assessment, we review frequency, scope of imports and follow up correlation of CMDB metadata to Skybox.

This includes technology and process review, especially to ensure that the CMDB data is imported correctly and delivers business value.

On-boarding and decommissioning of network devices

The quality of the network model is directly dependent on collections of configurations from all L3 network devices. We will assess your processes to ensure that network devices, that build network model, are properly on/off-boarded. This is especially important for devices being on-boarded, i.e. new L3 devices taken from provision state to production state in CMDB.

Business asset model

Grouping of assets to business asset groups allows for multiple viewpoints on the vulnerability data, aiding stakeholder reporting. We will assess your Business Asset Grouping structure and associated processes to keep the structure up to date and relevant.

Firewall and Network Assurance policies management

Where FA and NA licenses have been purchased, we will assess policies and zones, as well as associated processes to keep these up to date.

The policies are of type:

  • Access policy – Zone From-To policy, typically used for zone-to-zone access rules. Access policy requires zones assigned to interfaces on firewalls

  • Rules policy – zone agnostic rules related to firewall rules

  • Configuration policy – configuration security hardening of firewalls & routers

Management of Skybox tasks

As part of this assessment, we will review processes to ensure tasks are maintained and monitored correctly, as well as current setup of tasks and tasks sequences. The process review will cover:

  • Adding new import and collection tasks

  • Changing existing tasks

  • Modifying tasks sequences and schedules

  • Removing jobs no longer needed

  • All tasks are running as per agreed plan without errors

  • Changes to tasks are made within the agreed SLA

Skybox User, Roles and Access rights management

Usually, Skybox is setup and configured as part of the project phase, and this includes the right access roles and users. Our review will ensure that organisational changes are correctly reflected in the Skybox user access control design.


Skybox usage Processes Assessment

This area of the assessment looks at how the Skybox analysis results, reports and metrics are used in your organisation to drive the company’s cyber security and other processes.

The key areas included in our assessment are:

  • Reports created and their distribution

  • User satisfaction with the reports content, usefulness, and format

  • Integration with other cyber security and IT tools

  • Any metrics related to key Skybox capabilities, such as vulnerability management and network assurance

  • Perceived and potential (gap) value of Skybox


People engagement and knowledge assessment

The planned value of the investment in Skybox is only going to be delivered if the people using it, and its results, are engaged and trained.

In our 360 Assessment, we will interview key stakeholders to obtain their feedback and assess their level of knowledge of the Skybox software, its reports and any reliance on the Skybox analysis.