FORESIGHT CYBER SKYBOX SERVICES

FORESIGHT CYBER SKYBOX SERVICES

Skybox Management by trusted professionals

… supported by the Skybox executive leadership team

For details on our Skybox 360 Assessment service please click here.


Skybox Technical Application Management Service

SB-TAMS.png

Technical management of Skybox servers and collectors, ensuring the application is available, updated/upgraded and with adequate capacity. This service is aligned with the former Skybox AMS delivering seamless transition from Skybox AMS into a more advanced service.

  • Operating system management - full management of operating system running Skybox server(s) and collector(s) application, ensuring they are managed correctly and up-to-date

  • Availability and capacity management - monitoring of Skybox servers and collectors using the Foresight Cyber Platform

  • Skybox software updates - our teams monitor for applicable Skybox application releases and initiate an update process aligned to a client’s change management requirements.

  • Licence monitoring & management - We monitor the number of objects in the model, comparing to purchased licences. When a threshold is reached (typically 80%) the client is notified.

  • Backup and Restore - We ensure that the Skybox data, scripts and any other files required for the Skybox application are properly backed up. The restore is tested annually.

  • User & Access Management - Our service builds on the initial setup and ensures that organisational changes are correctly reflected in the Skybox user access control design.


Skybox Functional Application Management Service

SB-FAMS.png
 
 
example of a business assets model in Skybox

example of a business assets model in Skybox

Managing the Skybox application and data within it ensuring the collections, model, asset data, analyses and exports are correct in order to demonstrate business value.

  • Network Model - We continually monitor and manage the Skybox model to ensure that the “Locations & Networks” structure correctly represents the client’s network sites. Additionally, we ensure the Skybox model is validated, thus representing the actual network topology.

  • Lifecycle of network devices in Skybox model - The model is updated whenever a network device is either added or removed from the network.

  • Network Maps - Network maps of the model are produced which provides up-to-date and well-presented view for the organisation’s network and, if appropriate, each individual site.

  • Business Asset Model - We replicate the IT business structure to Skybox in order to allow advanced reports and queries. Assets cab be grouped based on any given attribute in the Skybox data model, including user defined attributes, e.g. AWS tags.

  • CMDBs Imports & Correlations - For Skybox to deliver the business value, it needs network assets to be enriched with CMDB information. As part of this service, we connect supported CMDBs to Skybox and setup imports of selected data objects and attributes to the model. This service identifies and reports on any variances between data in the CMDB and that discovered on the network. Service tickets can be created for action by the IT team.

  • FA & NA Policies - We maintain two firewall and network configuration policies – standard and high-security, respectively. Imported firewalls are organised into ‘visual’ folders. Network zones containing interfaces, networks and cloud tags are created and maintained.

  • Task Management - We monitor all tasks, analyse errors detected and initiate rectification workflows. Our team also manage all tasks and tasks sequences.

Optional service

Review of client’s network maps for accuracy - It is understood that maintaining precise network diagrams is a manual and error-prone activity. Consequently, we conduct a quarterly review of the client’s network Visio maps - often maintained by network teams - for accuracy against the model. The benefit of this service is the high precision of documentation.


Skybox Remediation Management Service

SB-RM.png

Foresight Cyber offers a remediation management service to assist the internal support teams, in effect becoming an extension of the client’s security operations team: working together to ensure effective policy compliance and lower security risk.

Zone compliance - We monitor violations of network zone policies and raise incident tickets as agreed by customer.

Firewall rules compliance - We analyse firewall rule bases for compliance irrespective of zones, taking into account the client’s firewall policies.

Vulnerability remediation - We take the client’s vulnerability management policy, use Skybox to analyse vulnerabilities, and raise incident tickets to remediate. Typically, remediation is organised by patches, operating systems or sites; as agreed with the client. Tickets raised are fully managed to ensure that slow delivery or lack of remediation by IT teams or service providers are significantly reduced.

Firewall rules re-certification - We manage firewall rule re-certifications (a functionality in Skybox Change Manager) and manage the workflow. The re-certification is a process mandated by firewall management best practices, and essentially reconfirms whether a firewall rule is still valid.

FW changes assessments - As part of this service, we are able to analyse firewall requests and provide compliance and risk scores. This workflow can be undertaken before or after firewall changes. (The service requires Skybox Change Manager for up-front assessments).

Network/Firewall hardening - As part of this service we analyse network devices against agreed hardening standards.