Skip to content

One chapter has closed - Skybox Security is no more

skybox security no more Yesterday, 24th February 2025, I received the heartbreaking news that one of the cybersecurity vendors I had worked with since 2006, Skybox Security, has closed its doors.

The announcement came as a shock, first shared with employees on a call and later communicated to channel partners via email. Skybox Security was once a visionary company, yet it has now faced an unfortunate end.

My thoughts are with all the former employees whose lives have been suddenly disrupted. I sincerely wish them strength and resilience in navigating this transition and finding new opportunities that match their talents and expertise.

Let’s take a moment to reflect on Skybox Security’s journey and the lessons to be learned.

The company history

The Skybox Security was founded as SecLucid by two visionaries of our industry Gidi Cohen and Eran Reshef.

Key Milestones in Skybox Security’s History:

  • 2002: Skybox Security was founded with the goal of addressing complex cybersecurity challenges by offering innovative solutions.
  • 2004: The company introduced the first commercially available cyberattack simulation engine, which became a cornerstone of its offerings.
  • 2006: Responding to new regulatory requirements like Sarbanes-Oxley and PCI compliance, Skybox launched its Security Policy Management solution to help organisations streamline compliance and strengthen security controls.

Achievements and Recognition

Skybox has received industry accolades for its solutions, including being recognised as the best Vulnerability Management solution by SC Magazine. Its platform is widely adopted by enterprises and governments for managing complex security environments.

Technology

At the time when Skybox was established, the IT security controls were mostly concentrated towards the network security. The security and compliance teams needed a firewall and network compliance tool to:

  • review of firewall rules
  • see the rule usage
  • optimise the ruleset (redundant and shadow rules)
  • assess network security policy
  • monitor for changes to the firewall rulesets and objects

Business Justification for a tool like Skybox

As a partner of Skybox Security, I have created the 'business justification' document, independent of Skybox. This may be useful for someone looking for a similar tool.

Modules that Skybox offers and relevant stakeholders:

Skybox Platform Modules

  • Firewall Assurance (FA) - functions useful for both cybersecurity, firewall service owner, and firewall admin team - analyse secure configuration, rules and access between firewall zones, optimise firewall rule base.
  • Assurance (NA) - allows to build a network model, both on-premises and cloud, that is allows zone-based compliance assessments
  • Change Manager (CM) - uses data from FA and NA to analyse planned firewall changes for technical implementation, and security policy compliance implications
  • Controls (VC) - performs virtual attack simulations and shows which vulnerabilities should be remediated first, including compensating controls. This typically reduces number of actionable vulnerabilities in an organisation to just 1%

Benefits To Stakeholders

Firewall Service Owner

  • Increase internal customer satisfaction by shortening analysis of firewall changes through automation. Skybox together with our application management can provide semi or fully automated assessment of FW changes.
  • Obtain assurance, through Foresight Cyber reporting, that only firewall changes that were requested through ServiceNow were implemented in Skybox, catching any 'unauthorised' ones
  • Receive reports of the firewall platforms' secure configurations, and their compliance with the firewall secure configuration standards, across vendor products (Skybox support all major firewall vendors, such as but not limited to PaloAlto, FortiGate, Cisco ASA and, Checkpoint)
  • Obtain reports of the firewall platforms' rules compliance with your firewall policy
  • Save resources by getting proactive remediation orchestration support for non-compliance issues resolution discovered in above reports as Foresight Cyber issues remediation tickets to firewall service providers. My estimate is that you would need a full time PM/FW expert to handle the workload to remediate current non-compliance. FIREWALL ADMINISTRATORS
  • Change Manager allows firewall admins to understand better HOW to update a firewall rule-base to match the firewall change request. From experience this is one of the trickiest and error-prone activities. A misconfiguration can also lead to a security breach (consider an existing object being used in a new rule, but the object contains more hosts than need access).
  • Firewall Assurance allows firewall admins to see firewall compliance issues and possible optimisations for each firewall

Solution Architects

  • See a network map and better analyse how their new system needs to communicate and if the connectivity is already there or needs to be requested. From my experience as a solution architect this is a time-saver.

Network Service Owner

  • There is huge benefit of seeing 'near-live' snapshot of the network configuration, topology and external connections. No amount of manual labour using Visio will deliver the same benefit.

3rd Party Connectivity Service Owner

  • Specifically, for the 3rd party connectivity process, modelling all 3rd parties in the Skybox network model as individual connections gives an assurance that an external perimeter is protected - important for CIS Controls 9 and 14

IT / Cyber / OT Security

  • Get assurance that the Firewall policy, specifically zone to zone access restrictions, is being used in the configuration of firewalls, and any critical issues are discovered and pushed into a triage decision process
  • Get assurance that firewall changes' compliance assessment is running as agreed with the firewall service owner
  • Score vulnerabilities in line with the company’s vulnerability management policy to allow for required variations
  • By performing virtual vulnerability attack network simulations, greatly reduce number of vulnerabilities that need an urgent remediation attention

IT INFRASTRUCTURE OWNER

  • Obtain assurance that all firewall and all network devices are correctly documented in ServiceNow CMDB - lifecycle, key attributes, resolver group – delivered by Foresight Cyber